NUST Institutional Repository
OPTIMAL SECURITY PATCH MANAGEMENT FOR LARGE INFRASTRUCTURES BASED ON PRIORITIZED ASSET INVENTORY
- DSpace Home
- →
- E-Theses
- →
- SEECS
- →
- Information Security
- →
- MS
- →
- View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.
| dc.contributor.author | Kamal, Muhammad Muqeet | |
| dc.date.accessioned | 2023-09-01T09:32:21Z | |
| dc.date.available | 2023-09-01T09:32:21Z | |
| dc.date.issued | 2019 | |
| dc.identifier.other | 119193 | |
| dc.identifier.uri | http://10.250.8.41:8080/xmlui/handle/123456789/38124 | |
| dc.description | Supervisor: Dr. SHAHZAD SALEEM | en_US |
| dc.description.abstract | The ever-increasing trend of discovery of new vulnerabilities has created a challenge enterprise and organization to secure themselves from the associated threats. The past few years alone have witnessed many such critical vulnerabilities which were reported to cost considerable losses to the organizations. Although vendors and developers publish patches before an exploit is made publicly available but due to the unmanageable problem of deploying patches in the production environment, organizations fail to secure their systems and the exploits make way into their infrastructure. This is attributed towards the multi-dimensional challenges faced by the organizations such as production downtime, cost of patching versus the available resources and the potential impact of running into an unforeseen issue and loss of business both in terms of reputation and profit. This has given rise to finding out methods in cases of emergency patching, where waiting for periodic cycle is not tolerable for organization to prioritize the enterprise’s most valuable assets which can be secured against the vulnerabilities while keeping downtime and business loss to the minimum. While the efforts have produced various models and results, they have only been able to produce a generic output which do not provide a solution to every enterprise with various business dynamics. One such example is the Common Vulnerability Scoring System (CVSS). Although CVSS tries to accommodate environmental factors, but it lacks the knowledge of various organizational processes and challenges faced in patching. We have provided an asset prioritization solution based on the CVSS framework and enriching it with organizational constraints by following the weighted sum model. To make it more organization specific, we have allowed the input of business constraints and resources and employed SMT solvers to produce a solution which is more specific and provides opportunity to secure maximum number of valuable assets under those constraints for a specific vulnerability. The outcome of this research is validated by subject matter experts and have been found to be helpful than the approaches they have been following in the past. | en_US |
| dc.language.iso | en | en_US |
| dc.publisher | School of Electrical Engineering and Computer Science (SEECS), NUST | en_US |
| dc.title | OPTIMAL SECURITY PATCH MANAGEMENT FOR LARGE INFRASTRUCTURES BASED ON PRIORITIZED ASSET INVENTORY | en_US |
| dc.type | Thesis | en_US |
Files in this item
This item appears in the following Collection(s)
-
MS [146]