Vulnerability management constitutes a crucial activity within autonomic networks and systems. Distributed vulnerabilities must be assessed over a consolidated view of the network in order to detect vulnerable states that may simultaneously involve two or more devices. In this work, we present a novel approach for describing and assessing distributed vulnerabilities in such self-governed environments. We put forward a mathematical construction for defining distributed vulnerabilities as well as an extension of the OVAL language called DOVAL for describing them. We then define a framework for assessing distributed vulnerabilities in autonomic environments that exploits the knowledge provided by such descriptions. We finally show the feasibility of our solution by analyzing the behavior of the proposed algorithms and strategies through a comprehensive set of experiments.
展开▼
