Title | A Pull-Type Security Patch Management of an Intrusion Tolerant System Under a Periodic Vulnerability Checking Strategy |
Publication Type | Conference Paper |
Year of Publication | 2018 |
Authors | Zheng, Junjun, Okamura, Hiroyuki, Dohi, Tadashi |
Conference Name | 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC) |
Date Published | jul |
Keywords | composability, composite stochastic reward net, Computer architecture, computer security, interval availability, intrusion tolerance, Intrusion tolerance system, intrusion tolerant system, maintenance engineering, Markov processes, Markov regenerative process models, periodic vulnerability checking strategy, phase-type approximation, phase-type approximation., pubcrawl, pull-type patch management, pull-type security patch management, reactive defense strategies, Resiliency, security of data, security patch management, Servers, stochastic model, stochastic reward net, System Availability, vulnerability checking |
Abstract | In this paper, we consider a stochastic model to evaluate the system availability of an intrusion tolerant system (ITS), where the system undergoes the patch management with a periodic vulnerability checking strategy, i.e., a pull-type patch management. Based on the model, this paper discusses the appropriate timing for patch applying. In particular, the paper models the attack behavior of adversary and the system behaviors under reactive defense strategies by a composite stochastic reward net (SRN). Furthermore, we formulate the interval availability by applying the phase-type (PH) approximation to solve the Markov regenerative process (MRGP) models derived from the SRNs. Numerical experiments are conducted to study the sensitivity of the system availability with respect to the number of checking. |
DOI | 10.1109/COMPSAC.2018.00095 |
Citation Key | zheng_pull-type_2018 |