A SAT-based Autonomous Strategy for Security Vulnerability Management
Abstract
Computer and network systems are continuously exposed to security threats, making their management even more complex. In that context, the management of known vulnerabilities plays a crucial role for ensuring their safe configurations and preventing security attacks. However, it should not generate new vulnerable states when operations are performed. In this paper we present a novel approach for autonomously assessing and remediating vulnerabilities. We describe a detailed mathematical model that supports this activity and we formalize the remediation decision process as a SAT problem. We present a framework able to assess OVAL vulnerability descriptions and perform corrective actions by using XCCDF-based descriptions of future machine states and the NETCONF protocol. We also provide details of our implementation and evaluate its feasibility through a comprehensive set of experiments.