RH
R.C.A. Heddes
info
Please Note
<p>This page displays the records of the person named above and is not linked to a unique person identifier. This record may need to be merged to a profile.</p>
2 records found
1
Recent large scale cyber security incidents such as the Equifax data breach, where the personal information of around 160 million Americans leaked, demonstrate the current risk of security vulnerabilities libraries which software projects depend on.
The usage of libraries forms an integral part of modern software development and is a widespread practice across software projects.
Libraries make it possible to use proven implementations of certain functionalities without duplicating it.
However, this means the usage of libraries creates a set of dependencies for software projects.
While using libraries allows for increased development speeds by reusing existing code, these dependencies can also propagate problems which exist in dependencies.
Therefore, a security vulnerability in a dependency can have a major impact on the software project as a whole.
Currently, there are analysers which perform a high level analysis which can identify vulnerable dependencies.
However, these analysers are limited to the package level, where either a whole library is considered vulnerable or safe.
In reality, the situation is often more nuanced, where only certain functions of a library pose a security risk.
Considering the growing number of dependencies of software projects and the increasing number of vulnerability disclosure, the dependency update management process is currently a difficult task.
Therefor a more fine-grained type of analysis could help developers in identifying and mitigating actual security risks.
In this thesis, we propose a new risk modelling approach which uses fine grained analysis to concentrate these efforts as best as possible and increase security of software applications.
Further we perform an extensive evaluation to compare it to existing risk approaches to investigate the accuracy of the proposed approach.
We find that the new risk model is more accurate in prioritising risk mitigation strategies, with an average increase of 8% of current state of the art risk models.
The model does require function level vulnerability information which does not exist for all disclosed vulnerabilities and is an active area of research.
...
The usage of libraries forms an integral part of modern software development and is a widespread practice across software projects.
Libraries make it possible to use proven implementations of certain functionalities without duplicating it.
However, this means the usage of libraries creates a set of dependencies for software projects.
While using libraries allows for increased development speeds by reusing existing code, these dependencies can also propagate problems which exist in dependencies.
Therefore, a security vulnerability in a dependency can have a major impact on the software project as a whole.
Currently, there are analysers which perform a high level analysis which can identify vulnerable dependencies.
However, these analysers are limited to the package level, where either a whole library is considered vulnerable or safe.
In reality, the situation is often more nuanced, where only certain functions of a library pose a security risk.
Considering the growing number of dependencies of software projects and the increasing number of vulnerability disclosure, the dependency update management process is currently a difficult task.
Therefor a more fine-grained type of analysis could help developers in identifying and mitigating actual security risks.
In this thesis, we propose a new risk modelling approach which uses fine grained analysis to concentrate these efforts as best as possible and increase security of software applications.
Further we perform an extensive evaluation to compare it to existing risk approaches to investigate the accuracy of the proposed approach.
We find that the new risk model is more accurate in prioritising risk mitigation strategies, with an average increase of 8% of current state of the art risk models.
The model does require function level vulnerability information which does not exist for all disclosed vulnerabilities and is an active area of research.
...
Recent large scale cyber security incidents such as the Equifax data breach, where the personal information of around 160 million Americans leaked, demonstrate the current risk of security vulnerabilities libraries which software projects depend on.
The usage of libraries forms an integral part of modern software development and is a widespread practice across software projects.
Libraries make it possible to use proven implementations of certain functionalities without duplicating it.
However, this means the usage of libraries creates a set of dependencies for software projects.
While using libraries allows for increased development speeds by reusing existing code, these dependencies can also propagate problems which exist in dependencies.
Therefore, a security vulnerability in a dependency can have a major impact on the software project as a whole.
Currently, there are analysers which perform a high level analysis which can identify vulnerable dependencies.
However, these analysers are limited to the package level, where either a whole library is considered vulnerable or safe.
In reality, the situation is often more nuanced, where only certain functions of a library pose a security risk.
Considering the growing number of dependencies of software projects and the increasing number of vulnerability disclosure, the dependency update management process is currently a difficult task.
Therefor a more fine-grained type of analysis could help developers in identifying and mitigating actual security risks.
In this thesis, we propose a new risk modelling approach which uses fine grained analysis to concentrate these efforts as best as possible and increase security of software applications.
Further we perform an extensive evaluation to compare it to existing risk approaches to investigate the accuracy of the proposed approach.
We find that the new risk model is more accurate in prioritising risk mitigation strategies, with an average increase of 8% of current state of the art risk models.
The model does require function level vulnerability information which does not exist for all disclosed vulnerabilities and is an active area of research.
The usage of libraries forms an integral part of modern software development and is a widespread practice across software projects.
Libraries make it possible to use proven implementations of certain functionalities without duplicating it.
However, this means the usage of libraries creates a set of dependencies for software projects.
While using libraries allows for increased development speeds by reusing existing code, these dependencies can also propagate problems which exist in dependencies.
Therefore, a security vulnerability in a dependency can have a major impact on the software project as a whole.
Currently, there are analysers which perform a high level analysis which can identify vulnerable dependencies.
However, these analysers are limited to the package level, where either a whole library is considered vulnerable or safe.
In reality, the situation is often more nuanced, where only certain functions of a library pose a security risk.
Considering the growing number of dependencies of software projects and the increasing number of vulnerability disclosure, the dependency update management process is currently a difficult task.
Therefor a more fine-grained type of analysis could help developers in identifying and mitigating actual security risks.
In this thesis, we propose a new risk modelling approach which uses fine grained analysis to concentrate these efforts as best as possible and increase security of software applications.
Further we perform an extensive evaluation to compare it to existing risk approaches to investigate the accuracy of the proposed approach.
We find that the new risk model is more accurate in prioritising risk mitigation strategies, with an average increase of 8% of current state of the art risk models.
The model does require function level vulnerability information which does not exist for all disclosed vulnerabilities and is an active area of research.
The focus of this project is to develop a web application that automates the process of drawing schematic networks from geographical networks. It allows users to upload geographical networks and inspect the schematic representation in the browser. During the two week research phase we found a Master's Thesis which explains a method for modelling railway tracks and junctions and attempts to draw schematics. We improve upon the findings of this thesis. We wrote a transformer that can transform real-world GeoJSON data of railway networks to abstract input usable by our algorithms. If our application is to be extended to other infrastructure networks, a different transformer can be implemented while using the same underlying algorithm. We performed weekly sprints. At the end of each, we presented the improvements to our client to receive feedback. With this feedback we created a sprint plan to assign and prioritise the tasks and responsibilities of the next sprint. The testing of our application is based on extensive unit tests and end-to-end tests. We evaluated the results of our application and documented recommendations for improving the algorithm. Our application serves as a proof-of-concept to our client.
...
The focus of this project is to develop a web application that automates the process of drawing schematic networks from geographical networks. It allows users to upload geographical networks and inspect the schematic representation in the browser. During the two week research phase we found a Master's Thesis which explains a method for modelling railway tracks and junctions and attempts to draw schematics. We improve upon the findings of this thesis. We wrote a transformer that can transform real-world GeoJSON data of railway networks to abstract input usable by our algorithms. If our application is to be extended to other infrastructure networks, a different transformer can be implemented while using the same underlying algorithm. We performed weekly sprints. At the end of each, we presented the improvements to our client to receive feedback. With this feedback we created a sprint plan to assign and prioritise the tasks and responsibilities of the next sprint. The testing of our application is based on extensive unit tests and end-to-end tests. We evaluated the results of our application and documented recommendations for improving the algorithm. Our application serves as a proof-of-concept to our client.