Browse wiki

From Navigators

Jump to: navigation, search
Publication:Garcia msc11
Abstract One of the key benefits of using intrusion One of the key benefits of using intrusion-tolerant systems is the possibility of ensuring correct behavior in the presence of attacks and intrusions. These security gains are directly dependent on the components exhibiting failure diversity. To what extent failure diversity is observed in practical deployment depends on how diverse are the components that constitute the system. In this thesis we present a study with operating systems (OS) vulnerability reports from the NIST National Vulnerability Database. We have analyzed the vulnerabilities of 11 different OS over a period of roughly 15 years, to check how many of these vulnerabilities occur in more than one OS. We found this number to be low for several combinations of OS. Hence, our analysis provides a strong indication that building a system with diverse OS may be a useful technique to improve its intrusion tolerance capabilities. However, even with diversity the attacker eventually will find vulnerabilities in all OS replicas. To mitigate/eliminate this problem we introduce diverse proactive recovery on the replicas. Proactive recovery is a technique that periodically rejuvenates the components of a replicated system. When used in the context of intrusion-tolerant systems, in which faulty replicas may be under control of some malicious user, it allows the removal of intrusions from the compromised replicas. We propose that after each recovery a replica starts to run a different software. The selection of the new replica configuration is a non-trivial problem, as we will explain, since we would like to maxi\-mize the diversity of the system under the constraint of the available configurations. onstraint of the available configurations.
Advisor Alysson Bessani + , Nuno Ferreira Neves +
Author Miguel Garcia +
Document Document for Publication-garcia msc11.pdf +
Key Garcia msc11  +
Month sep  +
NumPubDate 2,011.09  +
ResearchLine Fault and Intrusion Tolerance in Open Distributed Systems (FIT) +
School Mestrado em Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa  +
Title Diversity Management in Intrusion Tolerant Systems  +
Type mastersthesis  +
Year 2011  +
Has improper value forThis property is a special property in this wiki. Url  +
Categories Publication  +
Modification dateThis property is a special property in this wiki. 2 October 2018 17:48:15  +
hide properties that link here 
  No properties link to this page.


Enter the name of the page to start browsing from.
Personal tools
Navigators toolbox