Typ  Seminar  

Dozent/in  Prof. Dr. Katinka Wolter  
Institution  Freie Universität Berlin Institute of Computer Science Computer Systems and Telematics  
katinka.wolter@fuberlin.de  
Semester  SS 14  
Veranstaltungsumfang  2  
Leistungspunkte  4  
Maximale Teilnehmerzahl  20  
Zeit  ATTENTION!Students have to meet all deadlines listed in the following schedule. Otherwise s/he will lose the right to take part. Attention of all presentations is mandatory. 25.04.2014: Choose topics as described below, submit the short list to Sakai/kvv. 28.04.2014: All participants will have a topic assigned. 08.05.2014: Short presentation of your topic at the next group meeting. The seminar will take place in several following meetings in room TBA according to the following schedule:
The presentation will take 20 to 30min plus 10min discussion per person.

MSc/Diplomstudierende
BSc bzw. Vordiplom, Telematik
IEEE Latex Template for Reports
IEEE Word Template for Reports
Freie Universität Berlin Corporate Design  Presentation Template
We offer the following topics for this course. You should work with a partner as all topics need considerable work. You can choose 3 topics currently not assigned to anyone (N.N.) and submit your short list through Sakai/kvv. Place the topic you are most interested in at position one etc. We will assign you to a topic  if possible  according to your preferences. In case of a collision and your list is exhausted the date/time of your registration determines the order (FCFS). We will tell you the topic or the failure of the assignment.
Anshul Ghandi, Mor HarcholBalter, several papers on Mor's home page at CMU.
Alma Riska, Feng Yan, several papers through ResearchGate.
Isi Mitrani through his publications page at Ncl.
Adam Wiermann – best papers through his publications web page.
The number of open vulnerabilities in a computer system is one of the determining factors of the size of that system's attack surface. In order to determine this number for a given system, we may apply a simple model: We assume that we can characterise the times between the discovery of vulnerabilities and the times between the development of patches as random variables. We can then build a queueingmodel, where the discovery of vulnerabilities is the arrival process and the development of patches is the service process. By solving this model for the queue length, we can determine measures on the number of open vulnerabilities.
This topic involves the following tasks: First, the arrival and service processes must be characterised by data derived from real systems. For simplicity, we will assume that the times between the discovery of vulnerabilities can be described by an exponential distribution. The times required for the development of fixes, however, should be based on realworld data, which can be obtained from public sources such as CERT archives. Second, the raw data must be approximated by stochastic models. In particular, the service process should be a phasetype distribution, which requires fitting a phasetype distribution to the data using a tool such as HyperStar or PhFit. Third, the model must be solved, using the solutions for the M/PH/1 queue described in [Neuts82]. In order to explore the sensitivity of the model to different parameters, the arrival rate of new vulnerabilities should be varied and the effect on the measures should be illustrated.