Deakin University
Browse

File(s) under permanent embargo

Evaluating security and availability of multiple redundancy designs when applying security patches

conference contribution
posted on 2017-01-01, 00:00 authored by Mengmeng Ge, H K Kim, D S Kim
© 2017 IEEE. In most of modern enterprise systems, redundancy configuration is often considered to provide availability during the part of such systems is being patched. However, the redundancy may increase the attack surface of the system. In this paper, we model and assess the security and capacity oriented availability of multiple server redundancy designs when applying security patches to the servers. We construct (1) a graphical security model to evaluate the security under potential attacks before and after applying patches, (2) a stochastic reward net model to assess the capacity oriented availability of the system with a patch schedule. We present our approach based on case study and model-based evaluation for multiple design choices. The results show redundancy designs increase capacity oriented availability but decrease security when applying security patches. We define functions that compare values of security metrics and capacity oriented availability with the chosen upper/lower bounds to find design choices that satisfy both security and availability requirements.

History

Event

Dependable Systems and Networks. Workshops (47th : 2017 : Denver, Colorado)

Pagination

53 - 60

Publisher

IEEE

Location

Denver, Colorado

Place of publication

Piscataway, N.J.

Start date

2017-06-26

End date

2017-06-29

ISBN-13

9781538622728

Language

eng

Publication classification

E1.1 Full written paper - refereed

Title of proceedings

DSN-W 2017 : Proceedings of the 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops

Usage metrics

    Research Publications

    Categories

    No categories selected

    Keywords

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC