Home // International Journal On Advances in Security, volume 2, number 1, 2009 // View article


Software Vulnerability vs. Critical Infrastructure - a Case Study of Antivirus Software

Authors:
Juhani Eronen
Kati Karjalainen
Rauli Puuperä
Erno Kuusela
Kimmo Halunen
Marko Laakso
Juha Röning

Keywords: Vulnerabilities, critical infrastructure, dependency analysis, antivirus software

Abstract:
During the last decade, the realization of how vulnerable critical infrastructures are due to their interdependencies has hit home with more gravity than ever. The abundance of vulnerabilities in the software that is widely used in critical systems could have escalating consequences. In this paper, we used the PROTOS MATINE model to systematically examine the scope of software systems used in critical infrastructure. Dependency analysis methods indicated antivirus software as a critical subject to study, as its use is mandated and as it processes data from malicious sources. We determined that antivirus software is by nature susceptible to various risks and has exhibited significant vulnerability, but the issue is neither widely recognized nor reported. Awareness on the drawbacks of AV software should be spread among the planners of the critical infrastructures. Due to inherent risks, the suitability of antivirus software in critical systems should be reconsidered on a system-by-system basis.

Pages: 72 to 89

Copyright: Copyright (c) to authors, 2009. Used with permission.

Publication date: June 7, 2009

Published in: journal

ISSN: 1942-2636