MARCO CUOCI

PhD Graduate

PhD program:: XXXVI



Thesis title: Enhancing the Quality of Information Supporting the Cyber Risk Management Process in Self-Protecting Systems

The Cyber Risk Management process relies on multiple sources of information, some of which derive from the monitored environment, some of which is stored in external repositories. The availability and the quality of these sources of information plays a critical role during Cyber Risk Management, directly influencing the quality in terms of accuracy and completeness of the related processes. This is especially relevant for ICT systems designed around self-protection (i.e. self-protecting systems), which is currently a desired property of many modern ICT systems as it enriches its features with the ability to detect and react to security threats at run-time. Recently, several solutions leveraging the attack graph model have been proposed to design and implement such self-protecting systems. While such systems take a first step towards effective self-protection, they do not consider: (i) the possibility of having non complete information in the external repositories, (ii) the possibility of having non accurate information in the inventories derived from the environment, and (iii) the limitations in terms of accuracy-scalability trade-off imposed by the usage of the attack graph model. This thesis represents a first step towards a solution to enhance the quality of information supporting the cyber risk management process in self-protecting systems, and provides the following major contributions: (i) A study of the external publicly available vulnerability repositories, in order to understand their structure, their semantics and how all these repositories can be integrated in a unified structure, able to provide the cyber risk management process with complete, accurate information. (ii) A computational pipeline able to enhance the accuracy of the inventories derived from the environment by reducing the number of false positives contained within, as well as explicitly addressing and instrumenting the accuracy-scalability trade-off imposed by the attack graph model. (iii) A comprehensive evaluation of the proposed methodologies on a case study.

Research products

11573/1726970 - 2024 - A Version-Based Algorithm for Quality Enhancement of Automatically Generated Vulnerability Inventories
Bonomi, Silvia; Cuoci, Marco; Lenti, Simone - 04b Atto di convegno in volume
conference: 2004 IEEE International Conference on Cyber Security and Resilience (CSR) (London; United Kingdom)
book: Proceedings of the 2024 IEEE International Conference on Cyber Security and Resilience (CSR) - (979-8-3503-7536-7; 979-8-3503-7537-4)

11573/1729836 - 2024 - Improving Attack Graph-based Self-Protecting Systems: A Computational Pipeline for Accuracy-Scalability Trade-off
Bonomi, Silvia; Cuoci, Marco; Lenti, Simone; Palma, Alessandro - 04b Atto di convegno in volume
conference: 19th International Conference on Risks and Security of Inter￾net and Systems (CRiSIS) 2024 (Aix-En-Provence, France)
book: The Nineteenth International Conference on Risks and Security of Internet and Systems - ()

11573/1726972 - 2023 - A Semi-automatic Approach for Enhancing the Quality of Automatically Generated Inventories
Bonomi, Silvia; Cuoci, Marco; Lenti, Simone - 04b Atto di convegno in volume
conference: 2023 IEEE International Conference on Cyber Security and Resilience (CSR) (Venice; Italy)
book: Proceedings of the 2023 IEEE International Conference on Cyber Security and Resilience (CSR) - (979-8-3503-1170-9; 979-8-3503-1171-6)

© Università degli Studi di Roma "La Sapienza" - Piazzale Aldo Moro 5, 00185 Roma