As modern organisations rely more and more heavily on complex software, there is a growing need for efficient management of software vulnerabilities. A fundamental challenge is the software vulnerability patching problem: strategies for identifying and prioritising critical patches amongst a potentially large set of available patches, for the various software assets and their vulnerabilities. Solutions to the vulnerability patching problem are often based on vulnerability scoring, the Common Vulnerability Scoring System (CVSS) being a prominent open framework in use by many organisations.
The aim of this PhD project is to improve existing vulnerability patching techniques based on the CVSS framework. Using a non-cooperative incomplete information game framework, novel patching strategies will be designed. An evaluation in a real-world scenario will demonstrate the advantages this approach can bring.
The objectives of this project are:
• To conduct a thorough literature review of the specialist area of two-player complete and incomplete (Bayesian) information security games, leading to a up-to-date taxonomy of this field.
• To devise a suitable incomplete information game model for vulnerability patching, informed by the literature review findings and extending previously published models.
• To derive a suitable vulnerability scoring function and patching strategy, based on an equilibrium analysis of the game.
• To evaluate the vulnerability patching strategy, using real-world data based on a case study.
The Centre for Excellence in Cyber Security Education and Culture (CECEC) at Kingston University offers this fully funded, 3 year PhD studentship that includes university fees and a stipend. CECEC is at the epicentre of a growing expertise in cyber security at Kingston University, both in terms of exciting, multidisciplinary research, and innovative undergraduate and postgraduate cyber security programmes. This PhD research project is considered to be an integral part of CECEC’s ongoing and future success
For further details and to discuss a prospective application, please contact: Dr Eckhard Pfluegel, Kingston University, UK.
email: [email protected]
Interviews: week beginning 29 April 2019
Expected start date: to be confirmed
Duration: 3 years full-time
How to apply: download an application form from https://kingston.box.com/s/nf2mwbh0xrxes4hto5ijpput0unov8y4
. This must be emailed to [email protected]
together with the following:
• An academic CV
• Copies of your academic certificates (degree level onwards)
• A covering letter stating why you consider you are suitable for the position (maximum 2 pages A4)
• A copy of your English language qualification, if applicable (see ‘English Language’ above)
If you wish to apply for more than one project, a separate application must be submitted for each.
References do not need to be included with the application, but will be required for shortlisted applicants.
Please ensure that all required documents are submitted together with your application form as we are unable to consider incomplete applications.
You should assume that your application has been unsuccessful if you have not heard from us by 4 weeks after the closing date.