Remediation graphs for security patch management

Abstract

Attackers are becoming pro ficient at reverse engineering sec urity patches and then creating worms or viruses that rapidly attack systems that have not applied the patches. Automated patch management systems are being developed to address this threat. A central function of a patch management system is to decide which patches to install on a computer and to determine the sequence of actions that will cause them to be installed. In this paper, we introduce the notion of a patch remediation graph that depicts ways in which a system can be patched so that the system eventually reaches a desired, secure state. We present a language for specifying patch dependencies, patch conflicts, and user preferences for patch configurations. We then present efficient algorithms that construct and analyze remediation graphs from cur rent com puter con figura t ions and various patch constra ints. Our analysis algorit hms use the graphs to compute maximal preferred configurations and sequences of patch actions that, if executed, will transition computers safely to those configurations. © 2004 by Springer Science+Business Media Dordrecht.