公开(公告)号：US20230185925A1

公开(公告)日：2023-06-15

申请号：US17993073

申请日：2022-11-23

Applicant: Qatar Foundation for Education, Science and Community Development

Inventor： Armstrong Nhlabatsi ,  Khaled Khan ,  Jin Hong ,  Dong Seong Kim ,  Rachel Fernandez ,  Noora Fetais

IPC: G06F21/57 ,  G06F21/53

CPC classification number: G06F21/577 ,  G06F21/53 ,  G06F2221/033

Abstract: A method of quantifying the satisfaction of security requirements is provided via characterizing a security feature; matching the security feature to a security metric; computing a quantification score that indicates the exploitability of a system to which the security feature is applied; and outputting the quantification score to a security analyst.

公开(公告)号：US11146583B2

公开(公告)日：2021-10-12

申请号：US16400517

申请日：2019-05-01

Applicant: Qatar University ,  Qatar Foundation for Education, Science and Community Development

Inventor： Armstrong Nhlabatsi ,  Jin Hong ,  Dong Seong Kim ,  Rachael Fernandez ,  Alaa Hussein ,  Noora Fetais ,  Khaled M. Khan

IPC: G06F21/00 ,  H04L29/06

Abstract: The presently disclosed technology provides a threat-specific network risk evaluation tailored to a client's security objectives. The present technology may include identifying a plurality of threats to a first component of a networked system and assigning a plurality of weighting values to the plurality of threats according to the client's security objectives. The present technology may include identifying a plurality of vulnerabilities of the first component and determining a set of relevant threats for the first vulnerability based on the nature of the vulnerability and the weighting values assigned to the plurality of threats. The set of relevant threats includes one or more of the plurality of threats. The present technology may include determining a set of relevant threats for each of the identified vulnerabilities of the first component and calculating a risk of the first component based on the sets of the relevant threats.

公开(公告)号：US20200351295A1

公开(公告)日：2020-11-05

申请号：US16400517

申请日：2019-05-01

Applicant: Qatar University ,  Qatar Foundation for Education, Science and Community Development

Inventor： Armstrong Nhlabatsi ,  Jin Hong ,  Dong Seong Kim ,  Rachael Fernandez ,  Alaa Hussein ,  Noora Fetais ,  Khaled M. Khan

IPC: H04L29/06

Abstract: The presently disclosed technology provides a threat-specific network risk evaluation tailored to a client's security objectives. The present technology may include identifying a plurality of threats to a first component of a networked system and assigning a plurality of weighting values to the plurality of threats according to the client's security objectives. The present technology may include identifying a plurality of vulnerabilities of the first component and determining a set of relevant threats for the first vulnerability based on the nature of the vulnerability and the weighting values assigned to the plurality of threats. The set of relevant threats includes one or more of the plurality of threats. The present technology may include determining a set of relevant threats for each of the identified vulnerabilities of the first component and calculating a risk of the first component based on the sets of the relevant threats.