Patching Assignment Optimization for Security Vulnerabilities
Shao-Ming Tong, Chien-Cheng Huang, Feng-Yu Lin and Yeali Sun
Department of Information Management, National Taiwan University, Taiwan
Abstract: This research is focusing on how IT support center applies the limited resources to elaborate a vulnerability patch in face of its disclosure in a system. We propose the most optimized procedure to design the patch in question and let second-tier security engineer handle the update for vulnerabilities with patch release. While the frontline security engineer are able to provide a firewall to hold the leakage plus create and update the patch in the shortest amount of time. In face of, some system vulnerabilities, the frontline security engineer has to build up a prevention procedure before the patch is released. The strategy of this study is to focus on the transfer of patch demand to the adequate system engineer in a mathematical programming problem module. Within it the objective function is minimized to pursue the shortest amount of survival time for the vulnerability (before the patch is released), we also added some related constraints. The main contributions of this study is a non-linear non-convex mixed integer programming problem formulation for patching assignment optimization and a near optimal solution approach.
Keywords: Vulnerability, patch management, assignment algorithm, optimization, mathematical programming, near optimal solution
Received September 4, 2013; accepted June 29, 2014