Redundancy-based intrusion tolerance approaches moving from classical fault tolerance methods

Autor: Di Giandomenico, Felicita, Masetti, Giulio, Chiaradonna, Silvano
Jazyk: angličtina
Rok vydání: 2022
Předmět:
Zdroj: International Journal of Applied Mathematics and Computer Science 32 (2022): 701–719. doi:10.34768/amcs-2022-0048
Popis: Borrowing from well known fault tolerant approaches based on redundancy to mask the effect of faults, redundancy-based intrusion tolerance schemes are proposed in this paper, where redundancy of ICT components is exploited as a first defense line against a subset of compromised components within the redundant set, due to cyberattacks. Features to enhance defense and tolerance capabilities are first discussed, covering diversity-based redundancy, confusion techniques, protection mechanisms, locality policies and rejuvenation phases. Then, a set of intrusion tolerance variations of classical fault tolerant schemes (including N Version Programming and Recovery Block, as well as a few hybrid approaches) is proposed, by enriching each original scheme with one or more of the previously introduced defense mechanisms. As a practical support to the system designer in making an appropriate choice among the available solutions, for each developed scheme a schematic summary is provided, in terms of resources and defense facilities needed to tolerate f value failures and k omission failures, as well as observations regarding time requirements. To provide an example of more detailed analysis, useful to set up an appropriate intrusion tolerance configuration, a trade-off study between cost and additional redundancy employed for confusion purposes is also carried out.
Databáze: OpenAIRE