From Analyzing Operating System Vulnerabilities to Designing Multiversion Intrusion-Tolerant Architectures
Title | From Analyzing Operating System Vulnerabilities to Designing Multiversion Intrusion-Tolerant Architectures |
Publication Type | Journal Article |
Year of Publication | 2020 |
Authors | Gorbenko, Anatoliy, Romanovsky, Alexander, Tarasyuk, Olga, Biloborodov, Oleksandr |
Journal | IEEE Transactions on Reliability |
Volume | 69 |
Pagination | 22—39 |
Date Published | March 2020 |
ISSN | 1558-1721 |
Keywords | composability, Computer architecture, Computer hacking, Databases, Days-of-grey-risk, diversity, forever-day vulnerabilities, intrusion tolerance, Metrics, Microsoft Windows, operating systems (OSs), pubcrawl, resilience, Resiliency, security, Vulnerability, vulnerability databases, vulnerability statistics, Windows Operating System Security |
Abstract | This paper analyzes security problems of modern computer systems caused by vulnerabilities in their operating systems (OSs). Our scrutiny of widely used enterprise OSs focuses on their vulnerabilities by examining the statistical data available on how vulnerabilities in these systems are disclosed and eliminated, and by assessing their criticality. This is done by using statistics from both the National Vulnerabilities Database and the Common Vulnerabilities and Exposures System. The specific technical areas the paper covers are the quantitative assessment of forever-day vulnerabilities, estimation of days-of-grey-risk, the analysis of the vulnerabilities severity and their distributions by attack vector and impact on security properties. In addition, the study aims to explore those vulnerabilities that have been found across a diverse range of OSs. This leads us to analyzing how different intrusion-tolerant architectures deploying the OS diversity impact availability, integrity, and confidentiality. |
URL | https://ieeexplore.ieee.org/document/8662611/ |
DOI | 10.1109/TR.2019.2897248 |
Citation Key | gorbenko_analyzing_2020 |
- microsoft windows
- Windows Operating System Security
- vulnerability statistics
- vulnerability databases
- Vulnerability
- security
- Resiliency
- resilience
- pubcrawl
- operating systems (OSs)
- intrusion tolerance
- Metrics
- forever-day vulnerabilities
- diversity
- Days-of-grey-risk
- Databases
- Computer hacking
- computer architecture
- composability