Computer systems security management can be largely improved by the installation of mechanisms for automatic discovery of complex attacks due to system vulnerabilities and middleware misconfigurations. The aim of this paper is to propose a new formal technique for modeling computer system vulnerabilities and automatic generation of attack scenarios exploiting these vulnerabilities.