Analysis of operating system diversity for intrusion tolerance

Garcia, Miguel; Bessani, Alysson; Gashi, Ilir; Neves, Nuno; Obelheiro, Rafael R.

doi:10.1002/spe.2180

Cited by 65 publications

(43 citation statements)

References 39 publications

(46 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Compared with a single version, for ( < 0.5 using three diverse versions reduces the probability of integrity breach but increases the probability of confidentiality breach: the well known, common trade-off between confidentiality and integrity. As may be expected by analogy with 2-out-of-3 voted systems, with q>0.5 diversity increases risk 7 .…”

Section: With Three Versions (One Per Channel)supporting

confidence: 52%

“…an early survey and references [3]; a more recent one in [7]). Apart from the various proposals of architectures using them (usually with limited and often simplistic modelling; see the discussion in [3]) there is empirical work on the effectiveness of diversity and defence in depth with specific products [8], [9], [7], [10] distribution of the number of flawed versions in the system is hypergeometric.…”

Section: ; > < ; ? mentioning

confidence: 99%

See 1 more Smart Citation

Diversity, Safety and Security in Embedded Systems: Modelling Adversary Effort and Supply Chain Risks

Gashi

Povyakalo

Strigini

2016

2016 12th European Dependable Computing Conference (EDCC)

Self Cite

View full text Add to dashboard Cite

Abstract-We present quantitative considerations for the design of redundancy and diversity in embedded systems with security requirements. The potential for malicious activity against these systems have complicated requirements and design choices. New design trade-offs have arisen besides those already familiar in this area: for instance, adding redundancy may increase the attack surface of a system and thus increase overall risk. Our case study concerns protecting redundant communications between a control system and its controlled physical system. We study the effects of using: (i) different encryption keys on replicated channels, and (ii) diverse encryption schemes and implementations. We consider two attack scenarios, with adversaries having access to (i) ways of reducing the search space in attacks using random searches for keys; or (ii) hidden major flaws in some crypto algorithm or implementation. Trade-offs between the requirements of integrity and confidentiality are found, but not in all cases. Simple models give useful design insights. In this system, we find that key diversity improves integrity without impairing confidentiality -no trade-offs arise between the two -and it can substantially increase adversary effort, but it will not remedy substantial weaknesses of the crypto system. Implementation diversity does involve design trade-offs between integrity and confidentiality, which we analyse, but turns out to be generally desirable for highly critical applications of the control system considered.

show abstract

Section: With Three Versions (One Per Channel)supporting

confidence: 52%

Section: ; > < ; ? mentioning

confidence: 99%

Diversity, Safety and Security in Embedded Systems: Modelling Adversary Effort and Supply Chain Risks

Gashi

Povyakalo

Strigini

2016

2016 12th European Dependable Computing Conference (EDCC)

Self Cite

View full text Add to dashboard Cite

show abstract

“…Interoperability can be leveraged to increase the diversity of the control platform element. Indeed, diversity increases the system robustness by reducing the probability of common faults, such as software faults [210].…”

Section: Eastbound and Westboundmentioning

confidence: 99%

“…If anything wrong happens with the network, operators should be able to safely figure out the root cause of the problem and put the network to work on a secure operation mode as fast as possible. Additionally, techniques to tolerate faults and intrusions, such as state machine replication [515], proactivereactive recovery [516], and diversity [210], can be added to control platforms for increasing the robustness and security properties by automatically masking and removing faults. Put differently, SDN controllers should be able to resist against different types of events (e.g., power outages, network disruption, communication failures, network partitioning) and attacks (e.g., DDoS, resource exhaustion) [357], [213].…”

Section: Flow Aggregationmentioning

confidence: 99%

Software-Defined Networking: A Comprehensive Survey

et al. 2015

View full text Add to dashboard Cite

Abstract-The Internet has led to the creation of a digital society, where (almost) everything is connected and is accessible from anywhere. However, despite their widespread adoption, traditional IP networks are complex and very hard to manage. It is both difficult to configure the network according to predefined policies, and to reconfigure it to respond to faults, load and changes. To make matters even more difficult, current networks are also vertically integrated: the control and data planes are bundled together. Software-Defined Networking (SDN) is an emerging paradigm that promises to change this state of affairs, by breaking vertical integration, separating the network's control logic from the underlying routers and switches, promoting (logical) centralization of network control, and introducing the ability to program the network. The separation of concerns introduced between the definition of network policies, their implementation in switching hardware, and the forwarding of traffic, is key to the desired flexibility: by breaking the network control problem into tractable pieces, SDN makes it easier to create and introduce new abstractions in networking, simplifying network management and facilitating network evolution.In this paper we present a comprehensive survey on SDN. We start by introducing the motivation for SDN, explain its main concepts and how it differs from traditional networking, its roots, and the standardization activities regarding this novel paradigm. Next, we present the key building blocks of an SDN infrastructure using a bottom-up, layered approach. We provide an in-depth analysis of the hardware infrastructure, southbound and northbound APIs, network virtualization layers, network operating systems (SDN controllers), network programming languages, and network applications. We also look at cross-layer problems such as debugging and troubleshooting. In an effort to anticipate the future evolution of this new paradigm, we discuss the main ongoing research efforts and challenges of SDN. In particular, we address the design of switches and control platforms -with a focus on aspects such as resiliency, scalability, performance, security and dependability -as well as new opportunities for carrier transport networks and cloud providers. Last but not least, we analyze the position of SDN as a key enabler of a software-defined environment.

show abstract

“…-phpBB (phpBB.com) -a widely used forum solution. Table I shows the total number of benign demands (crawling actions) and successful attacks 8 for each application. Each IDS inspected the same traffic for each application.…”

Section: Experimental Setup and Analysis Methodologymentioning

confidence: 99%

Diversity with intrusion detection systems: An empirical study

Algaith

Elia

Gashi

et al. 2017

2017 IEEE 16th International Symposium on Network Computing and Applications (NCA)

Self Cite

View full text Add to dashboard Cite

Abstract-Defence-in-depth is a term often used in security literature to denote architectures in which multiple security protection systems are deployed to defend the valuable assets of an organization (e.g. the data and the services). In this paper we present an approach for analysing defence-in-depth, and illustrate the use of the approach with an empirical study in which we have assessed the detection capabilities of intrusion detection systems when deployed in diverse, two-version, parallel defence-in-depth configurations. The configurations have been assessed in settings that favour detection of attacks (reducing false negatives), as well as settings that favour legitimate traffic (reducing false positives).

show abstract

Analysis of operating system diversity for intrusion tolerance

Cited by 65 publications

References 39 publications

Diversity, Safety and Security in Embedded Systems: Modelling Adversary Effort and Supply Chain Risks

Diversity, Safety and Security in Embedded Systems: Modelling Adversary Effort and Supply Chain Risks

Software-Defined Networking: A Comprehensive Survey

Diversity with intrusion detection systems: An empirical study

Contact Info

Product

Resources

About