Publicação
On the Effects of Diversity on Intrusion Tolerance
| Resumo: | The security gains of intrusion-tolerant systems are directly dependent on the assumption that system components fail independently of one another. The coverage of this assumption in a real-world deployment depends on how diversity is employed, using, for example, diverse off-the-shelf components. In this paper we detail a study we have done with vulnerability data, reported in the period 1999 to 2007, which we extracted from the NIST National Vulnerability Database. We provide empirical analysis of the data collected as well as exploratory analyses of the potential gains in security from employing diverse operating systems. The modelling approaches presented are of practical significance to system designers wishing to employ diversity with off-the-shelf components since often the vulnerability reports are the only direct security evidence available to them |
|---|---|
| Autores principais: | Bessani, Alysson Neves |
| Outros Autores: | Obelheiro, Rafael R.; Sousa, Paulo; Gashi, Ilir |
| Assunto: | Diversity Intrusion Tolerance Byzantine Fault Tolerance Security |
| Ano: | 2008 |
| País: | Portugal |
| Tipo de documento: | relatório |
| Tipo de acesso: | acesso aberto |
| Instituição associada: | Universidade de Lisboa |
| Idioma: | português |
| Origem: | Repositório da Universidade de Lisboa |
| Resumo: | The security gains of intrusion-tolerant systems are directly dependent on the assumption that system components fail independently of one another. The coverage of this assumption in a real-world deployment depends on how diversity is employed, using, for example, diverse off-the-shelf components. In this paper we detail a study we have done with vulnerability data, reported in the period 1999 to 2007, which we extracted from the NIST National Vulnerability Database. We provide empirical analysis of the data collected as well as exploratory analyses of the potential gains in security from employing diverse operating systems. The modelling approaches presented are of practical significance to system designers wishing to employ diversity with off-the-shelf components since often the vulnerability reports are the only direct security evidence available to them |
|---|