“Diversity Management in Intrusion Tolerant Systems”

From Navigators

(Difference between revisions)
Jump to: navigation, search
(Created page with "{{Publication |type=mastersthesis |document=Document for Publication-garcia msc11.pdf |title=Diversity Management in Intrusion Tolerant Systems |author=Miguel Garcia Tavares Henr...")
 
(One intermediate revision not shown)
Line 3: Line 3:
|document=Document for Publication-garcia msc11.pdf
|document=Document for Publication-garcia msc11.pdf
|title=Diversity Management in Intrusion Tolerant Systems
|title=Diversity Management in Intrusion Tolerant Systems
-
|author=Miguel Garcia Tavares Henriques
+
|author=Miguel Garcia,
 +
|ResearchLine=Fault and Intrusion Tolerance in Open Distributed Systems (FIT)
|month=sep
|month=sep
|year=2011
|year=2011
Line 10: Line 11:
When used in the context of intrusion-tolerant systems, in which faulty replicas may be under control of some malicious user, it allows the removal of intrusions from the compromised replicas. We propose that after each recovery a replica starts to run a different software.
When used in the context of intrusion-tolerant systems, in which faulty replicas may be under control of some malicious user, it allows the removal of intrusions from the compromised replicas. We propose that after each recovery a replica starts to run a different software.
The selection of the new replica configuration is a non-trivial problem, as we will explain, since we would like to maxi\-mize the diversity of the system under the constraint of the available configurations.
The selection of the new replica configuration is a non-trivial problem, as we will explain, since we would like to maxi\-mize the diversity of the system under the constraint of the available configurations.
-
|school=Faculty of Sciences, University of Lisbon
+
|school=Mestrado em Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa
-
|advisor=Alysson Bessani, Nuno Ferreira Neves,  
+
|advisor=Alysson Bessani, Nuno Ferreira Neves,
}}
}}

Latest revision as of 17:48, 2 October 2018

Miguel Garcia (advised by Alysson Bessani, Nuno Ferreira Neves)

Master’s thesis, Mestrado em Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, Sept. 2011

Abstract: One of the key benefits of using intrusion-tolerant systems is the possibility of ensuring correct behavior in the presence of attacks and intrusions. These security gains are directly dependent on the components exhibiting failure diversity. To what extent failure diversity is observed in practical deployment depends on how diverse are the components that constitute the system. In this thesis we present a study with operating systems (OS) vulnerability reports from the NIST National Vulnerability Database. We have analyzed the vulnerabilities of 11 different OS over a period of roughly 15 years, to check how many of these vulnerabilities occur in more than one OS. We found this number to be low for several combinations of OS. Hence, our analysis provides a strong indication that building a system with diverse OS may be a useful technique to improve its intrusion tolerance capabilities. However, even with diversity the attacker eventually will find vulnerabilities in all OS replicas. To mitigate/eliminate this problem we introduce diverse proactive recovery on the replicas. Proactive recovery is a technique that periodically rejuvenates the components of a replicated system. When used in the context of intrusion-tolerant systems, in which faulty replicas may be under control of some malicious user, it allows the removal of intrusions from the compromised replicas. We propose that after each recovery a replica starts to run a different software. The selection of the new replica configuration is a non-trivial problem, as we will explain, since we would like to maxi\-mize the diversity of the system under the constraint of the available configurations.

Download paper

Download Diversity Management in Intrusion Tolerant Systems

Export citation

BibTeX

Project(s):

Research line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)

Personal tools
Navigators toolbox