Skip to Main Content
We consider availability models of an intrusion tolerant system, and investigate quantitative effects of preventive maintenance based on security patch releases. The stochastic behavior of the system is analyzed through an embedded Markov chain approach. More specifically, two semi-Markov models are formulated in continuous-time, and discrete-time scales. We derive the optimal preventive patch management times maximizing the steady-state system availability in respective models, and evaluate both the system availability, and the mean time to security failure. Numerical examples are presented for illustrating the optimal preventive maintenance policies, and performing sensitivity analysis of model parameters.