7.17 LAB: Medical device vulnerability scoring

In this lab, you will complete the implementation of a Medical Device Vulnerability Scoring web page. The purpose of this web page is to return a score that numerically quantifies how vulnerable a specific vulnerability is to the particular attack. The properties of the system will be selected from a group of predetermined options, where each option is a styled radio button. Once options are selected for all possible properties, the web page will display the vulnerability score (and hide the warning label).

1. Implement a function called updateScore. This function must verify that one button from each property is selected.
2. Using JavaScript, add a click or change event listener to each radio button (Do not add the event listener to the button label). Notice that the radio buttons are hidden using CSS.
3. Once one button from each property is selected, the webpage should:
   • Hide the warning label by setting the display style of the

     with ID warning to none. Note: both none and hidden have similar visual effects, however none doesn't occupy any space, while hidden does occupy space, affecting the layout).

   • Compute the vulnerability score.
   • The score should be updated and displayed inside the

     with ID score.

4. The score must have a minimum of 0 and a maximum of 10.
5. The final score must be rounded up to the tenths decimal place, and displayed with one decimal place. Ex: If the final score is 7.311456, the score should be displayed as 7.4.
6. Once the score is being displayed, updating a property will automatically update the vulnerability score.
7. The score is computed as:

   • ScoreFinal=(Scopestatus)∗((3.326258289∗ScoreBase)+(1.1∗ScoreExploitability)), where the ScopeStatus,ScoreBase, and ScoreExploitability are calculated as:

     • If ScoreBase is 0, then ScoreFinal should be 0.

   • ScopeStatus(Selection)=

     Scope Status	Value
     Unchanged	1.0
     Changed	1.08

     • ScoreBase=BaseConfidentiality+BaseIntegrity+BaseAvailability, where:

     • BaseConfidentiality(LevelSensitivity,LevelConfidentiality)=

       • Sensitivity corresponds to rows, and Confidentiality corresponds to columns.

         Sensitivity / Confidentiality	None	Low	High
         None	0.00	0.22	0.56
         Low	0.00	0.65	0.75
         High	0.00	0.85	0.95

     • BaseIntegrity(LevelHealthImpact,LevelIntegrity)=

       • Health Impact corresponds to rows, and Integrity corresponds to columns.

         Health Impact / Integrity	None	Low	High
         None	0.00	0.22	0.56
         Low	0.55	0.60	0.75
         High	0.85	0.90	0.95

     • BaseAvailability(LevelHealthImpact,LevelAvailability)=

       • Health Impact corresponds to rows, and Availability corresponds to columns.

         Health Impact / Availability	None	Low	High
         None	0.00	0.22	0.56
         Low	0.55	0.60	0.65
         High	0.85	0.90	0.95

     • ScoreExploitability=AttackVector∗AttackComplexity∗PrivilegedRequired∗UserInteraction, where:

     • AttackVector(Selection)=

       Attack Vector	Value
       Network	0.85
       Adjacent Network	0.62
       Local	0.55
       Physical	0.20

     • AttackComplexity(Selection)=

       Attack Complexity	Value
       Low	0.77
       High	0.44

     • PrivilegeRequired(Selection)=

       Privilege Required	Value
       None	0.85
       Low	0.62
       High	0.27

     • UserInteraction(Selection)=

       User Interaction	Value
       None	0.85
       Required	0.62