Evaluating Security and Availability of Multiple Redundancy Designs when Applying Security Patches
This addresses the problem of balancing security and availability for enterprise system administrators, but it is incremental as it applies existing modeling techniques to a specific scenario.
The paper tackled the trade-off between security and availability in server redundancy designs during patch application, finding that redundancy increases capacity-oriented availability but decreases security.
In most of modern enterprise systems, redundancy configuration is often considered to provide availability during the part of such systems is being patched. However, the redundancy may increase the attack surface of the system. In this paper, we model and assess the security and capacity oriented availability of multiple server redundancy designs when applying security patches to the servers. We construct (1) a graphical security model to evaluate the security under potential attacks before and after applying patches, (2) a stochastic reward net model to assess the capacity oriented availability of the system with a patch schedule. We present our approach based on case study and model-based evaluation for multiple design choices. The results show redundancy designs increase capacity oriented availability but decrease security when applying security patches. We define functions that compare values of security metrics and capacity oriented availability with the chosen upper/lower bounds to find design choices that satisfy both security and availability requirements.