Enhancing the quality of information supporting the cyber risk management process in self-protecting systems

The Cyber Risk Management process relies on multiple sources of information, some of which derive from the monitored environment, some of which is stored in external repositories. The availability and the quality of these sources of information plays a critical role during Cyber Risk Management, directly influencing the quality in terms of accuracy and completeness of the related processes. This is especially relevant for ICT systems designed around self-protection (i.e. self-protecting systems), which is currently a desired property of many modern ICT systems as it enriches its features with the ability to detect and react to security threats at run-time. Recently, several solutions leveraging the attack graph model have been proposed to design and implement such self-protecting systems. While such systems take a first step towards effective self-protection, they do not consider: (i) the possibility of having non complete information in the external repositories, (ii) the possibility of having non accurate information in the inventories derived from the environment, and (iii) the limitations in terms of accuracy-scalability trade-off imposed by the usage of the attack graph model. This thesis represents a first step towards a solution to enhance the quality of information supporting the cyber risk management process in self-protecting systems, and provides the following major contributions: (i) A study of the external publicly available vulnerability repositories, in order to understand their structure, their semantics and how all these repositories can be integrated in a unified structure, able to provide the cyber risk management process with complete, accurate information. (ii) A computational pipeline able to enhance the accuracy of the inventories derived from the environment by reducing the number of false positives contained within, as well as explicitly addressing and instrumenting the accuracy-scalability trade-off imposed by the attack graph model. (iii) A comprehensive evaluation of the proposed methodologies on a case study.