Evaluating Security and Availability of Multiple Redundancy Designs when Applying Security Patches
2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W)(2017)
摘要
In most of modern enterprise systems, redundancy configuration is often considered to provide availability during the part of such systems is being patched. However, the redundancy may increase the attack surface of the system. In this paper, we model and assess the security and capacity oriented availability of multiple server redundancy designs when applying security patches to the servers. We construct (1) a graphical security model to evaluate the security under potential attacks before and after applying patches, (2) a stochastic reward net model to assess the capacity oriented availability of the system with a patch schedule. We present our approach based on case study and model-based evaluation for multiple design choices. The results show redundancy designs increase capacity oriented availability but decrease security when applying security patches. We define functions that compare values of security metrics and capacity oriented availability with the chosen upper/lower bounds to find design choices that satisfy both security and availability requirements.
更多查看译文
关键词
Graphical Security Models,Attack Graphs,Availability Models,Stochastic Reward Nets,Security Analysis,Security Patches,Redundancy
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络