• DocumentCode
    270592
  • Title

    A SAT-based autonomous strategy for security vulnerability management

  • Author

    Barrére, Martı́n ; Badonnel, Remi ; Festor, Olivier

  • Author_Institution
    LORIA, INRIA Nancy Grand Est, Nancy, France
  • fYear
    2014
  • fDate
    5-9 May 2014
  • Firstpage
    1
  • Lastpage
    9
  • Abstract
    Computer and network systems are consistently exposed to security threats, making their management even more complex. The management of known vulnerabilities plays a crucial role for ensuring their safe configurations and preventing security attacks. However, this activity should not generate new vulnerable states. In this paper we present a novel approach for autonomously assessing and remediating vulnerabilities. We describe a detailed mathematical model that supports this activity and we formalize the remediation decision process as a SAT problem. We present a framework that is able to assess OVAL vulnerability descriptions and perform corrective actions by using XCCDF-based descriptions of future machine states and the NETCONF protocol. We also provide details of our implementation and evaluate its feasibility through a comprehensive set of experiments.
  • Keywords
    computability; computer network security; protocols; NETCONF protocol; OVAL vulnerability descriptions; SAT-based autonomous strategy; XCCDF-based descriptions; computer systems; network systems; remediation decision process; satisfiability; security attacks preveniont; security threats; security vulnerability management; Complexity theory; Computers; Context; Mathematical model; Protocols; Security; Standards;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Network Operations and Management Symposium (NOMS), 2014 IEEE
  • Conference_Location
    Krakow
  • Type

    conf

  • DOI
    10.1109/NOMS.2014.6838309
  • Filename
    6838309
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=270592