Advanced

Privacy-enabled Recommendations for Software Vulnerabilities

Karlsson, Linus LU and Paladi, Nicolae LU (2019) 2019 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress
Abstract
New software vulnerabilities are published daily.
Prioritizing vulnerabilities according to their relevance to the collection of software an organization uses is a costly and slow process.
While recommender systems were earlier proposed to address this issue, they ignore the security of the vulnerability prioritization data.
As a result, a malicious operator or a third party adversary can collect vulnerability prioritization data to identify the security assets in the enterprise deployments of client organizations.
To address this, we propose a solution that leverages isolated execution to protect the privacy of vulnerability profiles without compromising data integrity.
To validate an implementation of the proposed... (More)
New software vulnerabilities are published daily.
Prioritizing vulnerabilities according to their relevance to the collection of software an organization uses is a costly and slow process.
While recommender systems were earlier proposed to address this issue, they ignore the security of the vulnerability prioritization data.
As a result, a malicious operator or a third party adversary can collect vulnerability prioritization data to identify the security assets in the enterprise deployments of client organizations.
To address this, we propose a solution that leverages isolated execution to protect the privacy of vulnerability profiles without compromising data integrity.
To validate an implementation of the proposed solution we integrated it with an existing recommender system for software vulnerabilities.
The evaluation of our implementation shows that the proposed solution can effectively complement existing recommender systems for software vulnerabilities. (Less)
Please use this url to cite or link to this publication:
author
and
organization
publishing date
type
Chapter in Book/Report/Conference proceeding
publication status
published
subject
host publication
The 17th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC 2019)
publisher
IEEE - Institute of Electrical and Electronics Engineers Inc.
conference name
2019 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress
conference location
Fukuoka, Japan
conference dates
2019-08-05 - 2019-08-08
external identifiers
  • scopus:85075140466
ISBN
978-1-7281-3024-8
DOI
10.1109/DASC/PiCom/CBDCom/CyberSciTech.2019.00111
project
Säkra mjukvaruuppdateringar för den smarta staden
language
English
LU publication?
yes
id
9d558549-f992-4e5a-8c41-0347cc93ba57
date added to LUP
2019-06-28 14:20:12
date last changed
2020-05-10 06:33:16
@inproceedings{9d558549-f992-4e5a-8c41-0347cc93ba57,
  abstract     = {New software vulnerabilities are published daily.<br/>Prioritizing vulnerabilities according to their relevance to the collection of software an organization uses is a costly and slow process.<br/>While recommender systems were earlier proposed to address this issue, they ignore the security of the vulnerability prioritization data.<br/>As a result, a malicious operator or a third party adversary can collect vulnerability prioritization data to identify the security assets in the enterprise deployments of client organizations. <br/>To address this, we propose a solution that leverages isolated execution to protect the privacy of vulnerability profiles without compromising data integrity.<br/>To  validate an implementation of the proposed solution we integrated it with an existing recommender system for software vulnerabilities.<br/>The evaluation of our implementation shows that the proposed solution can effectively complement existing recommender systems for software vulnerabilities.},
  author       = {Karlsson, Linus and Paladi, Nicolae},
  booktitle    = {The 17th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC 2019)},
  isbn         = {978-1-7281-3024-8},
  language     = {eng},
  publisher    = {IEEE - Institute of Electrical and Electronics Engineers Inc.},
  title        = {Privacy-enabled Recommendations for Software Vulnerabilities},
  url          = {https://lup.lub.lu.se/search/ws/files/66750781/PrivacyEnabledRecommendations.pdf},
  doi          = {10.1109/DASC/PiCom/CBDCom/CyberSciTech.2019.00111},
  year         = {2019},
}