Artículo
Feature models to boost the vulnerability management process
Autor/es | Varela Vaca, Ángel Jesús
Borrego Núñez, Diana Gómez López, María Teresa Martínez Gasca, Rafael Márquez Trujillo, Antonio Germán |
Departamento | Universidad de Sevilla. Departamento de Lenguajes y Sistemas Informáticos |
Fecha de publicación | 2022 |
Fecha de depósito | 2022-10-19 |
Publicado en |
|
Resumen | Vulnerability management is a critical and very challenging process that allows organisations to design a procedure to identify potential vulnerabilities, assess the level of risk, and define remediation mechanisms to ... Vulnerability management is a critical and very challenging process that allows organisations to design a procedure to identify potential vulnerabilities, assess the level of risk, and define remediation mechanisms to address threats. Thus, the large number of configuration options in systems makes it extremely difficult to identify which configurations are affected by vulnerabilities and even assess how systems may be affected. There are several repositories to store information on systems, software vulnerabilities, and exploits. However, they are largely scattered, offer different formats and information, and their use has limitations, complicating vulnerability management automation. For this reason, we introduce a discussion concerning modelling in vulnerability management and the proposal of feature models as a means to collect the variability of software and system configurations to facilitate the vulnerability management process. This paper presents AMADEUS-Exploit, a feature model-based solution that provides query and reasoning mechanisms that make it easier for vulnerability management experts. The power of AMADEUS-Exploit is shown and evaluated in three different ways: first, the solution is compared with other vulnerability management tools; second, the solution is faced with another in a complex scenario with 4,000 vulnerabilities and 700 exploits; and finally, our solution was used in a real project demonstrating the usability of reasoning operations to determine potential vulnerabilities. |
Agencias financiadoras | Junta de Andalucía Ministerio de Ciencia e Innovación (MICIN). España |
Identificador del proyecto | COPERNICA (P20-01224)
METAMORFOSIS (US-1381375) AETHER-US PID2020-112540RB-C44 |
Cita | Varela Vaca, Á.J., Borrego Núñez, D., Gómez López, M.T., Martínez Gasca, R. y Márquez Trujillo, A.G. (2022). Feature models to boost the vulnerability management process. Journal of Systems and Software, October 2022, art. nº111541, 1-55. https://doi.org/10.1016/j.jss.2022.111541. |
Ficheros | Tamaño | Formato | Ver | Descripción |
---|---|---|---|---|
Artículo Varela.pdf | 2.289Mb | [PDF] | Ver/ | |