Abstract
This paper analyses security problems of modern computer systems caused by vulnerabilities in their operating systems. Our scrutiny of widely used enterprise operating systems focuses on their vulnerabilities by examining the statistical data available on how vulnerabilities in these systems are disclosed and eliminated, and by assessing their criticality. This is done by using statistics from both the National Vulnerabilities database (NVD) and the Common Vulnerabilities and Exposures system (CVE). The specific technical areas the paper covers are the quantitative assessment of forever-day vulnerabilities, estimation of days-of-grey-risk, the analysis of the vulnerabilities severity and their distributions by attack vector and impact on security properties. In addition, the study aims to explore those vulnerabilities that have been found across a diverse range of operating systems. This leads us to analysing how different intrusion-tolerant architectures deploying the operating system diversity impact availability, integrity and confidentiality.
More Information
Identification Number: | https://doi.org/10.1109/tr.2019.2897248 |
---|---|
Status: | Published |
Refereed: | Yes |
Publisher: | Institute of Electrical and Electronics Engineers |
Uncontrolled Keywords: | 0803 Computer Software, 0906 Electrical And Electronic Engineering, Operations Research, |
Depositing User (symplectic) | Deposited by Gorbenko, Anatoliy |
Date Deposited: | 14 Feb 2019 11:48 |
Last Modified: | 23 Feb 2022 10:57 |
Item Type: | Article |
Download
Note: this is the author's final manuscript and may differ from the published version which should be used for citation purposes.
| Preview
Export Citation
Explore Further
Read more research from the author(s):