Di Giandomenico, Felicita ; Masetti, Giulio ; Chiaradonna, Silvano
Współtwórca:Yao, Baozhen - ed. ; Wang, Shuaian - ed. ; Asian, Sobhan - ed.
Tytuł:Redundancy-based intrusion tolerance approaches moving from classical fault tolerance methods
Podtytuł: Tytuł publikacji grupowej: Temat i słowa kluczowe:intrusion tolerance ; cyberattack ; diversity-based redundancy ; protection mechanisms
Abstract:Borrowing from well known fault tolerant approaches based on redundancy to mask the effect of faults, redundancy-based intrusion tolerance schemes are proposed in this paper, where redundancy of ICT components is exploited as a first defense line against a subset of compromised components within the redundant set, due to cyberattacks. Features to enhance defense and tolerance capabilities are first discussed, covering diversity-based redundancy, confusion techniques, protection mechanisms, locality policies and rejuvenation phases. ; Then, a set of intrusion tolerance variations of classical fault tolerant schemes (including N Version Programming and Recovery Block, as well as a few hybrid approaches) is proposed, by enriching each original scheme with one or more of the previously introduced defense mechanisms. ; As a practical support to the system designer in making an appropriate choice among the available solutions, for each developed scheme a schematic summary is provided, in terms of resources and defense facilities needed to tolerate f value failures and k omission failures, as well as observations regarding time requirements. To provide an example of more detailed analysis, useful to set up an appropriate intrusion tolerance configuration, a trade-off study between cost and additional redundancy employed for confusion purposes is also carried out.
Wydawca:Zielona Góra: Uniwersytet Zielonogórski
Data wydania: Typ zasobu: DOI: Strony: Źródło:AMCS, volume 32, number 4 (2022) ; kliknij tutaj, żeby przejść
Jezyk: Licencja CC BY 4.0: Prawa do dysponowania publikacją: