Scenario-based Markovian modeling of web-system availability considering attacks on vulnerabilities
In the paper we simulate web-system availability taking into account security aspects and different maintenance scenarios. As a case study we have developed two Markov's models. These models simulate availability of a multi-tier web-system considering attacks on DNS vulnerabilities in additional to sys-tem failures due to hardware/software (HW/SW) faults. Proposed Markov's model use attacks rate and criticality as initial simulation parameters. In the paper we demonstrate how to estimate these parameters using open vulnerability databases (e.g. National Vulnerability Database). We also define different vulnerability elimination (VE) scenarios and examine how they affect system availability
Markov's models, Scenario of vulnerability elimination
Kharchenko, V., Ponochovny, Y., Boyarchuk, A., Gorbenko, A. Scenario-based Markovian modeling of web-system availability considering attacks on vulnerabilities (2015) CEUR Workshop Proceedings, 1356, pp. 566-577.