The early version of the Internet was designed for connectivity only, without the
consideration of security, and the Internet is consequently an open structure. Networked
systems are vulnerable for a number of reasons; design error, implementation, and
management. A vulnerability is a hole or weak point that can be exploited to compromise
the security of the system. Operating systems and applications are often vulnerable because
of design errors. Software vendors release patches for discovered vulnerabilities, and rely
upon system administrators to accept and install patches on their systems. Many system
administrators fail to install patches on time, and consequently leave their systems
vulnerable to exploitation by hackers. This exploitation can result in various security
breaches, including website defacement, denial of service, or malware attacks. The overall
problem is significant with an average of 115 vulnerabilities per week being documented
during 2005.
This thesis considers the problem of vulnerabilities in IT networked systems, and maps the
vulnerability types into a technical taxonomy. The thesis presents a thorough analysis of
the existing methods of vulnerability management which determine that these methods
have failed to mange the problem in a comprehensive way, and show the need for a
comprehensive management system, capable of addressing the awareness and patch
deploymentp roblems. A critical examination of vulnerability databasess tatistics over the
past few years is provided, together with a benchmarking of the problem in a reference
environment with a discussion of why a new approach is needed. The research examined
and compared different vulnerability advisories, and proposed a generic vulnerability
format towards automating the notification process.
The thesis identifies the standard process of addressing vulnerabilities and the over reliance
upon the manual method. An automated management system must take into account new
vulnerabilities and patch deploymentt o provide a comprehensives olution. The overall aim
of the research has therefore been to design a new framework to address these flaws in the
networked systems harmonised with the standard system administrator process. The
approach, known as AVMS (Automated Vulnerability Management System), is capable of
filtering and prioritising the relevant messages, and then downloading the associated
patches and deploying them to the required machines.
The framework is validated through a proof-of-concept prototype system. A series of tests
involving different advisories are used to illustrate how AVMS would behave. This helped
to prove that the automated vulnerability management system prototype is indeed viable,
and that the research has provided a suitable contribution to knowledge in this important
domain.
Date of Award | 2006 |
---|
Original language | English |
---|
Awarding Institution | |
---|
Active security vulnerability notification and resolution
Alayed, A. I. (Author). 2006
Student thesis: PhD