01200nas a2200241 4500000000100000000000100001000000100002008004100003260000900044653001400053653002400067653000900091653001300100653001800113100002200131700002600153700001800179700002500197245004500222300001200267490000700279520067200286 2012 d c201210adiversity10aintrusion avoidance10aRisk10asecurity10avulnerability1 aAnatoliy Gorbenko1 aVyacheslav Kharchenko1 aOlga Tarasyuk1 aAlexander Romanovsky00aIntrusion-Avoidance via System Diversity a154-1580 v283 a
The paper discusses a generic intrusion-avoidance architecture allowing the system architects to decrease the risk of intrusions. The architecture employs software diversity at various system levels and dynamically reconfigures the deployment environment to avoid intrusions. This solution reduces the so-called system’s days-of-risk which is a period of an increased security risk between the time when a vulnerability is publicly disclosed to the time when a patch is available to fix it. To select the less vulnerable system configuration we propose metrics estimating security risks by accounting a number of not-fixed vulnerabilities and their severity.