The proper configuration of systems has become a fundamental
factor to avoid cybersecurity risks. Thereby, the analysis of cyber security vulnerabilities is a mandatory task, but the number of vul nerabilities and system configurations that can be threatened is ex tremely high. In this paper, we propose a method that uses software
product line techniques to analyse the vulnerable configuration of
the systems. We propose a solution, entitled AMADEUS, to enable
and support the automatic analysis and testing of cybersecurity
vulnerabilities of configuration systems based on feature models.
AMADEUS is a holistic solution that is able to automate the analy sis of the specific infrastructures in the organisations, the existing
vulnerabilities, and the possible configurations extracted from the
vulnerability repositories. By using this information, AMADEUS
generates automatically the feature models, that are used for rea soning capabilities to extract knowledge, such as to determine
attack vectors with certain features. AMADEUS has been validated
by demonstrating the capacities of feature models to support the
threat scenario, in which a wide variety of vulnerabilities extracted
from a real repository are involved. Furthermore, we open the door
to new applications where software product line engineering and
cybersecurity can be empowered.Ministerio de Ciencia, Innovación y Universidades RTI2018-094283-B-C33 (ECLIPSE)Junta de Andalucía P20-01224 (COPERNICA)Junta de Andalucía US-1381375 (METAMORFOSIS