Ponencia
AMADEUS: Towards the AutoMAteD secUrity teSting
Autor/es | Varela Vaca, Ángel Jesús
Martínez Gasca, Rafael Carmona Fombella, José Antonio Gómez López, María Teresa |
Departamento | Universidad de Sevilla. Departamento de Lenguajes y Sistemas Informáticos |
Fecha de publicación | 2020 |
Fecha de depósito | 2022-10-24 |
Publicado en |
|
ISBN/ISSN | 978-1-4503-7569-6 |
Resumen | The proper configuration of systems has become a fundamental
factor to avoid cybersecurity risks. Thereby, the analysis of cyber security vulnerabilities is a mandatory task, but the number of vul nerabilities and system ... The proper configuration of systems has become a fundamental factor to avoid cybersecurity risks. Thereby, the analysis of cyber security vulnerabilities is a mandatory task, but the number of vul nerabilities and system configurations that can be threatened is ex tremely high. In this paper, we propose a method that uses software product line techniques to analyse the vulnerable configuration of the systems. We propose a solution, entitled AMADEUS, to enable and support the automatic analysis and testing of cybersecurity vulnerabilities of configuration systems based on feature models. AMADEUS is a holistic solution that is able to automate the analy sis of the specific infrastructures in the organisations, the existing vulnerabilities, and the possible configurations extracted from the vulnerability repositories. By using this information, AMADEUS generates automatically the feature models, that are used for rea soning capabilities to extract knowledge, such as to determine attack vectors with certain features. AMADEUS has been validated by demonstrating the capacities of feature models to support the threat scenario, in which a wide variety of vulnerabilities extracted from a real repository are involved. Furthermore, we open the door to new applications where software product line engineering and cybersecurity can be empowered. |
Agencias financiadoras | Ministerio de Ciencia, Innovación y Universidades (MICINN). España Junta de Andalucía |
Identificador del proyecto | RTI2018-094283-B-C33 (ECLIPSE)
P20-01224 (COPERNICA) US-1381375 (METAMORFOSIS) |
Cita | Varela Vaca, Á.J., Martínez Gasca, R., Carmona Fombella, J.A. y Gómez López, M.T. (2020). AMADEUS: Towards the AutoMAteD secUrity teSting. En SPLC 2020: 24th ACM Conference on Systems and Software Product Line Montreal, Quebec, Canada: ACM: Association for Computing Machinery. |
Ficheros | Tamaño | Formato | Ver | Descripción |
---|---|---|---|---|
AMADEUS towards the AutoMAteD ... | 1001.Kb | [PDF] | Ver/ | |