Type of work: Master thesis (External - Webasto)

Technical Background:

To manage upcoming vulnerabilities concerning products of Webasto, a continuous monitoring and collection of Cybersecurity Information is mandatory. Cybersecurity information means all information available concerning the security of electronic components, such as vulnerability discriptions. The collected information has to be correlated to Webasto products and relevant vulnerabilities have to be identified.

Task Description:

Then the following research questions shall be answered:

• Quality of Vulneribility collections: How complete are directories of vulnerabilities? How redundant are they? How precise is the information?
• How can products that are in use be matched with unstructured information about vulneribilities?
• What structure would be preferable to store information about vulneribilities?
• Investigation which properties of the product are necessary for a triage to extract Cybersecurity events from Cybersecurity information
• Which algorithms are useable for triage as well as benchmarking?
• Which algorithms can be used for scoring of Cybersecurity events?
• Investigation of analysis methods of found Cybersecurity events concerning the systems under investigation

A prototype is to be developed for this purpose.

Possible work steps:

• State of the art of triage concepts
• Collecting and evaluating potential information sources for vulnerabilities
• Concept for process of matching vulneribilities with products
• Prototype
• Evaluation of own solution

Literature and Resources:

• Cook, Allan, et al. "The industrial control system cyber defence triage process." Computers & Security 70 (2017): 467-481.
• Rogers, Marcus K., et al. "Computer forensics field triage process model." Journal of Digital Forensics, Security and Law1.2 (2006): 2.
• Bozorgi, Mehran, et al. "Beyond heuristics: learning to classify vulnerabilities and predict exploits." Proceedings of the 16th ACM SIGKDD international conference on Knowledge discovery and data mining. 2010.

Supervisor: Timo Bruderek (Webasto)

Reviewer: Dr. Thomas Mundt (thomas.mundt@uni-rostock.de)

Prerequisites: Basic skills in the area of security are advantageous.