OS diversity for intrusion tolerance: Myth or reality?
Garcia, M., Bessani, A. N., Gashi, I. , Neves, N. & Obelheiro, R. R. (2011). OS diversity for intrusion tolerance: Myth or reality? In: Proceedings of the International Conference on Dependable Systems and Networks. 41st International Conference on Dependable Systems & Networks (DSN), 27 - 30 Jun 2011, Hong Kong.
Abstract
One of the key benefits of using intrusion-tolerant systems is the possibility of ensuring correct behavior in the presence of attacks and intrusions. These security gains are directly dependent on the components exhibiting failure diversity. To what extent failure diversity is observed in practical deployment depends on how diverse are the components that constitute the system. In this paper we present a study with operating systems (OS) vulnerability data from the NIST National Vulnerability Database. We have analyzed the vulnerabilities of 11 different OSes over a period of roughly 15 years, to check how many of these vulnerabilities occur in more than one OS. We found this number to be low for several combinations of OSes. Hence, our analysis provides a strong indication that building a system with diverse OSes may be a useful technique to improve its intrusion tolerance capabilities.
Publication Type: | Conference or Workshop Item (Paper) |
---|---|
Additional Information: | © 2011 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works. |
Subjects: | Q Science > QA Mathematics > QA76 Computer software |
Departments: | School of Science & Technology > Computer Science > Software Reliability |