Sasith Rajasooriya

Work place: Independent Researcher

E-mail: sasith@mail.usf.edu

Website:

Research Interests: Computer systems and computational processes, Computer Architecture and Organization, Data Structures and Algorithms

Biography

Sasith Rajasooriya is an independent researcher currently. He was a former lecturer in Department of Mathematics at University of Dayton, Ohio, USA. Sasith obtained his Ph.D. in statistics from the University of South Florida, Florida, US. He has a M.Sc. in mathematics from Georgia Southern University, Georgia, US, and a degree in business administration from University of Sri Jayewardenepura, Sri Lanka. Sasith is also an attorney-at-law in the Supreme Court of Sri Lanka. He has authored and co-authored several publications in the area of cybersecurity, statistical modelling and sustainability education.

Author Articles
An Analytical Approach to Assess and Compare the Vulnerability Risk of Operating Systems

By Pubudu K. Hitigala Kaluarachchilage Champike Attanayake Sasith Rajasooriya Chris P. Tsokos

DOI: https://doi.org/10.5815/ijcnis.2020.02.01, Pub. Date: 8 Apr. 2020

Operating system (OS) security is a key component of computer security. Assessing and improving OSs strength to resist against vulnerabilities and attacks is a mandatory requirement given the rate of new vulnerabilities discovered and attacks occur. Frequency and the number of different kinds of vulnerabilities found in an OS can be considered an index of its information security level. In the present study we assess five mostly used OSs, Microsoft Windows (windows 7, windows 8 and windows 10), Apple’s Mac and Linux for their discovered vulnerabilities and the risk associated in each. Each discovered and reported vulnerability has an Exploitability score assigned in CVSS [27] of the national vulnerability data base. We compare the risk from vulnerabilities in each of the five Operating Systems. The Risk Indexes used are developed based on the Markov model to evaluate the risk of each vulnerability [11, 21, 22]. Statistical methodology and underlying mathematical approach is described. The analysis includes all the reported vulnerabilities in the National Vulnerability Database [19] up to October 30, 2018. Initially, parametric procedures are conducted and measured. There are however violations of some assumptions observed. Therefore, authors recognized the need for non-parametric approaches. 6838 vulnerabilities recorded were considered in the analysis.
According to the risk associated with all the vulnerabilities considered, it was found that there is a statistically significant difference among average risk level for some operating systems. This indicates that according to our method some operating systems have been more risk vulnerable than others given the assumptions and limitations. Relevant Test results revealing a statistically significant difference in the Risk levels of different OSs are presented.

[...] Read more.
Other Articles