| Presentation | 2015-06-12 A study on a Tool for Automated Vulnerability Monitoring and Alerting on Software Assets inside Organizations Takeshi Takahashi, Daisuke Miyamoto, Bhola Panta, Koji Nakao, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Each organization needs to manage its IT assets and related vulnerabilities in order to maintain its security level. Nevertheless, it is a considerable burden for organizations to do that since their resources are limited. This paper introduces a system that monitors organizations' internal IT assets and their related vulnerability information. The system streamlines the operations within each organization. In the system, an agent module installed on each IT asset sends information to a server, while the server monitors the network to collect information on the IT assets that does not run agent module. The server then converts the information into identifiers, which are used to query open vulnerability information. The system provides an alert in case vulnerability information pertaining to the IT asset of the organization is identified. This paper also introduces a prototype system, with which we discuss the issues to be solved as our future work. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | vulnerability / security information / risk analysis / security alert |
| Paper # | IA2015-18,ICSS2015-18 |
| Date of Issue | 2015-06-04 (IA, ICSS) |
| Conference Information | |
| Committee | IA / ICSS |
|---|---|
| Conference Date | 2015/6/11(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Kyushu Institute of Technology Univ. |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Internet Security, etc. |
| Chair | Ken-ichi Yoshida(Univ. of Tsukuba) / Yutaka Miyake(KDDI R&D Labs.) |
| Vice Chair | Hiroyuki Osaki(Kwansei Gakuin Univ.) / Masahiro Jibiki(NICT) / Yutaka Nakamura(Kyushu Inst. of Tech.) / Takashi Nishide(Univ. of Tsukuba) / Yoshiaki Shiraishi(Kobe Univ.) |
| Secretary | Hiroyuki Osaki(Tokyo Inst. of Tech.) / Masahiro Jibiki(Osaka Univ.) / Yutaka Nakamura(Mitsubishi Electric) / Takashi Nishide(NII) / Yoshiaki Shiraishi |
| Assistant | Yuichiro Hei(KDDI R&D Labs.) / Hiroshi Yamamoto(Ritsumeikan Univ.) / Toshiki Watanabe(NEC) / Katsunari Yoshioka(Yokohama National Univ.) / Kazunori Kamiya(NTT) |
| Paper Information | |
| Registration To | Technical Committee on Internet Architecture / Technical Committee on Information and Communication System Security |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | A study on a Tool for Automated Vulnerability Monitoring and Alerting on Software Assets inside Organizations |
| Sub Title (in English) | |
| Keyword(1) | vulnerability |
| Keyword(2) | security information |
| Keyword(3) | risk analysis |
| Keyword(4) | security alert |
| 1st Author's Name | Takeshi Takahashi |
| 1st Author's Affiliation | National Institute of Information and Communications Technology(NICT) |
| 2nd Author's Name | Daisuke Miyamoto |
| 2nd Author's Affiliation | National Institute of Information and Communications Technology(NICT) |
| 3rd Author's Name | Bhola Panta |
| 3rd Author's Affiliation | National Institute of Information and Communications Technology(NICT) |
| 4th Author's Name | Koji Nakao |
| 4th Author's Affiliation | National Institute of Information and Communications Technology(NICT) |
| Date | 2015-06-12 |
| Paper # | IA2015-18,ICSS2015-18 |
| Volume (vol) | vol.115 |
| Number (no) | IA-80,ICSS-81 |
| Page | pp.pp.99-104(IA), pp.99-104(ICSS), |
| #Pages | 6 |
| Date of Issue | 2015-06-04 (IA, ICSS) |