Visible to the public Security Evaluation of a VM-Based Intrusion-Tolerant System with Pull-Type Patch Management

TitleSecurity Evaluation of a VM-Based Intrusion-Tolerant System with Pull-Type Patch Management
Publication TypeConference Paper
Year of Publication2019
AuthorsZheng, Junjun, Okamura, Hiroyuki, Dohi, Tadashi
Conference Name2019 IEEE 19th International Symposium on High Assurance Systems Engineering (HASE)
Keywordsattack behavior, composability, composite stochastic reward net model, Computational modeling, computer security, computer systems, defense behaviors, interval availability, intrusion tolerance, malicious attack, Markov processes, Markov regenerative process, periodic vulnerability checking strategy, phase expansion, point-wise availability, pubcrawl, pull-type patch management, push-type patch management, Resiliency, Scalability, security breaches, security evaluation, security of data, security patch, security patch management, security threats, Servers, Software, software assurance, software vulnerabilities, stochastic reward net, system security, virtual machine, virtual machine based intrusion tolerant system, virtual machines, VM-based intrusion-tolerant system

Computer security has gained more and more attention in a public over the last years, since computer systems are suffering from significant and increasing security threats that cause security breaches by exploiting software vulnerabilities. The most efficient way to ensure the system security is to patch the vulnerable system before a malicious attack occurs. Besides the commonly-used push-type patch management, the pull-type patch management is also adopted. The main issues in the pull-type patch management are two-fold; when to check the vulnerability information and when to apply a patch? This paper considers the security patch management for a virtual machine (VM) based intrusion tolerant system (ITS), where the system undergoes the patch management with a periodic vulnerability checking strategy, and evaluates the system security from the availability aspect. A composite stochastic reward net (SRN) model is applied to capture the attack behavior of adversary and the defense behaviors of system. Two availability measures; interval availability and point-wise availability are formulated to quantify the system security via phase expansion. The proposed approach and metrics not only enable us to quantitatively assess the system security, but also provide insights on the patch management. In numerical experiments, we evaluate effects of the intrusion rate and the number of vulnerability checking on the system security.

Citation Keyzheng_security_2019