File(s) under permanent embargo
Evaluating security and availability of multiple redundancy designs when applying security patches
Version 2 2024-06-13, 13:24Version 2 2024-06-13, 13:24
Version 1 2019-11-18, 11:45Version 1 2019-11-18, 11:45
conference contribution
posted on 2024-06-13, 13:24 authored by M Ge, HK Kim, DS Kim© 2017 IEEE. In most of modern enterprise systems, redundancy configuration is often considered to provide availability during the part of such systems is being patched. However, the redundancy may increase the attack surface of the system. In this paper, we model and assess the security and capacity oriented availability of multiple server redundancy designs when applying security patches to the servers. We construct (1) a graphical security model to evaluate the security under potential attacks before and after applying patches, (2) a stochastic reward net model to assess the capacity oriented availability of the system with a patch schedule. We present our approach based on case study and model-based evaluation for multiple design choices. The results show redundancy designs increase capacity oriented availability but decrease security when applying security patches. We define functions that compare values of security metrics and capacity oriented availability with the chosen upper/lower bounds to find design choices that satisfy both security and availability requirements.
History
Pagination
53-60Location
Denver, ColoradoPublisher DOI
Start date
2017-06-26End date
2017-06-29ISBN-13
9781538622728Language
engPublication classification
E1.1 Full written paper - refereedTitle of proceedings
DSN-W 2017 : Proceedings of the 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks WorkshopsEvent
Dependable Systems and Networks. Workshops (47th : 2017 : Denver, Colorado)Publisher
IEEEPlace of publication
Piscataway, N.J.Usage metrics
Categories
No categories selectedKeywords
Licence
Exports
RefWorksRefWorks
BibTeXBibTeX
Ref. managerRef. manager
EndnoteEndnote
DataCiteDataCite
NLMNLM
DCDC