OS diversity for intrusion tolerance: Myth or reality?

One of the key benefits of using intrusion-tolerant systems is the possibility of ensuring correct behavior in the presence of attacks and intrusions. These security gains are directly dependent on the components exhibiting failure diversity. To what extent failure diversity is observed in practical deployment depends on how diverse are the components that constitute the system. In this paper we present a study with operating systems (OS) vulnerability data from the NIST National Vulnerability Database. We have analyzed the vulnerabilities of 11 different OSes over a period of roughly 15 years, to check how many of these vulnerabilities occur in more than one OS. We found this number to be low for several combinations of OSes. Hence, our analysis provides a strong indication that building a system with diverse OSes may be a useful technique to improve its intrusion tolerance capabilities

Why Cooperate? Ethical Analysis of InfoSec Vulnerability Disclosure

Vendors, security consultants and information security researchers seek guidance on if and when to disclose information about specific software or hardware security vulnerabilities. We apply Kantianism to argue that vendors and third parties (InfoSec researchers, consultants, and other interested parties) have an ethical obligation to inform customers and business partners (such as channel partners or providers of complementary products and services) about specific software vulnerabilities (thus addressing if disclosure should occur). We apply Utilitarianism to address the question of when disclosure should occur. By applying these two philosophical perspectives we conclude that to maximize social welfare, vendors should release software fixes as soon as possible, and third parties should adopt a coordinated disclosure policy to avoid placing customers and business partners at unnecessary risk

Markov Model of Cyber Attack Life Cycle Triggered by Software Vulnerability

Software vulnerability life cycles illustrate changes in detection processes of software vulnerabilities during using computer systems. Unfortunately, the detection can be made by cyber-adversaries and a discovered software vulnerability may be consequently exploited for their own purpose. The vulnerability may be exploited by cyber-criminals at any time while it is not patched. Cyber-attacks on organizations by exploring vulnerabilities are usually conducted through the processes divided into many stages. These cyber-attack processes in literature are called cyber-attack live cycles or cyber kill chains. The both type of cycles have their research reflection in literature but so far, they have been separately considered and modeled. This work addresses this deficiency by proposing a Markov model which combine a cyber-attack life cycle with an idea of software vulnerability life cycles. For modeling is applied homogeneous continuous time Markov chain theory

Markov Model of Cyber Attack Life Cycle Triggered by Software Vulnerability

Software vulnerability life cycles illustrate changes in detection processes of software vulnerabilities during using computer systems. Unfortunately, the detection can be made by cyber-adversaries and a discovered software vulnerability may be consequently exploited for their own purpose. The vulnerability may be exploited by cyber-criminals at any time while it is not patched. Cyber-attacks on organizations by exploring vulnerabilities are usually conducted through the processes divided into many stages. These cyber-attack processes in literature are called cyber-attack live cycles or cyber kill chains. The both type of cycles have their research reflection in literature but so far, they have been separately considered and modeled. This work addresses this deficiency by proposing a Markov model which combine a cyber-attack life cycle with an idea of software vulnerability life cycles. For modeling is applied homogeneous continuous time Markov chain theory

Forecasting number of vulnerabilities using long short-term neural memory network

Cyber-attacks are launched through the exploitation of some existing vulnerabilities in the software, hardware, system and/or network. Machine learning algorithms can be used to forecast the number of post release vulnerabilities. Traditional neural networks work like a black box approach; hence it is unclear how reasoning is used in utilizing past data points in inferring the subsequent data points. However, the long short-term memory network (LSTM), a variant of the recurrent neural network, is able to address this limitation by introducing a lot of loops in its network to retain and utilize past data points for future calculations. Moving on from the previous finding, we further enhance the results to predict the number of vulnerabilities by developing a time series-based sequential model using a long short-term memory neural network. Specifically, this study developed a supervised machine learning based on the non-linear sequential time series forecasting model with a long short-term memory neural network to predict the number of vulnerabilities for three vendors having the highest number of vulnerabilities published in the national vulnerability database (NVD), namely microsoft, IBM and oracle. Our proposed model outperforms the existing models with a prediction result root mean squared error (RMSE) of as low as 0.072

Cluster-based Vulnerability Assessment Applied to Operating Systems

Organizations face the issue of how to best allocate their security resources. Thus, they need an accurate method for assessing how many new vulnerabilities will be reported for the operating systems (OSs) they use in a given time period. Our approach consists of clustering vulnerabilities by leveraging the text information within vulnerability records, and then simulating the mean value function of vulnerabilities by relaxing the monotonic intensity function assumption, which is prevalent among the studies that use software reliability models (SRMs) and nonhomogeneous Poisson process (NHPP) in modeling. We applied our approach to the vulnerabilities of four OSs: Windows, Mac, IOS, and Linux. For the OSs analyzed in terms of curve fitting and prediction capability, our results, compared to a power-law model without clustering issued from a family of SRMs, are more accurate in all cases we analyzed

Cluster-based Vulnerability Assessment Applied to Operating Systems

Organizations face the issue of how to best allocate their security resources. Thus, they need an accurate method for assessing how many new vulnerabilities will be reported for the operating systems (OSs) they use in a given time period. Our approach consists of clustering vulnerabilities by leveraging the text information within vulnerability records, and then simulating the mean value function of vulnerabilities by relaxing the monotonic intensity function assumption, which is prevalent among the studies that use software reliability models (SRMs) and nonhomogeneous Poisson process (NHPP) in modeling. We applied our approach to the vulnerabilities of four OSs: Windows, Mac, IOS, and Linux. For the OSs analyzed in terms of curve fitting and prediction capability, our results, compared to a power-law model without clustering issued from a family of SRMs, are more accurate in all cases we analyzed