Designing and Implementing a Diversity Policy for Intrusion-Tolerant Systems
Summary :
Research on intrusion-tolerant systems (ITSs) is being conducted to protect critical systems which provide useful information services. To provide services reliably, these critical systems must not have even a single point of failure (SPOF). Therefore, most ITSs employ redundant components to eliminate the SPOF problem and improve system reliability. However, systems that include identical components have common vulnerabilities that can be exploited to attack the servers. Attackers prefer to exploit these common vulnerabilities rather than general vulnerabilities because the former might provide an opportunity to compromise several servers. In this study, we analyze software vulnerability data from the National Vulnerability Database (NVD). Based on the analysis results, we present a scheme that finds software combinations that minimize the risk of common vulnerabilities. We implement this scheme with CSIM20, and simulation results prove that the proposed scheme is appropriate for a recovery-based intrusion tolerant architecture.
- Publication
- IEICE TRANSACTIONS on Information Vol.E100-D No.1 pp.118-129
- Publication Date
- 2017/01/01
- Publicized
- 2016/09/29
- Online ISSN
- 1745-1361
- DOI
- 10.1587/transinf.2015EDP7478
- Type of Manuscript
- PAPER
- Category
- Dependable Computing
Authors
Seondong HEO
Korea Advanced Institute of Science and Technology
Soojin LEE
Korea National Defense University
Bumsoon JANG
Korea Advanced Institute of Science and Technology
Hyunsoo YOON
Korea Advanced Institute of Science and Technology
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Seondong HEO, Soojin LEE, Bumsoon JANG, Hyunsoo YOON, "Designing and Implementing a Diversity Policy for Intrusion-Tolerant Systems" in IEICE TRANSACTIONS on Information,
vol. E100-D, no. 1, pp. 118-129, January 2017, doi: 10.1587/transinf.2015EDP7478.
Abstract: Research on intrusion-tolerant systems (ITSs) is being conducted to protect critical systems which provide useful information services. To provide services reliably, these critical systems must not have even a single point of failure (SPOF). Therefore, most ITSs employ redundant components to eliminate the SPOF problem and improve system reliability. However, systems that include identical components have common vulnerabilities that can be exploited to attack the servers. Attackers prefer to exploit these common vulnerabilities rather than general vulnerabilities because the former might provide an opportunity to compromise several servers. In this study, we analyze software vulnerability data from the National Vulnerability Database (NVD). Based on the analysis results, we present a scheme that finds software combinations that minimize the risk of common vulnerabilities. We implement this scheme with CSIM20, and simulation results prove that the proposed scheme is appropriate for a recovery-based intrusion tolerant architecture.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2015EDP7478/_p
Copy
@ARTICLE{e100-d_1_118,
author={Seondong HEO, Soojin LEE, Bumsoon JANG, Hyunsoo YOON, },
journal={IEICE TRANSACTIONS on Information},
title={Designing and Implementing a Diversity Policy for Intrusion-Tolerant Systems},
year={2017},
volume={E100-D},
number={1},
pages={118-129},
abstract={Research on intrusion-tolerant systems (ITSs) is being conducted to protect critical systems which provide useful information services. To provide services reliably, these critical systems must not have even a single point of failure (SPOF). Therefore, most ITSs employ redundant components to eliminate the SPOF problem and improve system reliability. However, systems that include identical components have common vulnerabilities that can be exploited to attack the servers. Attackers prefer to exploit these common vulnerabilities rather than general vulnerabilities because the former might provide an opportunity to compromise several servers. In this study, we analyze software vulnerability data from the National Vulnerability Database (NVD). Based on the analysis results, we present a scheme that finds software combinations that minimize the risk of common vulnerabilities. We implement this scheme with CSIM20, and simulation results prove that the proposed scheme is appropriate for a recovery-based intrusion tolerant architecture.},
keywords={},
doi={10.1587/transinf.2015EDP7478},
ISSN={1745-1361},
month={January},}
Copy
TY - JOUR
TI - Designing and Implementing a Diversity Policy for Intrusion-Tolerant Systems
T2 - IEICE TRANSACTIONS on Information
SP - 118
EP - 129
AU - Seondong HEO
AU - Soojin LEE
AU - Bumsoon JANG
AU - Hyunsoo YOON
PY - 2017
DO - 10.1587/transinf.2015EDP7478
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E100-D
IS - 1
JA - IEICE TRANSACTIONS on Information
Y1 - January 2017
AB - Research on intrusion-tolerant systems (ITSs) is being conducted to protect critical systems which provide useful information services. To provide services reliably, these critical systems must not have even a single point of failure (SPOF). Therefore, most ITSs employ redundant components to eliminate the SPOF problem and improve system reliability. However, systems that include identical components have common vulnerabilities that can be exploited to attack the servers. Attackers prefer to exploit these common vulnerabilities rather than general vulnerabilities because the former might provide an opportunity to compromise several servers. In this study, we analyze software vulnerability data from the National Vulnerability Database (NVD). Based on the analysis results, we present a scheme that finds software combinations that minimize the risk of common vulnerabilities. We implement this scheme with CSIM20, and simulation results prove that the proposed scheme is appropriate for a recovery-based intrusion tolerant architecture.
ER -
English
