| Title | Privacy-Enabled Recommendations for Software Vulnerabilities |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Karlsson, Linus, Paladi, Nicolae |
| Conference Name | 2019 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech) |
| Keywords | Complexity theory, costly process, data integrity, data privacy, human factors, malicious operator, Organizations, privacy, privacy-enabled recommendations, pubcrawl, recommender, recommender system, recommender systems, Resiliency, Scalability, security, security of data, SGX, slow process, Software, software reliability, software vulnerabilities, vulnerability prioritization data, vulnerability profiles |
| Abstract | New software vulnerabilities are published daily. Prioritizing vulnerabilities according to their relevance to the collection of software an organization uses is a costly and slow process. While recommender systems were earlier proposed to address this issue, they ignore the security of the vulnerability prioritization data. As a result, a malicious operator or a third party adversary can collect vulnerability prioritization data to identify the security assets in the enterprise deployments of client organizations. To address this, we propose a solution that leverages isolated execution to protect the privacy of vulnerability profiles without compromising data integrity. To validate an implementation of the proposed solution we integrated it with an existing recommender system for software vulnerabilities. The evaluation of our implementation shows that the proposed solution can effectively complement existing recommender systems for software vulnerabilities. |
| DOI | 10.1109/DASC/PiCom/CBDCom/CyberSciTech.2019.00111 |
| Citation Key | karlsson_privacy-enabled_2019 |
Privacy-Enabled Recommendations for Software Vulnerabilities