Privacy-enabled Recommendations for Software Vulnerabilities

Research output: Chapter in Book/Report/Conference proceedingPaper in conference proceeding

Abstract

New software vulnerabilities are published daily.
Prioritizing vulnerabilities according to their relevance to the collection of software an organization uses is a costly and slow process.
While recommender systems were earlier proposed to address this issue, they ignore the security of the vulnerability prioritization data.
As a result, a malicious operator or a third party adversary can collect vulnerability prioritization data to identify the security assets in the enterprise deployments of client organizations.
To address this, we propose a solution that leverages isolated execution to protect the privacy of vulnerability profiles without compromising data integrity.
To validate an implementation of the proposed solution we integrated it with an existing recommender system for software vulnerabilities.
The evaluation of our implementation shows that the proposed solution can effectively complement existing recommender systems for software vulnerabilities.

Details

Authors
Organisations
Original languageEnglish
Title of host publicationThe 17th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC 2019)
PublisherIEEE--Institute of Electrical and Electronics Engineers Inc.
Publication statusAccepted/In press - 2019
Publication categoryResearch
Peer-reviewedYes

Total downloads

No data available

Related research output

Linus Karlsson, 2019 Sep 30, Department of Electrical and Information Technology, Lund University. 205 p.

Research output: ThesisDoctoral Thesis (compilation)

View all (1)

Related projects

View all (1)