Sökning: WFRF:(Axelsson Patrik) >
Towards Automated C...
Towards Automated Context-aware Vulnerability Risk Management
-
- Ahmadi Mehri, Vida (författare)
- Blekinge Tekniska Högskola,Institutionen för datavetenskap
-
- Casalicchio, Emiliano, Dr. (Associate professor/Docent) (preses)
- Blekinge Tekniska Högskola,Institutionen för datavetenskap,Sapienza University of Rome, ITA
-
- Arlos, Patrik, Dr. (preses)
- Blekinge Tekniska Högskola,Institutionen för datavetenskap
-
visa fler...
-
- Axelsson, Stefan, Prof. (opponent)
- Stockholm University
-
visa färre...
-
(creator_code:org_t)
- ISBN 9789172954595
- Karlskrona : Blekinge Tekniska Högskola, 2023
- Engelska 136 s.
-
Serie: Blekinge Institute of Technology Doctoral Dissertation Series, 1653-2090 ; 2023:07
- Relaterad länk:
-
https://bth.diva-por... (primary) (Raw object)
-
visa fler...
-
https://urn.kb.se/re...
-
visa färre...
Abstract
Ämnesord
Stäng
- The information security landscape continually evolves with increasing publicly known vulnerabilities (e.g., 25064 new vulnerabilities in 2022). Vulnerabilities play a prominent role in all types of security related attacks, including ransomware and data breaches. Vulnerability Risk Management (VRM) is an essential cyber defense mechanism to eliminate or reduce attack surfaces in information technology. VRM is a continuous procedure of identification, classification, evaluation, and remediation of vulnerabilities. The traditional VRM procedure is time-consuming as classification, evaluation, and remediation require skills and knowledge of specific computer systems, software, network, and security policies. Activities requiring human input slow down the VRM process, increasing the risk of exploiting a vulnerability.The thesis introduces the Automated Context-aware Vulnerability Risk Management (ACVRM) methodology to improve VRM procedures by automating the entire VRM cycle and reducing the procedure time and experts' intervention. ACVRM focuses on the challenging stages (i.e., classification, evaluation, and remediation) of VRM to support security experts in promptly prioritizing and patching the vulnerabilities. ACVRM concept is designed and implemented in a test environment for proof of concept. The efficiency of patch prioritization by ACVRM compared against a commercial vulnerability management tool (i.e., Rudder). ACVRM prioritized the vulnerability based on the patch score (i.e., the numeric representation of the vulnerability characteristic and the risk), the historical data, and dependencies. The experiments indicate that ACVRM could rank the vulnerabilities in the organization's context by weighting the criteria used in patch score calculation. The automated patch deployment is implemented with three use cases to investigate the impact of learning from historical events and dependencies on the success rate of the patch and human intervention. Our finding shows that ACVRM reduced the need for human actions, increased the ratio of successfully patched vulnerabilities, and decreased the cycle time of VRM process.
Ämnesord
- NATURVETENSKAP -- Data- och informationsvetenskap -- Datavetenskap (hsv//swe)
- NATURAL SCIENCES -- Computer and Information Sciences -- Computer Sciences (hsv//eng)
Nyckelord
- Vulnerability Risk Management
- VRM
- Automated Context-Aware Vulnerability Risk Management
- ACVRM
- Information security
- Computer Science
- Datavetenskap
Publikations- och innehållstyp
- vet (ämneskategori)
- dok (ämneskategori)
Hitta via bibliotek
Till lärosätets databas