Login | Register

A Knowledge Graph to Represent Software Vulnerabilities


A Knowledge Graph to Represent Software Vulnerabilities

Taghavi, Milad (2023) A Knowledge Graph to Represent Software Vulnerabilities. Masters thesis, Concordia University.

[thumbnail of Taghavi_MA_S2023.pdf]
Text (application/pdf)
Taghavi_MA_S2023.pdf - Accepted Version
Available under License Spectrum Terms of Access.


Over the past decade, there has been a major shift towards the globalization of the software industry, by allowing code to be shared and reused across project boundaries. This global code reuse can take on various forms, include components or libraries which are publicly available on the Internet. However, this code reuse also comes with new challenges, since not only code but also vulnerabilities these components might be exposed to are shared. The software engineering community has attempted to address this challenge by introducing bug bounty platforms and software vulnerability repositories, to help organizations manage known vulnerabilities in their systems. However, with the ever-increasing number of vulnerabilities and information related to these vulnerabilities, it has become inherently more difficult to synthesize this knowledge. Knowledge Graphs and their supporting technology stack have been promoted as one possible solution to model, integrate, and support interoperability among heterogeneous data sources.
In this thesis, we introduce a methodology that takes advantage of knowledge graphs to integrate resources related to known software vulnerabilities. More specifically, this thesis takes advantage of knowledge graphs to introduce a unified representation that transforms traditional information silos (e.g., VDBs, bug bounty programs) and transforms them in information hubs. Several use cases are presented to illustrate the applicability and flexibility of our modeling approach, demonstrating that the presented knowledge modeling approach can indeed unify heterogeneous vulnerability data sources and enable new types of vulnerability analysis.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Computer Science and Software Engineering
Item Type:Thesis (Masters)
Authors:Taghavi, Milad
Institution:Concordia University
Degree Name:M.A.
Program:Software Engineering
Date:10 January 2023
Thesis Supervisor(s):Rilling, Juergen and Bentahar, Jamal
ID Code:991794
Deposited By: Milad Taghavi
Deposited On:21 Jun 2023 14:40
Last Modified:21 Jun 2023 14:40
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top