Full metadata
Title
Automated event-driven security assessment
Description
With the growth of IT products and sophisticated software in various operating systems, I observe that security risks in systems are skyrocketing constantly. Consequently, Security Assessment is now considered as one of primary security mechanisms to measure assurance of systems since systems that are not compliant with security requirements may lead adversaries to access critical information by circumventing security practices. In order to ensure security, considerable efforts have been spent to develop security regulations by facilitating security best-practices. Applying shared security standards to the system is critical to understand vulnerabilities and prevent well-known threats from exploiting vulnerabilities. However, many end users tend to change configurations of their systems without paying attention to the security. Hence, it is not straightforward to protect systems from being changed by unconscious users in a timely manner. Detecting the installation of harmful applications is not sufficient since attackers may exploit risky software as well as commonly used software. In addition, checking the assurance of security configurations periodically is disadvantageous in terms of time and cost due to zero-day attacks and the timing attacks that can leverage the window between each security checks. Therefore, event-driven monitoring approach is critical to continuously assess security of a target system without ignoring a particular window between security checks and lessen the burden of exhausted task to inspect the entire configurations in the system. Furthermore, the system should be able to generate a vulnerability report for any change initiated by a user if such changes refer to the requirements in the standards and turn out to be vulnerable. Assessing various systems in distributed environments also requires to consistently applying standards to each environment. Such a uniformed consistent assessment is important because the way of assessment approach for detecting security vulnerabilities may vary across applications and operating systems. In this thesis, I introduce an automated event-driven security assessment framework to overcome and accommodate the aforementioned issues. I also discuss the implementation details that are based on the commercial-off-the-self technologies and testbed being established to evaluate approach. Besides, I describe evaluation results that demonstrate the effectiveness and practicality of the approaches.
Date Created
2014
Contributors
- Seo, Jeong-Jin (Author)
- Ahn, Gail-Joon (Thesis advisor)
- Yau, Stephen S. (Committee member)
- Lee, Joohyung (Committee member)
- Arizona State University (Publisher)
Topical Subject
Resource Type
Extent
iv, 83 p. : ill. (some col.)
Language
Copyright Statement
In Copyright
Primary Member of
Peer-reviewed
No
Open Access
No
Handle
https://hdl.handle.net/2286/R.I.24765
Statement of Responsibility
by Jeong-Jin Seo
Description Source
Viewed on June 23, 2014
Level of coding
full
Note
Partial requirement for: M.S., Arizona State University, 2014
Note type
thesis
Includes bibliographical references (p. 70-72)
Note type
bibliography
Field of study: Computer science
System Created
- 2014-06-09 02:06:04
System Modified
- 2021-08-30 01:36:17
- 2 years 8 months ago
Additional Formats