An early application of the Bell Labs Security framework to analyze vulnerabilities in the Internet telephony domain

The Bell Labs Security Framework provides a comprehensive matrix that can be used to evaluate the security of an application (service), host, protocol, or communication link. The methodology has been used to assess the security of information technology (IT) and telecommunications services, as well as technologies such as Institute of Electrical and Electronics Engineers (IEEE) 802.11. The goal of this paper is to provide systems designers and researchers with a methodology to gauge where the Internet telephony industry, products, and protocols are in terms of security with the hope of prioritizing future needs and establishing a baseline measurement for potential changes. The methodology itself consists of cataloging a body of observed attacks against Internet telephony systems over the standard definitions from the framework. This is an early work that aims to quantify where in the framework security attacks on Internet telephony infrastructure appear. We envision that on the basis of data collected over a prolonged period, it will be feasible to determine the set of intersection of the layer and plane at which such attacks are clustered and thus proactively put safeguards in products to thwart such attacks. © 2007 Alcatel-Lucent. that the probability of the various outcomes be known, and therein lies the problem: "We need more data about vulnerabilities and threats, especially about outliers, rare events, and exposure to catastrophic attacks." Today's software is a highly complex ecosystem that contains many interacting components. It is quick to evolve and increasingly distributed, and our dependence on it increases daily, raising new questions on security and privacy. Can we quantify the loss of privacy? Can we predict the impact of insecure software? To do so we need a good amount of empirical data and, as Cybenko believes, a new science for estimating, extrapolating, and inferring the