The paper discusses a generic intrusion-avoidance architecture allowing the system architects to decrease the risk of intrusions. The architecture employs software diversity at various system levels and dynamically reconfigures the deployment environment to avoid intrusions. This solution reduces the so-called system’s days-of-risk which is a period of an increased security risk between the time when a vulnerability is publicly disclosed to the time when a patch is available to fix it. To select the less vulnerable system configuration we propose metrics estimating security risks by accounting a number of not-fixed vulnerabilities and their severity.
BT - Information & Security: An International Journal DA - 2012 DO - http://dx.doi.org/10.11610/isij.2813 IS - 1 LA - eng M1 - 13 N2 -The paper discusses a generic intrusion-avoidance architecture allowing the system architects to decrease the risk of intrusions. The architecture employs software diversity at various system levels and dynamically reconfigures the deployment environment to avoid intrusions. This solution reduces the so-called system’s days-of-risk which is a period of an increased security risk between the time when a vulnerability is publicly disclosed to the time when a patch is available to fix it. To select the less vulnerable system configuration we propose metrics estimating security risks by accounting a number of not-fixed vulnerabilities and their severity.
PY - 2012 SP - 154 EP - 158 T2 - Information & Security: An International Journal TI - Intrusion-Avoidance via System Diversity VL - 28 ER -