Evaluating Security and Availability of Multiple Redundancy Designs when Applying Security Patches

Mengmeng Ge, Huy Kang Kim, Dong Seong Kim

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In most of modern enterprise systems, redundancy configuration is often considered to provide availability during the part of such systems is being patched. However, the redundancy may increase the attack surface of the system. In this paper, we model and assess the security and capacity oriented availability of multiple server redundancy designs when applying security patches to the servers. We construct (1) a graphical security model to evaluate the security under potential attacks before and after applying patches, (2) a stochastic reward net model to assess the capacity oriented availability of the system with a patch schedule. We present our approach based on case study and model-based evaluation for multiple design choices. The results show redundancy designs increase capacity oriented availability but decrease security when applying security patches. We define functions that compare values of security metrics and capacity oriented availability with the chosen upper/lower bounds to find design choices that satisfy both security and availability requirements.

Original languageEnglish
Title of host publicationProceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages53-60
Number of pages8
ISBN (Electronic)9781538622728
DOIs
Publication statusPublished - 2017 Aug 30
Event47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017 - Denver, United States
Duration: 2017 Jun 262017 Jun 29

Other

Other47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017
CountryUnited States
CityDenver
Period17/6/2617/6/29

Fingerprint

Redundancy
Availability
Servers
Industry

Keywords

  • Attack Graphs
  • Availability Models
  • Graphical Security Models
  • Redundancy
  • Security Analysis
  • Security Patches
  • Stochastic Reward Nets

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Safety, Risk, Reliability and Quality

Cite this

Ge, M., Kim, H. K., & Kim, D. S. (2017). Evaluating Security and Availability of Multiple Redundancy Designs when Applying Security Patches. In Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017 (pp. 53-60). [8023698] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/DSN-W.2017.37

Evaluating Security and Availability of Multiple Redundancy Designs when Applying Security Patches. / Ge, Mengmeng; Kim, Huy Kang; Kim, Dong Seong.

Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017. Institute of Electrical and Electronics Engineers Inc., 2017. p. 53-60 8023698.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Ge, M, Kim, HK & Kim, DS 2017, Evaluating Security and Availability of Multiple Redundancy Designs when Applying Security Patches. in Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017., 8023698, Institute of Electrical and Electronics Engineers Inc., pp. 53-60, 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017, Denver, United States, 17/6/26. https://doi.org/10.1109/DSN-W.2017.37
Ge M, Kim HK, Kim DS. Evaluating Security and Availability of Multiple Redundancy Designs when Applying Security Patches. In Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017. Institute of Electrical and Electronics Engineers Inc. 2017. p. 53-60. 8023698 https://doi.org/10.1109/DSN-W.2017.37
Ge, Mengmeng ; Kim, Huy Kang ; Kim, Dong Seong. / Evaluating Security and Availability of Multiple Redundancy Designs when Applying Security Patches. Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 53-60
@inproceedings{fb2115ef3fd54ea39b8755f69ed2314c,
title = "Evaluating Security and Availability of Multiple Redundancy Designs when Applying Security Patches",
abstract = "In most of modern enterprise systems, redundancy configuration is often considered to provide availability during the part of such systems is being patched. However, the redundancy may increase the attack surface of the system. In this paper, we model and assess the security and capacity oriented availability of multiple server redundancy designs when applying security patches to the servers. We construct (1) a graphical security model to evaluate the security under potential attacks before and after applying patches, (2) a stochastic reward net model to assess the capacity oriented availability of the system with a patch schedule. We present our approach based on case study and model-based evaluation for multiple design choices. The results show redundancy designs increase capacity oriented availability but decrease security when applying security patches. We define functions that compare values of security metrics and capacity oriented availability with the chosen upper/lower bounds to find design choices that satisfy both security and availability requirements.",
keywords = "Attack Graphs, Availability Models, Graphical Security Models, Redundancy, Security Analysis, Security Patches, Stochastic Reward Nets",
author = "Mengmeng Ge and Kim, {Huy Kang} and Kim, {Dong Seong}",
year = "2017",
month = "8",
day = "30",
doi = "10.1109/DSN-W.2017.37",
language = "English",
pages = "53--60",
booktitle = "Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - Evaluating Security and Availability of Multiple Redundancy Designs when Applying Security Patches

AU - Ge, Mengmeng

AU - Kim, Huy Kang

AU - Kim, Dong Seong

PY - 2017/8/30

Y1 - 2017/8/30

N2 - In most of modern enterprise systems, redundancy configuration is often considered to provide availability during the part of such systems is being patched. However, the redundancy may increase the attack surface of the system. In this paper, we model and assess the security and capacity oriented availability of multiple server redundancy designs when applying security patches to the servers. We construct (1) a graphical security model to evaluate the security under potential attacks before and after applying patches, (2) a stochastic reward net model to assess the capacity oriented availability of the system with a patch schedule. We present our approach based on case study and model-based evaluation for multiple design choices. The results show redundancy designs increase capacity oriented availability but decrease security when applying security patches. We define functions that compare values of security metrics and capacity oriented availability with the chosen upper/lower bounds to find design choices that satisfy both security and availability requirements.

AB - In most of modern enterprise systems, redundancy configuration is often considered to provide availability during the part of such systems is being patched. However, the redundancy may increase the attack surface of the system. In this paper, we model and assess the security and capacity oriented availability of multiple server redundancy designs when applying security patches to the servers. We construct (1) a graphical security model to evaluate the security under potential attacks before and after applying patches, (2) a stochastic reward net model to assess the capacity oriented availability of the system with a patch schedule. We present our approach based on case study and model-based evaluation for multiple design choices. The results show redundancy designs increase capacity oriented availability but decrease security when applying security patches. We define functions that compare values of security metrics and capacity oriented availability with the chosen upper/lower bounds to find design choices that satisfy both security and availability requirements.

KW - Attack Graphs

KW - Availability Models

KW - Graphical Security Models

KW - Redundancy

KW - Security Analysis

KW - Security Patches

KW - Stochastic Reward Nets

UR - http://www.scopus.com/inward/record.url?scp=85031750096&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85031750096&partnerID=8YFLogxK

U2 - 10.1109/DSN-W.2017.37

DO - 10.1109/DSN-W.2017.37

M3 - Conference contribution

SP - 53

EP - 60

BT - Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017

PB - Institute of Electrical and Electronics Engineers Inc.

ER -