System and method for reasoning about the optimality of a configuration parameter of a distributed system
Embodiments provide a system and method for reasoning about the optimality of a configuration parameter of a distributed system. During operation, the system obtains a multi-layer graph for a system with a plurality of components, wherein the multi-layer graph comprises a configuration subgraph, a vulnerability subgraph, and a dependency subgraph. The system determines, based on the multi-layer graph, constraint relationships associated with configuration parameters for the components, wherein the constraint relationships include security constraints and functionality constraints. The system computes an unsatisfiable core which comprises a set of mutually incompatible constraints. The system resolves, based on a strategy and over multiple iterations, the unsatisfiable core by analyzing one pair of mutually incompatible constraints per a respective iteration, to obtain a new unsatisfiable core which comprises a smaller number of mutually incompatible constraints than the computed unsatisfiable core or a previously computed unsatisfiable core from a most recent iteration.
- Research Organization:
- Palo Alto Research Center Incorporated, CA (United States)
- Sponsoring Organization:
- USDOE; Defense Advanced Research Projects Agency (DARPA)
- DOE Contract Number:
- FA8750-18-2-0147
- Assignee:
- Palo Alto Research Center Incorporated (Palo Alto, CA)
- Patent Number(s):
- 11,483,354
- Application Number:
- 16/923,763
- OSTI ID:
- 1986758
- Resource Relation:
- Patent File Date: 07/08/2020
- Country of Publication:
- United States
- Language:
- English
Information Handling System Performance Optimization System
|
patent-application | September 2013 |
Platform for Protecting Small and Medium Enterprises from Cyber Security Threats
|
patent-application | July 2017 |
Network Device Configuration Framework
|
patent-application | February 2016 |
Similar Records
Information processing systems, reasoning modules, and reasoning system design methods
Information processing systems, reasoning modules, and reasoning system design methods