Automating vulnerability remediation in Maven
(2021) EITM01 20211Department of Electrical and Information Technology
- Abstract (Swedish)
- The usage of open source software is growing and with it, the number of vulnerabilities that attackers can utilize in order to perform malicious activities. In order to mitigate them, it is therefore important to develop effective means of remediating said vulnerabilities. This thesis compares two different solutions for automating vulnerability remediation in regards to time efficiency. Both share the idea that a remediation should be performed by updating the vulnerable open source software to a version where the vulnerability is gone.
The first solution aims to do so by gradually updating the affected versions of open source software that a developer has directly imported in a project, until it finds an appropriate version. The second... (More) - The usage of open source software is growing and with it, the number of vulnerabilities that attackers can utilize in order to perform malicious activities. In order to mitigate them, it is therefore important to develop effective means of remediating said vulnerabilities. This thesis compares two different solutions for automating vulnerability remediation in regards to time efficiency. Both share the idea that a remediation should be performed by updating the vulnerable open source software to a version where the vulnerability is gone.
The first solution aims to do so by gradually updating the affected versions of open source software that a developer has directly imported in a project, until it finds an appropriate version. The second solution instead utilizes a graph database to store all available versions of an open source package and how it relates to other available open source packages. It can then be used to make secure versions directly query-able.
The simulations that were run in the project show that the graph database solution is far superior to the "brute-force" method when it comes to time-efficiency and also that such a graph would be scalable for use even with very large data sets. (Less)
Please use this url to cite or link to this publication:
http://lup.lub.lu.se/student-papers/record/9067251
- author
- Ternby, Carl LU and Pettersson, Viktor LU
- supervisor
-
- Martin Hell LU
- Emil Wåreus LU
- organization
- course
- EITM01 20211
- year
- 2021
- type
- H2 - Master's Degree (Two Years)
- subject
- report number
- LU/LTH-EIT 2021-848
- language
- English
- id
- 9067251
- date added to LUP
- 2021-10-27 10:44:39
- date last changed
- 2021-10-27 10:44:39
@misc{9067251, abstract = {{The usage of open source software is growing and with it, the number of vulnerabilities that attackers can utilize in order to perform malicious activities. In order to mitigate them, it is therefore important to develop effective means of remediating said vulnerabilities. This thesis compares two different solutions for automating vulnerability remediation in regards to time efficiency. Both share the idea that a remediation should be performed by updating the vulnerable open source software to a version where the vulnerability is gone. The first solution aims to do so by gradually updating the affected versions of open source software that a developer has directly imported in a project, until it finds an appropriate version. The second solution instead utilizes a graph database to store all available versions of an open source package and how it relates to other available open source packages. It can then be used to make secure versions directly query-able. The simulations that were run in the project show that the graph database solution is far superior to the "brute-force" method when it comes to time-efficiency and also that such a graph would be scalable for use even with very large data sets.}}, author = {{Ternby, Carl and Pettersson, Viktor}}, language = {{eng}}, note = {{Student Paper}}, title = {{Automating vulnerability remediation in Maven}}, year = {{2021}}, }