Extended Conference Paper
Analysis of operating system diversity for intrusion tolerance
Article first published online: 15 JAN 2013
Copyright © 2013 John Wiley & Sons, Ltd.
Software: Practice and Experience
Volume 44, Issue 6, pages 735–770, June 2014
How to Cite
Garcia, M., Bessani, A., Gashi, I., Neves, N. and Obelheiro, R. (2014), Analysis of operating system diversity for intrusion tolerance. Softw: Pract. Exper., 44: 735–770. doi: 10.1002/spe.2180
- Issue published online: 6 MAY 2014
- Article first published online: 15 JAN 2013
- Manuscript Revised: 18 DEC 2012
- Manuscript Accepted: 18 DEC 2012
- Manuscript Received: 28 JUL 2012
- intrusion tolerance;
- operating systems;
One of the key benefits of using intrusion-tolerant systems is the possibility of ensuring correct behavior in the presence of attacks and intrusions. These security gains are directly dependent on the components exhibiting failure diversity. To what extent failure diversity is observed in practical deployment depends on how diverse are the components that constitute the system. In this paper, we present a study with operating system's (OS's) vulnerability data from the NIST National Vulnerability Database (NVD). We have analyzed the vulnerabilities of 11 different OSs over a period of 18 years, to check how many of these vulnerabilities occur in more than one OS. We found this number to be low for several combinations of OSs. Hence, although there are a few caveats on the use of NVD data to support definitive conclusions, our analysis shows that by selecting appropriate OSs, one can preclude (or reduce substantially) common vulnerabilities from occurring in the replicas of the intrusion-tolerant system. Copyright © 2013 John Wiley & Sons, Ltd.