Machine-Readable Security Playbooks and Orchestration

In order to defend against cyber threats, organizations must manually identify, create, and document actions for detection, protection, response, recovery, and remediation that form a security or course of action playbook. However, today, there is no standardized way to document and share these playbooks across organizational boundaries and technology solutions.

This research will focus on creating solutions addressing the aforementioned limitation, thus producing a machine readable technology (language) that will allow security playbooks to be shared in an automated fashion and most importantly consumed automatically. The underlying technology should be able to orchestrate / coordinate different cyber defense technologies, execute tasks to the appropriate technologies (actuators), author and validate playbooks, detect and report errors.

This research can accommodate more than one promising candidates. This is a work in progress from multiple organizations around the world that have as a common goal, automating security playbooks. Thus, the student (s) will have to join the CACAO technical committee ( https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=cacao ) under the OASIS Open, where UiO is a member.

The student may need to attend video meetings with the CACAO partners.

The supervision is a collaboration between the University of Oslo and Munich University of Applied Sciences.

For more information email -   vasileim [at] ifi [.] Uio [.] No

Publisert 20. aug. 2019 15:29 - Sist endret 3. okt. 2019 19:48