Analysis of OS Diversity for Intrusion Tolerance
نویسندگان
چکیده
One of the key benefits of using intrusion-tolerant systems is the possibility of ensuring correct behavior in the presence of attacks and intrusions. These security gains are directly dependent on the components exhibiting failure diversity. To what extent failure diversity is observed in practical deployment depends on how diverse are the components that constitute the system. In this paper we present a study with operating systems (OS) vulnerability data from the NIST National Vulnerability Database (NVD). We have analyzed the vulnerabilities of 11 different OSes over a period of 18 years, to check how many of these vulnerabilities occur in more than one OS. We found this number to be low for several combinations of OSes. Hence, although there are a few caveats on the use of NVD data to support definitive conclusions, our analysis shows that by selecting appropriate OSes one can preclude (or reduce substantially) common vulnerabilities from occurring in the replicas of the intrusion-tolerant system. Copyright c © 2012 John Wiley & Sons, Ltd.
منابع مشابه
Diverse OS Rejuvenation for Intrusion Tolerance
Proactive recovery is technique that periodically rejuvenates the components of a replicated system. When used in the context of intrusion-tolerant systems, in which faulty replicas may be under control of some adversary, it allows the removal of intrusions from the compromised replicas. However, since the set of vulnerabilities remains the same, the adversary can take advantage of the previous...
متن کاملAnalysis of operating system diversity for intrusion tolerance
One of the key benefits of using intrusion-tolerant systems is the possibility of ensuring correct behavior in the presence of attacks and intrusions. These security gains are directly dependent on the components exhibiting failure diversity. To what extent failure diversity is observed in practical deployment depends on how diverse are the components that constitute the system. In this paper, ...
متن کاملExperiments on COTS Diversity as an Intrusion Detection and Tolerance Mechanism
COTS (Components-Off-The-Shelf) diversity has been proposed by many recent projects to ensure intrusion detection and tolerance. However using COTS in a N-version architecture presents some drawbacks, especially in intrusion detection, which have consequences on intrusion tolerance. COTS Diversity is prone to raise many false positives (false alerts). In this article, we explain what a COTS Div...
متن کاملHow Practical are Intrusion-Tolerant Distributed Systems?
Building secure, inviolable systems using traditional mechanisms is becoming increasingly an unattainable goal. The recognition of this fact has fostered the interest in alternative approaches to security such as intrusion tolerance, which applies fault tolerance concepts and techniques to security problems. Albeit this area is quite promising, intrusion-tolerant distributed systems typically r...
متن کاملAssessing genetic diversity of promising wheat (Triticum aestivum L.) lines using microsatellite markers linked with salinity tolerance
Narrow genetic variability may lead to genetic vulnerability of field crops against biotic and abiotic stresses which can cause yield reduction. In this study a set of 37 wheat microsatellite markers linked with identified QTLs for salinity tolerance were used for the assessment of genetic diversity for salinity in 30 promising lines of hexaploid bread wheat (Triticum aestivum L.). A total of 4...
متن کامل