| CPC H04L 63/1433 (2013.01) [H04L 41/0816 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/1466 (2013.01)] | 20 Claims |
|
1. A computer-executable method, comprising:
determining a feature with one of an on value and an off value;
determining, in a graph which represents a system of components:
vulnerability nodes which represent known vulnerabilities to the system, wherein the feature enables one or more vulnerability nodes based on a respective probability that a respective vulnerability will be exploited; and
dependency nodes which represent the components of the system, wherein a respective vulnerability degrades a utility of one or more components based on an exposure factor, and wherein a respective component depends on zero or more other components based on a weight;
calculating, for a path in the graph to a first component, a loss of utility of a given dimension of multiple dimensions based on:
a combiner operator which takes a first set of inputs which represent a weighted probability that the given dimension is degraded; and
a logic operator which defines the first set of inputs based on at least a respective probability and a respective exposure factor;
aggregating calculated losses of utility for the components of the system for each combination of possible on/off values for one or more features, wherein a respective calculated loss of utility corresponds to a respective dimension of the multiple dimensions; and
selecting a first combination of the possible on/off values for the one or more features which results in a lowest loss of utility for the components.
|