Web Systems Availability Assessment Considering Attacks on Service Configuration Vulnerabilities

The paper examines the issues of web systems assessment availability. It is defined that unavailability of web services may be caused by internal and external factors in particular server side vulnerability attacks. Three Markov’s models of web system availability are developed; these models consider influence of software defects and vulnerability attacks for DNS, DHCP and Route services. Elimination of configuration vulnerabilities during system operation is considered. Conclusions about the impact of the probability of detection and elimination of vulnerabilities and the recovery rate on the web systems availability function are proposed.

[1]  Vyacheslav S. Kharchenko,et al.  F(I)MEA-Technique of Web Services Analysis and Dependability Ensuring , 2006, RODIN Book.

[2]  Joseph Migga Kizza,et al.  Guide to Computer Network Security, 6th Edition , 2024, Texts in Computer Science.

[3]  Nicholas Kyriakopoulos,et al.  A comparative analysis of network dependability, fault-tolerance, reliability, security, and survivability , 2009, IEEE Communications Surveys & Tutorials.

[4]  Michael Butler,et al.  Rigorous Development of Complex Fault-Tolerant Systems , 2006 .

[5]  William H. Sanders,et al.  Model-based evaluation: from dependability to security , 2004, IEEE Transactions on Dependable and Secure Computing.

[6]  Dong Seong Kim,et al.  Availability Modeling and Analysis of a Virtualized System Using Stochastic Reward Nets , 2016, 2016 IEEE International Conference on Computer and Information Technology (CIT).

[7]  Kishor S. Trivedi,et al.  Modeling High Availability , 2006, 2006 12th Pacific Rim International Symposium on Dependable Computing (PRDC'06).

[8]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[9]  Karen Scarfone,et al.  Common Vulnerability Scoring System , 2006, IEEE Security & Privacy.

[10]  Israel Koren,et al.  Fault-Tolerant Systems , 2007 .

[11]  Ray Hunt,et al.  A taxonomy of network and computer attacks , 2005, Comput. Secur..