Champike Attanayake

Work place: Department of Mathematical and Physical Sciences, Miami University, Ohio, USA

E-mail: c.attanayake@miamioh.edu

Website:

Research Interests: Computational Engineering, Computational Mathematics, Computer systems and computational processes, Computational Learning Theory

Biography

Champike Attanayake is an Associate Professor in the Department of Mathematics at Miami University, Ohio, where he has been a faculty member since 2008. Champike completed his Ph.D. at Bowling Green State University and his Master's degree at Michigan Technological University. His research interests lie in the area of Computational Mathematics, and statistical applications. He has collaborated actively with the researches in other disciplines, particularly Pedagogy, Finance, and Computer Security.

Author Articles
An Analytical Approach to Assess and Compare the Vulnerability Risk of Operating Systems

By Pubudu K. Hitigala Kaluarachchilage Champike Attanayake Sasith Rajasooriya Chris P. Tsokos

DOI: https://doi.org/10.5815/ijcnis.2020.02.01, Pub. Date: 8 Apr. 2020

Operating system (OS) security is a key component of computer security. Assessing and improving OSs strength to resist against vulnerabilities and attacks is a mandatory requirement given the rate of new vulnerabilities discovered and attacks occur. Frequency and the number of different kinds of vulnerabilities found in an OS can be considered an index of its information security level. In the present study we assess five mostly used OSs, Microsoft Windows (windows 7, windows 8 and windows 10), Apple’s Mac and Linux for their discovered vulnerabilities and the risk associated in each. Each discovered and reported vulnerability has an Exploitability score assigned in CVSS [27] of the national vulnerability data base. We compare the risk from vulnerabilities in each of the five Operating Systems. The Risk Indexes used are developed based on the Markov model to evaluate the risk of each vulnerability [11, 21, 22]. Statistical methodology and underlying mathematical approach is described. The analysis includes all the reported vulnerabilities in the National Vulnerability Database [19] up to October 30, 2018. Initially, parametric procedures are conducted and measured. There are however violations of some assumptions observed. Therefore, authors recognized the need for non-parametric approaches. 6838 vulnerabilities recorded were considered in the analysis.
According to the risk associated with all the vulnerabilities considered, it was found that there is a statistically significant difference among average risk level for some operating systems. This indicates that according to our method some operating systems have been more risk vulnerable than others given the assumptions and limitations. Relevant Test results revealing a statistically significant difference in the Risk levels of different OSs are presented.

[...] Read more.
Other Articles