A methodology and a platform to measure and assess software windows of vulnerability

Venturini, Giacomo (2020) A methodology and a platform to measure and assess software windows of vulnerability. [Laurea magistrale], Università di Bologna, Corso di Studio in Ingegneria e scienze informatiche [LM-DM270] - Cesena
Documenti full-text disponibili:
[img] Documento PDF (Thesis)
Disponibile con Licenza: Creative Commons: Attribuzione - Condividi allo stesso modo 4.0 (CC BY-SA 4.0)

Download (2MB)

Abstract

Nowadays, it is impossible not to recognize how software solutions have changed the world and the crucial role they play in our daily life. With their quick spread, especially in Cloud and Internet of Things contexts, security risks to which they are exposed have risen as well. Unfortunately, even if a lot of techniques have been realized to protect infrastructures from attackers, they are not enough to achieve truly secure systems. Therefore, since the price to pay for recovering from an outbreak can be enormous, organizations need a way to assess security of products they use. A useful and very overlooked metric that can be considered in this situations is the software window of vulnerability, which is the amount of time a software has been vulnerable to an attack. The main reason why this metric is often neglected is because the information required to compute it are provided by heterogeneous sources, and there is not a standard framework or at least a model that can simplify the task. Hence, the aim of this thesis will be filling this lack, at first by defining a model to evaluate software windows of vulnerability and then by implementing a platform able to compute this metric for software of different systems. Since keeping the approach general is not feasible outside of the theoretical model, the implementation step will necessarily require a system specific choice. Therefore, GNU/Linux systems were selected specifically for two reasons: their recent rise in popularity in the previously mentioned fields and their software management policy (which is based on package managers) that allows to find the data required by the analysis more easily.

Abstract
Tipologia del documento
Tesi di laurea (Laurea magistrale)
Autore della tesi
Venturini, Giacomo
Relatore della tesi
Scuola
Corso di studio
Ordinamento Cds
DM270
Parole chiave
Software Security,Software Windows of Vulnerability,GNU/Linux security,Vulnerability life cycle
Data di discussione della Tesi
16 Luglio 2020
URI

Altri metadati

Statistica sui download

Gestione del documento: Visualizza il documento

^