Evaluating Security and Availability of Multiple Redundancy Designs when Applying Security Patches

Mengmeng Ge; Huy Kang Kim; Dong Seong Kim

doi:10.1109/DSN-W.2017.37

Evaluating Security and Availability of Multiple Redundancy Designs when Applying Security Patches

Mengmeng Ge, Huy Kang Kim, Dong Seong Kim

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

7 Citations (Scopus)

Abstract

In most of modern enterprise systems, redundancy configuration is often considered to provide availability during the part of such systems is being patched. However, the redundancy may increase the attack surface of the system. In this paper, we model and assess the security and capacity oriented availability of multiple server redundancy designs when applying security patches to the servers. We construct (1) a graphical security model to evaluate the security under potential attacks before and after applying patches, (2) a stochastic reward net model to assess the capacity oriented availability of the system with a patch schedule. We present our approach based on case study and model-based evaluation for multiple design choices. The results show redundancy designs increase capacity oriented availability but decrease security when applying security patches. We define functions that compare values of security metrics and capacity oriented availability with the chosen upper/lower bounds to find design choices that satisfy both security and availability requirements.

Original language	English
Title of host publication	Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	53-60
Number of pages	8
ISBN (Electronic)	9781538622728
DOIs	https://doi.org/10.1109/DSN-W.2017.37
Publication status	Published - 2017 Aug 30
Event	47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017 - Denver, United States Duration: 2017 Jun 26 → 2017 Jun 29

Other

Other	47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017
Country/Territory	United States
City	Denver
Period	17/6/26 → 17/6/29

Keywords

Attack Graphs
Availability Models
Graphical Security Models
Redundancy
Security Analysis
Security Patches
Stochastic Reward Nets

ASJC Scopus subject areas

Computer Networks and Communications
Hardware and Architecture
Safety, Risk, Reliability and Quality

Access to Document

10.1109/DSN-W.2017.37

Cite this

Ge, M., Kim, H. K., & Kim, D. S. (2017). Evaluating Security and Availability of Multiple Redundancy Designs when Applying Security Patches. In Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017 (pp. 53-60). Article 8023698 Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/DSN-W.2017.37

Evaluating Security and Availability of Multiple Redundancy Designs when Applying Security Patches. / Ge, Mengmeng; Kim, Huy Kang; Kim, Dong Seong.
Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017. Institute of Electrical and Electronics Engineers Inc., 2017. p. 53-60 8023698.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Ge, M, Kim, HK & Kim, DS 2017, Evaluating Security and Availability of Multiple Redundancy Designs when Applying Security Patches. in Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017., 8023698, Institute of Electrical and Electronics Engineers Inc., pp. 53-60, 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017, Denver, United States, 17/6/26. https://doi.org/10.1109/DSN-W.2017.37

@inproceedings{fb2115ef3fd54ea39b8755f69ed2314c,

title = "Evaluating Security and Availability of Multiple Redundancy Designs when Applying Security Patches",

abstract = "In most of modern enterprise systems, redundancy configuration is often considered to provide availability during the part of such systems is being patched. However, the redundancy may increase the attack surface of the system. In this paper, we model and assess the security and capacity oriented availability of multiple server redundancy designs when applying security patches to the servers. We construct (1) a graphical security model to evaluate the security under potential attacks before and after applying patches, (2) a stochastic reward net model to assess the capacity oriented availability of the system with a patch schedule. We present our approach based on case study and model-based evaluation for multiple design choices. The results show redundancy designs increase capacity oriented availability but decrease security when applying security patches. We define functions that compare values of security metrics and capacity oriented availability with the chosen upper/lower bounds to find design choices that satisfy both security and availability requirements.",

keywords = "Attack Graphs, Availability Models, Graphical Security Models, Redundancy, Security Analysis, Security Patches, Stochastic Reward Nets",

author = "Mengmeng Ge and Kim, {Huy Kang} and Kim, {Dong Seong}",

year = "2017",

month = aug,

day = "30",

doi = "10.1109/DSN-W.2017.37",

language = "English",

pages = "53--60",

booktitle = "Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

note = "47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017 ; Conference date: 26-06-2017 Through 29-06-2017",

}

TY - GEN

T1 - Evaluating Security and Availability of Multiple Redundancy Designs when Applying Security Patches

AU - Ge, Mengmeng

AU - Kim, Huy Kang

AU - Kim, Dong Seong

PY - 2017/8/30

Y1 - 2017/8/30

N2 - In most of modern enterprise systems, redundancy configuration is often considered to provide availability during the part of such systems is being patched. However, the redundancy may increase the attack surface of the system. In this paper, we model and assess the security and capacity oriented availability of multiple server redundancy designs when applying security patches to the servers. We construct (1) a graphical security model to evaluate the security under potential attacks before and after applying patches, (2) a stochastic reward net model to assess the capacity oriented availability of the system with a patch schedule. We present our approach based on case study and model-based evaluation for multiple design choices. The results show redundancy designs increase capacity oriented availability but decrease security when applying security patches. We define functions that compare values of security metrics and capacity oriented availability with the chosen upper/lower bounds to find design choices that satisfy both security and availability requirements.

AB - In most of modern enterprise systems, redundancy configuration is often considered to provide availability during the part of such systems is being patched. However, the redundancy may increase the attack surface of the system. In this paper, we model and assess the security and capacity oriented availability of multiple server redundancy designs when applying security patches to the servers. We construct (1) a graphical security model to evaluate the security under potential attacks before and after applying patches, (2) a stochastic reward net model to assess the capacity oriented availability of the system with a patch schedule. We present our approach based on case study and model-based evaluation for multiple design choices. The results show redundancy designs increase capacity oriented availability but decrease security when applying security patches. We define functions that compare values of security metrics and capacity oriented availability with the chosen upper/lower bounds to find design choices that satisfy both security and availability requirements.

KW - Attack Graphs

KW - Availability Models

KW - Graphical Security Models

KW - Redundancy

KW - Security Analysis

KW - Security Patches

KW - Stochastic Reward Nets

UR - http://www.scopus.com/inward/record.url?scp=85031750096&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85031750096&partnerID=8YFLogxK

U2 - 10.1109/DSN-W.2017.37

DO - 10.1109/DSN-W.2017.37

M3 - Conference contribution

AN - SCOPUS:85031750096

SP - 53

EP - 60

BT - Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017

Y2 - 26 June 2017 through 29 June 2017

ER -

Evaluating Security and Availability of Multiple Redundancy Designs when Applying Security Patches

Abstract

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this