The Experts below are selected from a list of 90 Experts worldwide ranked by ideXlab platform
Yu Huang - One of the best experts on this subject based on the ideXlab platform.
-
SmartCloud - Open Source Software Vulnerability Propagation Analysis Algorithm based on Knowledge Graph
2019 IEEE International Conference on Smart Cloud (SmartCloud), 2019Co-Authors: Wenhui Hu, Yu Wang, Yu HuangAbstract:With the extensive reuse of open source components, the scope of Vulnerability impact will have cascade expansion. At the level of Vulnerability data analysis, aiming at the Vulnerability propagation problem, this thesis proposes a hierarchical propagation path search algorithm based on open source software Vulnerability Knowledge graph, at the same time, proposes a heuristic search strategy in both component layer and class layer to reduce the search space complexity, which is optimized from exponential down to polynomial. Furthermore, we propose the optimal blocking concept to represent the cost of repairing the entire propagation path, in order to measure the severity of the project's Vulnerability. As for the purpose of providing effective suggestions on Vulnerability repairing, we model the optimal blocking calculation as the network flow minimal separate problem, then calculate the network maximal flux to obtain the key dependencies with risks. Finally, multiple case studies with various Vulnerability dependent risks show that the proposed algorithm can find software vulnerabilities affecting specific projects effectively.
-
Open Source Software Vulnerability Propagation Analysis Algorithm based on Knowledge Graph
2019 IEEE International Conference on Smart Cloud (SmartCloud), 2019Co-Authors: Wenhui Hu, Yu Wang, Yu HuangAbstract:With the extensive reuse of open source components, the scope of Vulnerability impact will have cascade expansion. At the level of Vulnerability data analysis, aiming at the Vulnerability propagation problem, this thesis proposes a hierarchical propagation path search algorithm based on open source software Vulnerability Knowledge graph, at the same time, proposes a heuristic search strategy in both component layer and class layer to reduce the search space complexity, which is optimized from exponential down to polynomial. Furthermore, we propose the optimal blocking concept to represent the cost of repairing the entire propagation path, in order to measure the severity of the project's Vulnerability. As for the purpose of providing effective suggestions on Vulnerability repairing, we model the optimal blocking calculation as the network flow minimal separate problem, then calculate the network maximal flux to obtain the key dependencies with risks. Finally, multiple case studies with various Vulnerability dependent risks show that the proposed algorithm can find software vulnerabilities affecting specific projects effectively.
Wenhui Hu - One of the best experts on this subject based on the ideXlab platform.
-
SmartCloud - Open Source Software Vulnerability Propagation Analysis Algorithm based on Knowledge Graph
2019 IEEE International Conference on Smart Cloud (SmartCloud), 2019Co-Authors: Wenhui Hu, Yu Wang, Yu HuangAbstract:With the extensive reuse of open source components, the scope of Vulnerability impact will have cascade expansion. At the level of Vulnerability data analysis, aiming at the Vulnerability propagation problem, this thesis proposes a hierarchical propagation path search algorithm based on open source software Vulnerability Knowledge graph, at the same time, proposes a heuristic search strategy in both component layer and class layer to reduce the search space complexity, which is optimized from exponential down to polynomial. Furthermore, we propose the optimal blocking concept to represent the cost of repairing the entire propagation path, in order to measure the severity of the project's Vulnerability. As for the purpose of providing effective suggestions on Vulnerability repairing, we model the optimal blocking calculation as the network flow minimal separate problem, then calculate the network maximal flux to obtain the key dependencies with risks. Finally, multiple case studies with various Vulnerability dependent risks show that the proposed algorithm can find software vulnerabilities affecting specific projects effectively.
-
Open Source Software Vulnerability Propagation Analysis Algorithm based on Knowledge Graph
2019 IEEE International Conference on Smart Cloud (SmartCloud), 2019Co-Authors: Wenhui Hu, Yu Wang, Yu HuangAbstract:With the extensive reuse of open source components, the scope of Vulnerability impact will have cascade expansion. At the level of Vulnerability data analysis, aiming at the Vulnerability propagation problem, this thesis proposes a hierarchical propagation path search algorithm based on open source software Vulnerability Knowledge graph, at the same time, proposes a heuristic search strategy in both component layer and class layer to reduce the search space complexity, which is optimized from exponential down to polynomial. Furthermore, we propose the optimal blocking concept to represent the cost of repairing the entire propagation path, in order to measure the severity of the project's Vulnerability. As for the purpose of providing effective suggestions on Vulnerability repairing, we model the optimal blocking calculation as the network flow minimal separate problem, then calculate the network maximal flux to obtain the key dependencies with risks. Finally, multiple case studies with various Vulnerability dependent risks show that the proposed algorithm can find software vulnerabilities affecting specific projects effectively.
Shikun Zhang - One of the best experts on this subject based on the ideXlab platform.
-
refining traceability links between Vulnerability and software component in a Vulnerability Knowledge graph
International Conference on Web Engineering, 2018Co-Authors: Dongdong Du, Yupeng Wu, Jien Chen, Wei Ye, Xiangyu Xi, Shikun ZhangAbstract:Software vulnerabilities and their corresponding software components information are usually stored in different locations with different representations. Building accurate traceability links between them to form a unified Knowledge graph can be very helpful for Vulnerability spreading analysis, component dependency management, and relationship inference. In this paper, we first propose a software Vulnerability Knowledge graph model which integrates CVE (Common Vulnerabilities and Exposures) information, Java Component metadata in Maven repository and project collaboration data on Github. To construct the Knowledge graph, we then propose two ontology matching approaches. The first one links Maven project and Github project in a URL text-matching way. The second one introduces random forests algorithm to link CVE project version and Maven project version based on 16 well-defined features. Experimental results show that matching between CVE project version and Maven project version are highly promising with an accuracy rate as high as 99.8%. The traceability links between vulnerabilities and software components can be more accurate based on our approach.
-
ICWE - Refining Traceability Links Between Vulnerability and Software Component in a Vulnerability Knowledge Graph
Lecture Notes in Computer Science, 2018Co-Authors: Dongdong Du, Yupeng Wu, Jien Chen, Wei Ye, Xiangyu Xi, Shikun ZhangAbstract:Software vulnerabilities and their corresponding software components information are usually stored in different locations with different representations. Building accurate traceability links between them to form a unified Knowledge graph can be very helpful for Vulnerability spreading analysis, component dependency management, and relationship inference. In this paper, we first propose a software Vulnerability Knowledge graph model which integrates CVE (Common Vulnerabilities and Exposures) information, Java Component metadata in Maven repository and project collaboration data on Github. To construct the Knowledge graph, we then propose two ontology matching approaches. The first one links Maven project and Github project in a URL text-matching way. The second one introduces random forests algorithm to link CVE project version and Maven project version based on 16 well-defined features. Experimental results show that matching between CVE project version and Maven project version are highly promising with an accuracy rate as high as 99.8%. The traceability links between vulnerabilities and software components can be more accurate based on our approach.
Yu Wang - One of the best experts on this subject based on the ideXlab platform.
-
SmartCloud - Open Source Software Vulnerability Propagation Analysis Algorithm based on Knowledge Graph
2019 IEEE International Conference on Smart Cloud (SmartCloud), 2019Co-Authors: Wenhui Hu, Yu Wang, Yu HuangAbstract:With the extensive reuse of open source components, the scope of Vulnerability impact will have cascade expansion. At the level of Vulnerability data analysis, aiming at the Vulnerability propagation problem, this thesis proposes a hierarchical propagation path search algorithm based on open source software Vulnerability Knowledge graph, at the same time, proposes a heuristic search strategy in both component layer and class layer to reduce the search space complexity, which is optimized from exponential down to polynomial. Furthermore, we propose the optimal blocking concept to represent the cost of repairing the entire propagation path, in order to measure the severity of the project's Vulnerability. As for the purpose of providing effective suggestions on Vulnerability repairing, we model the optimal blocking calculation as the network flow minimal separate problem, then calculate the network maximal flux to obtain the key dependencies with risks. Finally, multiple case studies with various Vulnerability dependent risks show that the proposed algorithm can find software vulnerabilities affecting specific projects effectively.
-
Open Source Software Vulnerability Propagation Analysis Algorithm based on Knowledge Graph
2019 IEEE International Conference on Smart Cloud (SmartCloud), 2019Co-Authors: Wenhui Hu, Yu Wang, Yu HuangAbstract:With the extensive reuse of open source components, the scope of Vulnerability impact will have cascade expansion. At the level of Vulnerability data analysis, aiming at the Vulnerability propagation problem, this thesis proposes a hierarchical propagation path search algorithm based on open source software Vulnerability Knowledge graph, at the same time, proposes a heuristic search strategy in both component layer and class layer to reduce the search space complexity, which is optimized from exponential down to polynomial. Furthermore, we propose the optimal blocking concept to represent the cost of repairing the entire propagation path, in order to measure the severity of the project's Vulnerability. As for the purpose of providing effective suggestions on Vulnerability repairing, we model the optimal blocking calculation as the network flow minimal separate problem, then calculate the network maximal flux to obtain the key dependencies with risks. Finally, multiple case studies with various Vulnerability dependent risks show that the proposed algorithm can find software vulnerabilities affecting specific projects effectively.
Renzo Taddei - One of the best experts on this subject based on the ideXlab platform.
-
communicating through Vulnerability Knowledge politics inclusion and responsiveness in responsible research and innovation
Journal of Responsible Innovation, 2016Co-Authors: Giuseppe Di Giulio, Christopher Groves, Marko Synesio Alves Monteiro, Renzo TaddeiAbstract:ABSTRACTResponsible research and innovation (RRI) has affirmed the value of ‘inclusion’ and ‘responsiveness’ as institutional virtues necessary to ensure that reflexivity towards the social priorities behind innovation processes is made possible. It is argued that this affirmation links RRI to Knowledge politics in other domains (e.g. environmental justice and the politics of development). It is suggested that lessons regarding inclusion and responsiveness can be drawn from these domains, focusing on the ways in which marginalised perspectives on need and Vulnerability, once articulated, can help reconstitute the public sphere in which social priorities are defined. Three case studies are used to explore how entanglements of needs, vulnerabilities, identity and agency are vital to understanding the impacts of innovation and change more generally. It is argued that social science methodologies sensitised to such entanglements are necessary to help constitute a space of inclusion and responsiveness characte...
-
Communicating through Vulnerability: Knowledge politics, inclusion and responsiveness in responsible research and innovation
Journal of Responsible Innovation, 2016Co-Authors: Giuseppe Di Giulio, Marko Monteiro, Christopher Groves, Renzo TaddeiAbstract:ABSTRACTResponsible research and innovation (RRI) has affirmed the value of ?inclusion? and ?responsiveness? as institutional virtues necessary to ensure that reflexivity towards the social priorities behind innovation processes is made possible. It is argued that this affirmation links RRI to Knowledge politics in other domains (e.g. environmental justice and the politics of development). It is suggested that lessons regarding inclusion and responsiveness can be drawn from these domains, focusing on the ways in which marginalised perspectives on need and Vulnerability, once articulated, can help reconstitute the public sphere in which social priorities are defined. Three case studies are used to explore how entanglements of needs, vulnerabilities, identity and agency are vital to understanding the impacts of innovation and change more generally. It is argued that social science methodologies sensitised to such entanglements are necessary to help constitute a space of inclusion and responsiveness characterised, not by assumptions about idealised rational forms of deliberation, but by styles of communication that recognise Vulnerability.
