User Tools
prosved
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
prosved [2024/05/19 18:37] carlosesteban.budde@unitn.it [Quantitative forecasts of security vulnerabilities] |
prosved [2024/07/30 22:36] (current) carlosesteban.budde@unitn.it [Special thanks] |
||
|---|---|---|---|
| Line 17: | Line 17: | ||
| * URL: https://cordis.europa.eu/project/id/101067199 | * URL: https://cordis.europa.eu/project/id/101067199 | ||
| + | This website reflects only the author's view and is his sole responsibility. The European Commission's Research Executive Agency is not responsible for any use that may be made of the information it contains. | ||
| ===== Objective and approach ===== | ===== Objective and approach ===== | ||
| Line 76: | Line 77: | ||
| ProSVED has also studied analytical (or rather, numerical) compositions of the PDFs to spawn the multi-dimensional probabilistic space that describes the fluctuation of vuln. probability as a function of time in dense non-singular intervals. In layman terms, one can see the full landscape of "vulnerability probability" up to a chosen future moment in time. While this suffers from the curse of dimensionality, which renders it impractical to visualize all dependencies of a project, it allows to single out a few codebases---e.g. dependencies of main concern, usual suspects---and study them in greater detail than via TDT analysis, which can only produce punctual aggregated results. | ProSVED has also studied analytical (or rather, numerical) compositions of the PDFs to spawn the multi-dimensional probabilistic space that describes the fluctuation of vuln. probability as a function of time in dense non-singular intervals. In layman terms, one can see the full landscape of "vulnerability probability" up to a chosen future moment in time. While this suffers from the curse of dimensionality, which renders it impractical to visualize all dependencies of a project, it allows to single out a few codebases---e.g. dependencies of main concern, usual suspects---and study them in greater detail than via TDT analysis, which can only produce punctual aggregated results. | ||
| - | |||
| - | \\ | ||
| ===== Real-world examples and applications ===== | ===== Real-world examples and applications ===== | ||
| Line 139: | Line 138: | ||
| - __Year__: 2022 | - __Year__: 2022 | ||
| ==== International conferences ==== | ==== International conferences ==== | ||
| + | - **//Transient Evaluation of Non-Markovian Models by Stochastic State Classes and Simulation//** | ||
| + | - __Authors__: Gabriel Dengler, Laura Carnevali, Carlos E. Budde, Enrico Vicario | ||
| + | - __Conference__: [[https://www.qest-formats.org/papers.html|QEST+FORMATS 2024]] | ||
| + | - __Paper__: in press---but check this prepring [[https://arxiv.org/abs/2406.16447|in arXiv]] | ||
| + | - __Year__: 2024 (to appear) | ||
| - :!: FIG cybersec | - :!: FIG cybersec | ||
| Line 148: | Line 152: | ||
| A social objective of ProSVED is to raise awareness of cybersecurity practices in general, and the importance (and feasibility) of forecasting security vulnerabilities in particular. In this sense, ProSVED has been part of the following scientific and industrial dissemination events: | A social objective of ProSVED is to raise awareness of cybersecurity practices in general, and the importance (and feasibility) of forecasting security vulnerabilities in particular. In this sense, ProSVED has been part of the following scientific and industrial dissemination events: | ||
| + | * **ProSVED meeting**: [[https://webmagazine.unitn.it/en/evento/disi/121125/prosved-project-closing-event|Final event]] | ||
| + | * Presentation slides: {{ ::talk_prosved_final.pdf |}} | ||
| + | * //Trento, IT// | ||
| + | * **SMARTITUDE GM'24**: quantifying risk (impact) of Smart Contracts vulnerabilities | ||
| + | * Presentation slides: {{ ::talk_smartitude_2024.pdf |}} | ||
| + | * //Canazei, IT// | ||
| + | * **PI stories**: [[https://webmagazine.unitn.it/en/evento/drict/120901/third-times-the-charm|Third time's the charm]] | ||
| + | * Presentation slides: {{ ::talk_pi_seminar_2024.pdf |}} | ||
| + | * //Trento, IT// | ||
| + | * **Lorentz Workshop**: [[https://www.lorentzcenter.nl/predictive-maintenance-let-data-maintain-the-model.html|Predictive Maintenance: Let Data Maintain the Model]] | ||
| + | * Presentation slides: {{ ::talk_lorentz_2023.pdf |}} | ||
| + | * //Leiden, NL// | ||
| * **SFSCON**: [[https://www.sfscon.it/|South Tyrol Free Software Conference]] | * **SFSCON**: [[https://www.sfscon.it/|South Tyrol Free Software Conference]] | ||
| * Presentation video: https://vimeo.com/886816725 | * Presentation video: https://vimeo.com/886816725 | ||
| * Presentation slides: https://www.slideshare.net/slideshow/sfscon23-carlos-esteban-budde-predict-security-attacks-in-foss/264283292?from_search=0 | * Presentation slides: https://www.slideshare.net/slideshow/sfscon23-carlos-esteban-budde-predict-security-attacks-in-foss/264283292?from_search=0 | ||
| * //Bolzano, IT// | * //Bolzano, IT// | ||
| - | * **Lorentz Workshop**: [[https://www.lorentzcenter.nl/predictive-maintenance-let-data-maintain-the-model.html|Predictive Maintenance: Let Data Maintain the Model]] | ||
| - | * Presentation slides: {{ ::talk_lorentz_2023.pdf |}} | ||
| - | * //Leiden, NL// | ||
| - | * **SMARTITUDE**: formal models for security vulnerabilities in Smart Contracts | ||
| - | * Presentation slides: {{ ::talk_smartitude_2023.pdf |}} | ||
| - | * //Salerno, IT// | ||
| * **Vuln4Cast**: [[https://www.first.org/events/colloquia/cardiff2023/|FIRST group technical colloquium]] | * **Vuln4Cast**: [[https://www.first.org/events/colloquia/cardiff2023/|FIRST group technical colloquium]] | ||
| * Presentation slides: https://www.first.org/resources/papers/cardiff2023/Vuln4Cast-Budde.-Paramitha.-Massacci.pdf | * Presentation slides: https://www.first.org/resources/papers/cardiff2023/Vuln4Cast-Budde.-Paramitha.-Massacci.pdf | ||
| * //Cardiff, UK// | * //Cardiff, UK// | ||
| + | * **SMARTITUDE kickoff**: formal models for security vulnerabilities in Smart Contracts | ||
| + | * Presentation slides: {{ ::talk_smartitude_2023.pdf |}} | ||
| + | * //Salerno, IT// | ||
| + | * **Privacy Symposium**: [[https://sites.grenadine.co/sites/iot/en/2022-privacy-symposium-conference/schedule/8529/CyberSec4Europe%20-%20Research%20to%20Innovation%3A%20Common%20Research%20Framework%20on%20Security%20and%20Privacy|Research to Innovation: Common Research Framework on Security and Privacy]] | ||
| + | * Presentation slides: {{ ::talk_psymp_2022.pdf |}} | ||
| + | * //Venice, IT// | ||
| ====== Special thanks ====== | ====== Special thanks ====== | ||
| Line 174: | Line 190: | ||
| * D. Di Nucci (Univ. of Salerno, IT) | * D. Di Nucci (Univ. of Salerno, IT) | ||
| * G. Di Tizio (Airbus, FR) | * G. Di Tizio (Airbus, FR) | ||
| + | * El Rulo y su Kepler Kompilator | ||
prosved.1716136640.txt.gz ยท Last modified: 2024/05/19 18:37 by carlosesteban.budde@unitn.it
Page Tools
