Normalization of Severity Rating for Automated Context-aware Vulnerability Risk Management

Ahmadi, Vida; Arlos, Patrik; Casalicchio, Emiliano

doi:10.1109/acsos-c51401.2020.00056

Cited by 6 publications

(8 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Today, we lack the tools that automatically conduct the four stages, identification, classification, evaluation, and remediation in the VRM process. In [4]- [6], we proposed Automated Context-aware Vulnerability Risk Management (ACVRM) to improve the VRM procedure by 1) reducing the labor-intensive tasks of security experts in patch prioritization; 2) customizing the patch prioritization for a given organization by learning about the organization's assets and the vulnerabilities that affect these assets; 3) automating VRM procedure to reduce processing time.…”

Section: Introductionmentioning

confidence: 99%

“…Figure 1. In phase 1, described in [4], [6], we collected the publicly known vulnerabilities from multiple Vulnerability Databases (VD) and normalized the severity score for each vulnerability based on the selected vulnerability management mode by the organization. The collected data identifies existing vulnerabilities in the organization's assets.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Automated Patch Management: An Empirical Evaluation Study

Mehri,

Arlos,

Casalicchio

2023

2023 IEEE International Conference on Cyber Security and Resilience (CSR)

View full text Add to dashboard Cite

Vulnerability patch management is one of IT organizations' most complex issues due to the increasing number of publicly known vulnerabilities and explicit patch deadlines for compliance. Patch management requires human involvement in testing, deploying, and verifying the patch and its potential side effects. Hence, there is a need to automate the patch management procedure to keep the patch deadline with a limited number of available experts. This study proposed and implemented an automated patch management procedure to address mentioned challenges. The method also includes logic to automatically handle errors that might occur in patch deployment and verification. Moreover, the authors added an automated review step before patch management to adjust the patch prioritization list if multiple cumulative patches or dependencies are detected. The result indicated that our method reduced the need for human intervention, increased the ratio of successfully patched vulnerabilities, and decreased the execution time of vulnerability risk management.

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Automated Patch Management: An Empirical Evaluation Study

Mehri,

Arlos,

Casalicchio

2023

2023 IEEE International Conference on Cyber Security and Resilience (CSR)

View full text Add to dashboard Cite

show abstract

“…To answer the above research question, we introduced the concept of automated context-aware vulnerability risk management (ACVRM) [6,7]. ACVRM facilitates the customization of the VRM process for a given organization by learning about the organization's assets and the vulnerabilities that affect these assets.…”

Section: Introductionmentioning

confidence: 99%

“…In our previous studies [6,7], we identified that the selection of what vulnerability database (VD) to use plays an essential role in the VRM procedure and the information on an organization's assets should support VD choice. Indeed, the vulnerability severity score comes from a VD, and there are several types of VD, from national [8] to vendor [9,10], and even application-specific [11].…”

Section: Introductionmentioning

confidence: 99%

Automated Context-Aware Vulnerability Risk Management for Patch Prioritization

2022

Self Cite

View full text Add to dashboard Cite

The information-security landscape continuously evolves by discovering new vulnerabilities daily and sophisticated exploit tools. Vulnerability risk management (VRM) is the most crucial cyber defense to eliminate attack surfaces in IT environments. VRM is a cyclical practice of identifying, classifying, evaluating, and remediating vulnerabilities. The evaluation stage of VRM is neither automated nor cost-effective, as it demands great manual administrative efforts to prioritize the patch. Therefore, there is an urgent need to improve the VRM procedure by automating the entire VRM cycle in the context of a given organization. The authors propose automated context-aware VRM (ACVRM), to address the above challenges. This study defines the criteria to consider in the evaluation stage of ACVRM to prioritize the patching. Moreover, patch prioritization is customized in an organization’s context by allowing the organization to select the vulnerability management mode and weigh the selected criteria. Specifically, this study considers four vulnerability evaluation cases: (i) evaluation criteria are weighted homogeneously; (ii) attack complexity and availability are not considered important criteria; (iii) the security score is the only important criteria considered; and (iv) criteria are weighted based on the organization’s risk appetite. The result verifies the proposed solution’s efficiency compared with the Rudder vulnerability management tool (CVE-plugin). While Rudder produces a ranking independent from the scenario, ACVRM can sort vulnerabilities according to the organization’s criteria and context. Moreover, while Rudder randomly sorts vulnerabilities with the same patch score, ACVRM sorts them according to their age, giving a higher security score to older publicly known vulnerabilities.

show abstract

“…Firstly, we proposed a VDs Normalization Framework (VDNF) that could be integrated in the vulnerability management process. The VDNF is a refinement and implementation of what envisioned in [13]. VDNF is intended as a tool to improve the classification and evaluation phases in VRM while dealing with multiple VDs as a source.…”

Section: Introductionmentioning

confidence: 99%

Normalization Framework for Vulnerability Risk Management in Cloud

Ahmadi

Arlos

Casalicchio

2021

2021 8th International Conference on Future Internet of Things and Cloud (FiCloud)

Self Cite

View full text Add to dashboard Cite

Vulnerability Risk Management (VRM) is a critical element in cloud security that directly impacts cloud providers' security assurance levels. Today, VRM is a challenging process because the dramatic increase of known vulnerabilities (+26% in the last five years), and because it is even more dependent on the organization's context. Moreover, the vulnerability's severity score depends on the Vulnerability Database (VD) selected as a reference in VRM. All these factors introduce a new challenge for security specialists in evaluating and patching the vulnerabilities. This study provides a framework to improve the classification and evaluation phases in vulnerability risk management while using multiple vulnerability databases as a reference. Our solution normalizes the severity score of each vulnerability based on the selected security assurance level. The results of our study highlighted the role of the vulnerability databases in patch prioritization, showing the advantage of using multiple VDs.

show abstract

Normalization of Severity Rating for Automated Context-aware Vulnerability Risk Management

Cited by 6 publications

References 14 publications

Automated Patch Management: An Empirical Evaluation Study

Automated Patch Management: An Empirical Evaluation Study

Automated Context-Aware Vulnerability Risk Management for Patch Prioritization

Normalization Framework for Vulnerability Risk Management in Cloud

Contact Info

Product

Resources

About