Toggle Main Menu Toggle Search

Open Access padlockePrints

From Analyzing Operating System Vulnerabilities to Designing Multiversion Intrusion-Tolerant Architectures

Lookup NU author(s): Dr Anatoliy Gorbenko, Professor Alexander RomanovskyORCiD

Downloads


Licence

This is the authors' accepted manuscript of an article that has been published in its final definitive form by Institute of Electrical and Electronics Engineers, 2020.

For re-use rights please refer to the publisher's terms and conditions.


Abstract

This paper analyses security problems of modern computer systems caused by vulnerabilities in their operating systems. Our scrutiny of widely used enterprise operating systems focuses on their vulnerabilities by examining the statistical data available on how vulnerabilities in these systems are disclosed and eliminated, and by assessing their criticality. This is done by using statistics from both the National Vulnerabilities database (NVD) and the Common Vulnerabilities and Exposures system (CVE). The specific technical areas the paper covers are the quantitative assessment of forever-day vulnerabilities, estimation of days-of-risk, the analysis of the vulnerabilities severity and their distributions by attack vector and impact on security properties. In addition, the study aims to explore those vulnerabilities that have been found across a diverse range of operating systems. This leads us to analysing how different intrusion-tolerance architectures deploying the operating system diversity impact availability, integrity and confidentiality.


Publication metadata

Author(s): Gorbenko A, Romanovsky A, Tarasyuk O, Biloborodov O

Publication type: Article

Publication status: Published

Journal: IEEE Transactions on Reliability

Year: 2020

Volume: 69

Issue: 1

Pages: 22-39

Print publication date: 02/03/2020

Online publication date: 07/03/2019

Acceptance date: 28/01/2019

Date deposited: 29/01/2019

ISSN (print): 0018-9529

ISSN (electronic): 1558-1721

Publisher: Institute of Electrical and Electronics Engineers

URL: https://doi.org/10.1109/TR.2019.2897248

DOI: 10.1109/TR.2019.2897248


Altmetrics

Altmetrics provided by Altmetric


Funding

Funder referenceFunder name
EPSRC

Share