OS diversity for intrusion tolerance: Myth or reality?

Garcia, Miguel; Bessani, Alysson; Gashi, Ilir; Neves, Nuno; Obelheiro, Rafael R.

doi:10.1109/dsn.2011.5958251

Cited by 73 publications

(56 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Garcia et al carried out a study with OSs vulnerability data from the NVD [12]. The authors analyzed the vulnerabilities of 11 OSs to find the number of vulnerabilities that occur in more than one OS.…”

Section: Related Workmentioning

confidence: 99%

Designing and Implementing a Diversity Policy for Intrusion-Tolerant Systems

Heo

Lee

Jang

et al. 2017

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYResearch on intrusion-tolerant systems (ITSs) is being conducted to protect critical systems which provide useful information services. To provide services reliably, these critical systems must not have even a single point of failure (SPOF). Therefore, most ITSs employ redundant components to eliminate the SPOF problem and improve system reliability. However, systems that include identical components have common vulnerabilities that can be exploited to attack the servers. Attackers prefer to exploit these common vulnerabilities rather than general vulnerabilities because the former might provide an opportunity to compromise several servers. In this study, we analyze software vulnerability data from the National Vulnerability Database (NVD). Based on the analysis results, we present a scheme that finds software combinations that minimize the risk of common vulnerabilities. We implement this scheme with CSIM20, and simulation results prove that the proposed scheme is appropriate for a recovery-based intrusion tolerant architecture.

show abstract

Section: Related Workmentioning

confidence: 99%

Designing and Implementing a Diversity Policy for Intrusion-Tolerant Systems

Heo

Lee

Jang

et al. 2017

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

show abstract

“…We assume that at most f pf prefilters fail of a total of N pf = f pf + k (with k > 1), and that out of the N f = 3f f + 1 filters at most f f fail. To enforce this assumption it is necessary to ensure that firewall components fail independently, which typically can be achieved with good coverage if one employs diversity [15]. A failed pre-filter can for instance modify the received traffic or generate invalid messages that are given to the filtering stage.…”

Section: System Modelmentioning

confidence: 99%

An intrusion-tolerant firewall design for protecting SIEM systems

Garcia

Neves

Bessani

2013

2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop (DSN-W)

Self Cite

View full text Add to dashboard Cite

Abstract-Nowadays, organizations are resorting to Security Information and Event Management (SIEM) systems to monitor and manage their network infrastructures. SIEMs employ a data collection capability based on many sensors placed in critical points of the network, which forwards events to a core facility for processing and support different forms of analysis (e.g., report attacks in near real time, inventory management, risk assessment). In this paper, we will focus on the defense of the core facility components by presenting a new firewall design that is resilient to very harsh failure scenarios. In particular, it tolerates not only external attacks but also the intrusion of some of its components. The firewall employs a two level filtering scheme to increase performance and to allow for some flexibility on the selection of fault-tolerance mechanisms. The first filtering stage efficiently eliminates the most common forms of attacks, while the second stage supports application rules for a more sophisticated analysis of the traffic. The fault tolerance mechanisms are based on a detection and recovery approach for the first stage, while the second stage uses state machine replication and voting.

show abstract

“…Second, the network diversity metric is designed [5] based on the attacking effort and their effect on the relationship between the resources. Third, the complementary metric called probabilistic network diversity security metric is modeled [6] to reflect the average attacking effort. Finally, the highlighted three metrics are validated with the various simulations under different cases.…”

Section: Related Workmentioning

confidence: 99%

“…The evolution of target defense and diversity strategies in research studies rely on intuitive notions of diversity. Hence, the impact of network diversity on the security has received the limited attention [6] which is considered as the background of the proposed research. Our proposed research deals with the detection of intrusion attack in the eclipse database with the help of Ensemble Fuzzy Association (EFA) and Cuttle Fish Algorithm (CFA).…”

Section: Introductionmentioning

confidence: 99%

“…According to the recent evidence report such as modern malware exploits the multiple unknown vulnerabilities, equal treatment of unknown vulnerabilities is necessary to improve the resilience of network against the attacks. The dealing of unknown vulnerabilities is the challenging task and it is regarded as the zero-day attacks and the lack of information [6] introduces the difficulties in mitigation. The evolution of target defense and diversity strategies in research studies rely on intuitive notions of diversity.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Prevention of Zero Day Vulnerability in Network Using Ensemble Fuzzy Association and Cuttle Fish

Masthan¹,

R²

2017

IJCT

View full text Add to dashboard Cite

The data communication between different parts of the universe is managed by the computer networks and the Enterprise Information System (EIS) which rely on them. The privacy and security are the most important factor to be maintained in any network systems. This paper deals about the detection of intrusion attack in the eclipse database using Ensemble fuzzy association (EFA) and Cuttle Fish Algorithm (CFA). The proposed methodology creates a rule-based ensemble model for network diversity metric modeling for the efficient detection of zeroday attacks and to reduce the time consumption. The simulation result shows that the EFA and CFA having efficient detection rates as compared to the existing systems.

show abstract

OS diversity for intrusion tolerance: Myth or reality?

Cited by 73 publications

References 29 publications

Designing and Implementing a Diversity Policy for Intrusion-Tolerant Systems

Designing and Implementing a Diversity Policy for Intrusion-Tolerant Systems

An intrusion-tolerant firewall design for protecting SIEM systems

Prevention of Zero Day Vulnerability in Network Using Ensemble Fuzzy Association and Cuttle Fish

Contact Info

Product

Resources

About