Vida Ahmadi scite author profile

Vida Ahmadi

3Publications

7Citation Statements Received

24Citation Statements Given

How they've been cited

How they cite others

Affiliations

Blekinge Institute of Technology

Publications

Order By: Most citations

Normalization of Severity Rating for Automated Context-aware Vulnerability Risk Management

Ahmadi

Arlos

Casalicchio

2020

View full text Add to dashboard Cite

In the last three years, the unprecedented increase in discovered vulnerabilities ranked with critical and high severity raise new challenges in Vulnerability Risk Management (VRM). Indeed, identifying, analyzing and remediating this high rate of vulnerabilities is labour intensive, especially for enterprises dealing with complex computing infrastructures such as Infrastructure-as-a-Service providers. Hence there is a demand for new criteria to prioritize vulnerabilities remediation and new automated/autonomic approaches to VRM. In this paper, we address the above challenge proposing an Automated Context-aware Vulnerability Risk Management (AC-VRM) methodology that aims: to reduce the labour intensive tasks of security experts; to prioritize vulnerability remediation on the basis of the organization context rather than risk severity only. The proposed solution considers multiple vulnerabilities databases to have a great coverage on known vulnerabilities and to determine the vulnerability rank. After the description of the new VRM methodology, we focus on the problem of obtaining a single vulnerability score by normalization and fusion of ranks obtained from multiple vulnerabilities databases. Our solution is a parametric normalization that accounts for organization needs/specifications.

show abstract

Normalization Framework for Vulnerability Risk Management in Cloud

Ahmadi

Arlos

Casalicchio

2021

View full text Add to dashboard Cite

Vulnerability Risk Management (VRM) is a critical element in cloud security that directly impacts cloud providers' security assurance levels. Today, VRM is a challenging process because the dramatic increase of known vulnerabilities (+26% in the last five years), and because it is even more dependent on the organization's context. Moreover, the vulnerability's severity score depends on the Vulnerability Database (VD) selected as a reference in VRM. All these factors introduce a new challenge for security specialists in evaluating and patching the vulnerabilities. This study provides a framework to improve the classification and evaluation phases in vulnerability risk management while using multiple vulnerability databases as a reference. Our solution normalizes the severity score of each vulnerability based on the selected security assurance level. The results of our study highlighted the role of the vulnerability databases in patch prioritization, showing the advantage of using multiple VDs.

show abstract

Trust Management XI

Ahmadi

Tutschku

2017

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Vida Ahmadi

Normalization of Severity Rating for Automated Context-aware Vulnerability Risk Management

Normalization Framework for Vulnerability Risk Management in Cloud

Trust Management XI

Contact Info

Product

Resources

About