Sökning: onr:"swepub:oai:DiVA.org:bth-22100" >
Normalization Frame...
Normalization Framework for Vulnerability Risk Management in Cloud
-
- Ahmadi Mehri, Vida (författare)
- Blekinge Tekniska Högskola,Institutionen för datavetenskap
-
- Arlos, Patrik (författare)
- Blekinge Tekniska Högskola,Institutionen för datavetenskap
-
- Casalicchio, Emiliano (författare)
- Blekinge Tekniska Högskola,Institutionen för datavetenskap
-
(creator_code:org_t)
- IEEE, 2021
- 2021
- Engelska.
-
Ingår i: Proceedings - 2021 International Conference on Future Internet of Things and Cloud, FiCloud 2021. - : IEEE. ; , s. 99-106
- Relaterad länk:
-
https://bth.diva-por... (primary) (Raw object)
-
visa fler...
-
https://urn.kb.se/re...
-
https://doi.org/10.1...
-
visa färre...
Abstract
Ämnesord
Stäng
- Vulnerability Risk Management (VRM) is a critical element in cloud security that directly impacts cloud providers’ security assurance levels. Today, VRM is a challenging process because of the dramatic increase of known vulnerabilities (+26% in the last five years), and because it is even more dependent on the organization’s context. Moreover, the vulnerability’s severity score depends on the Vulnerability Database (VD) selected as a reference in VRM. All these factors introduce a new challenge for security specialists in evaluating and patching the vulnerabilities. This study provides a framework to improve the classification and evaluation phases in vulnerability risk management while using multiple vulnerability databases as a reference. Our solution normalizes the severity score of each vulnerability based on the selected security assurance level. The results of our study highlighted the role of the vulnerability databases in patch prioritization, showing the advantage of using multiple VDs.
Ämnesord
- TEKNIK OCH TEKNOLOGIER -- Elektroteknik och elektronik -- Datorsystem (hsv//swe)
- ENGINEERING AND TECHNOLOGY -- Electrical Engineering, Electronic Engineering, Information Engineering -- Computer Systems (hsv//eng)
Nyckelord
- Risk Assessment
- Vulnerability
- Cloud security
- Computer Science
- Datavetenskap
Publikations- och innehållstyp
- ref (ämneskategori)
- kon (ämneskategori)