On the Effects of Diversity on Intrusion Tolerance
| Main Author: | |
|---|---|
| Publication Date: | 2008 |
| Other Authors: | , , |
| Format: | Report |
| Language: | por |
| Source: | Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) |
| Download full: | http://hdl.handle.net/10451/14137 |
Summary: | The security gains of intrusion-tolerant systems are directly dependent on the assumption that system components fail independently of one another. The coverage of this assumption in a real-world deployment depends on how diversity is employed, using, for example, diverse off-the-shelf components. In this paper we detail a study we have done with vulnerability data, reported in the period 1999 to 2007, which we extracted from the NIST National Vulnerability Database. We provide empirical analysis of the data collected as well as exploratory analyses of the potential gains in security from employing diverse operating systems. The modelling approaches presented are of practical significance to system designers wishing to employ diversity with off-the-shelf components since often the vulnerability reports are the only direct security evidence available to them |
| id |
RCAP_e1aed8636baf68041dbad0f45c17df0e |
|---|---|
| oai_identifier_str |
oai:repositorio.ulisboa.pt:10455/3032 |
| network_acronym_str |
RCAP |
| network_name_str |
Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) |
| repository_id_str |
https://opendoar.ac.uk/repository/7160 |
| spelling |
On the Effects of Diversity on Intrusion ToleranceDiversityIntrusion ToleranceByzantine Fault ToleranceSecurityThe security gains of intrusion-tolerant systems are directly dependent on the assumption that system components fail independently of one another. The coverage of this assumption in a real-world deployment depends on how diversity is employed, using, for example, diverse off-the-shelf components. In this paper we detail a study we have done with vulnerability data, reported in the period 1999 to 2007, which we extracted from the NIST National Vulnerability Database. We provide empirical analysis of the data collected as well as exploratory analyses of the potential gains in security from employing diverse operating systems. The modelling approaches presented are of practical significance to system designers wishing to employ diversity with off-the-shelf components since often the vulnerability reports are the only direct security evidence available to themDepartment of Informatics, University of LisbonRepositório da Universidade de LisboaBessani, Alysson NevesObelheiro, Rafael R.Sousa, PauloGashi, Ilir2009-02-10T13:12:01Z2008-122008-12-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/reportapplication/pdfhttp://hdl.handle.net/10451/14137porinfo:eu-repo/semantics/openAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2025-03-17T13:12:37Zoai:repositorio.ulisboa.pt:10455/3032Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-29T02:37:33.026448Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse |
| dc.title.none.fl_str_mv |
On the Effects of Diversity on Intrusion Tolerance |
| title |
On the Effects of Diversity on Intrusion Tolerance |
| spellingShingle |
On the Effects of Diversity on Intrusion Tolerance Bessani, Alysson Neves Diversity Intrusion Tolerance Byzantine Fault Tolerance Security |
| title_short |
On the Effects of Diversity on Intrusion Tolerance |
| title_full |
On the Effects of Diversity on Intrusion Tolerance |
| title_fullStr |
On the Effects of Diversity on Intrusion Tolerance |
| title_full_unstemmed |
On the Effects of Diversity on Intrusion Tolerance |
| title_sort |
On the Effects of Diversity on Intrusion Tolerance |
| author |
Bessani, Alysson Neves |
| author_facet |
Bessani, Alysson Neves Obelheiro, Rafael R. Sousa, Paulo Gashi, Ilir |
| author_role |
author |
| author2 |
Obelheiro, Rafael R. Sousa, Paulo Gashi, Ilir |
| author2_role |
author author author |
| dc.contributor.none.fl_str_mv |
Repositório da Universidade de Lisboa |
| dc.contributor.author.fl_str_mv |
Bessani, Alysson Neves Obelheiro, Rafael R. Sousa, Paulo Gashi, Ilir |
| dc.subject.por.fl_str_mv |
Diversity Intrusion Tolerance Byzantine Fault Tolerance Security |
| topic |
Diversity Intrusion Tolerance Byzantine Fault Tolerance Security |
| description |
The security gains of intrusion-tolerant systems are directly dependent on the assumption that system components fail independently of one another. The coverage of this assumption in a real-world deployment depends on how diversity is employed, using, for example, diverse off-the-shelf components. In this paper we detail a study we have done with vulnerability data, reported in the period 1999 to 2007, which we extracted from the NIST National Vulnerability Database. We provide empirical analysis of the data collected as well as exploratory analyses of the potential gains in security from employing diverse operating systems. The modelling approaches presented are of practical significance to system designers wishing to employ diversity with off-the-shelf components since often the vulnerability reports are the only direct security evidence available to them |
| publishDate |
2008 |
| dc.date.none.fl_str_mv |
2008-12 2008-12-01T00:00:00Z 2009-02-10T13:12:01Z |
| dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/report |
| format |
report |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10451/14137 |
| url |
http://hdl.handle.net/10451/14137 |
| dc.language.iso.fl_str_mv |
por |
| language |
por |
| dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
application/pdf |
| dc.publisher.none.fl_str_mv |
Department of Informatics, University of Lisbon |
| publisher.none.fl_str_mv |
Department of Informatics, University of Lisbon |
| dc.source.none.fl_str_mv |
reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia instacron:RCAAP |
| instname_str |
FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia |
| instacron_str |
RCAAP |
| institution |
RCAAP |
| reponame_str |
Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) |
| collection |
Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) |
| repository.name.fl_str_mv |
Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia |
| repository.mail.fl_str_mv |
info@rcaap.pt |
| _version_ |
1833601431485022208 |