Di Giandomenico, Felicita ; Masetti, Giulio ; Chiaradonna, Silvano
Contributor:Yao, Baozhen - ed. ; Wang, Shuaian - ed. ; Asian, Sobhan - ed.
Title:Redundancy-based intrusion tolerance approaches moving from classical fault tolerance methods
Subtitle: Group publication title: Subject and Keywords:intrusion tolerance ; cyberattack ; diversity-based redundancy ; protection mechanisms
Abstract:Borrowing from well known fault tolerant approaches based on redundancy to mask the effect of faults, redundancy-based intrusion tolerance schemes are proposed in this paper, where redundancy of ICT components is exploited as a first defense line against a subset of compromised components within the redundant set, due to cyberattacks. Features to enhance defense and tolerance capabilities are first discussed, covering diversity-based redundancy, confusion techniques, protection mechanisms, locality policies and rejuvenation phases. ; Then, a set of intrusion tolerance variations of classical fault tolerant schemes (including N Version Programming and Recovery Block, as well as a few hybrid approaches) is proposed, by enriching each original scheme with one or more of the previously introduced defense mechanisms. ; As a practical support to the system designer in making an appropriate choice among the available solutions, for each developed scheme a schematic summary is provided, in terms of resources and defense facilities needed to tolerate f value failures and k omission failures, as well as observations regarding time requirements. To provide an example of more detailed analysis, useful to set up an appropriate intrusion tolerance configuration, a trade-off study between cost and additional redundancy employed for confusion purposes is also carried out.
Publisher:Zielona Góra: Uniwersytet Zielonogórski
Date: Resource Type: DOI: Pages: Source:AMCS, volume 32, number 4 (2022) ; click here to follow the link
Language: License CC BY 4.0: Rights: