Context-aware vulnerability scoring system

Description :

System security is of vital importance and administrators must monitor the continual ongoing disclosure of software vulnerabilities that have the potential to compromise their systems in some way. Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities. In 2008, over 7,400 new vulnerabilities were disclosed—well over 100 per week. While no enterprise is affected by all of these disclosures, administrators commonly face many outstanding vulnerabilities across the software systems they manage. However, we cannot simply trust CVSS or other vulnerability scoring systems to estimate what vulnerabilities in our service are more important, because all the existing vulnerability scoring systems did not take context of vulnerabilities into account. Our target is to provide a smarter and more sophisticated vulnerability scoring system, which can automatically compute the severity of each vulnerability by considering its specific context. In order to achieve this goal, we may need to address the following challenges: i) how to automatically obtain a dependency graph, because modern cloud service is typically very large scale; and ii) how to compute the importance of component within a dependency graph.

• Having the motivation for indulging in a research oriented project
• Programming skills with Java
• Interested in algorithm design

Contacts

In case of any questions, please drop us an email or come to our offices:

• Hao Zhuang (BC 118)
• Rameez Rahman (BC 142)