Visible to the public From Analyzing Operating System Vulnerabilities to Designing Multiversion Intrusion-Tolerant Architectures

TitleFrom Analyzing Operating System Vulnerabilities to Designing Multiversion Intrusion-Tolerant Architectures
Publication TypeJournal Article
Year of Publication2020
AuthorsGorbenko, Anatoliy, Romanovsky, Alexander, Tarasyuk, Olga, Biloborodov, Oleksandr
JournalIEEE Transactions on Reliability
Volume69
Pagination22—39
Date Publishedmar
ISSN1558-1721
Keywordscomposability, Computer architecture, Computer hacking, Databases, Days-of-grey-risk, diversity, forever-day vulnerabilities, intrusion tolerance, Metrics, Microsoft Windows, operating systems (OSs), pubcrawl, resilience, Resiliency, security, Vulnerability, vulnerability databases, vulnerability statistics, Windows Operating System Security
Abstract

This paper analyzes security problems of modern computer systems caused by vulnerabilities in their operating systems (OSs). Our scrutiny of widely used enterprise OSs focuses on their vulnerabilities by examining the statistical data available on how vulnerabilities in these systems are disclosed and eliminated, and by assessing their criticality. This is done by using statistics from both the National Vulnerabilities Database and the Common Vulnerabilities and Exposures System. The specific technical areas the paper covers are the quantitative assessment of forever-day vulnerabilities, estimation of days-of-grey-risk, the analysis of the vulnerabilities severity and their distributions by attack vector and impact on security properties. In addition, the study aims to explore those vulnerabilities that have been found across a diverse range of OSs. This leads us to analyzing how different intrusion-tolerant architectures deploying the OS diversity impact availability, integrity, and confidentiality.

URLhttps://ieeexplore.ieee.org/document/8662611/
DOI10.1109/TR.2019.2897248
Citation Keygorbenko_analyzing_2020