A systematic approach to a quantitative vulnerability assessment for BYOD system variables through the discovering of threats

    Student thesis: Doctoral Thesis


    As a result of the emergence of new technologies and application features in mobile devices.Personal own mobile devices have become part of one’s daily life activity including accessingan organisation’s network for resources, such as documents and applications. For this reason,security metrics should be used as a mechanism for investigating the security risk level of thissystem. The complexity in monitoring, identifying and evaluating the growing number of security risk on computing systems is on the increase. Hence, the potential of security evaluation inadequacy defies standard security risk measurement as organisations find it increasingly difficult to predict the security level of a system as well as to accomplish its security goals. Existing security measuring methods which are mainly centred on security analysis fails to address the systematic classification of security metrics for a BYOD employed network and its variables. Although security metrics use quantitative measurement there is often a lack of information on BYOD variable and existing BYOD security measurements are based on static qualitative methods. Another limitation is that they do not provide an inclusive knowledge about the degree of vulnerabilities associated with a particular BYOD variable according to their attack impact on the network and its users.

    This research offers a novel systematic metrics approach used in scoring BYOD variables that match organisations and individual users need, by integrating appropriate available metrics input about known and unknown vulnerabilities in safeguarding a BYOD environment. This thesis is made up of three core contributions: firstly, it proposes a BYOD Absolute Score metrics (BASmetric) framework which focuses on quantitatively ranking the security risk level of both an organisation and its BYOD user by integrating probability theory and user induce severity rule with support from security attribute taxonomy. This metrics framework is for measuring vulnerabilities and aimed to quantify an organisation and its BYOD systems vulnerabilities through their security attributes, host-level (operating system ) vulnerabilities.

    Also, the proposed framework has been applied to different domains(known and unknown vulnerabilities) which resulted in the second and third contribution. The second contribution is the systematic classification of the framework used to measure a BYOD known vulnerability information on an employed organisation variable(security policy, technology and users).it also shows the vulnerability severity level of a present BYOD system by producing an absolute value. The final contribution is the BYOD Absolute Score framework principle being used in assessing the steps involved in measuring the unknown vulnerability level of a BYOD variable based on organisation security attributes and produce a practical understanding absolute value. In addition, using different network security metrics the overall results show that the proposed approach produces better outcomes compare to preceding ones that consider network security level in whole without measuring the BYOD systems variable. Furthermore, BAS metric calculation shows a practical way to label and evaluate vulnerabilities for improved systems performance.
    Date of AwardJan 2019
    Original languageEnglish
    Awarding Institution
    • University of Portsmouth

    Cite this