Lookup NU author(s): Dr Anatoliy Gorbenko,
Professor Alexander Romanovsky
This is the authors' accepted manuscript of an article that has been published in its final definitive form by Institute of Electrical and Electronics Engineers, 2020.
For re-use rights please refer to the publisher's terms and conditions.
This paper analyses security problems of modern computer systems caused by vulnerabilities in their operating systems. Our scrutiny of widely used enterprise operating systems focuses on their vulnerabilities by examining the statistical data available on how vulnerabilities in these systems are disclosed and eliminated, and by assessing their criticality. This is done by using statistics from both the National Vulnerabilities database (NVD) and the Common Vulnerabilities and Exposures system (CVE). The specific technical areas the paper covers are the quantitative assessment of forever-day vulnerabilities, estimation of days-of-risk, the analysis of the vulnerabilities severity and their distributions by attack vector and impact on security properties. In addition, the study aims to explore those vulnerabilities that have been found across a diverse range of operating systems. This leads us to analysing how different intrusion-tolerance architectures deploying the operating system diversity impact availability, integrity and confidentiality.
Author(s): Gorbenko A, Romanovsky A, Tarasyuk O, Biloborodov O
Publication type: Article
Publication status: Published
Journal: IEEE Transactions on Reliability
Print publication date: 02/03/2020
Online publication date: 07/03/2019
Acceptance date: 28/01/2019
Date deposited: 29/01/2019
ISSN (print): 0018-9529
ISSN (electronic): 1558-1721
Publisher: Institute of Electrical and Electronics Engineers
Altmetrics provided by Altmetric