Acceso abierto

Redundancy–Based Intrusion Tolerance Approaches Moving from Classical Fault Tolerance Methods

International Journal of Applied Mathematics and Computer Science's Cover Image
International Journal of Applied Mathematics and Computer Science
Big Data and Artificial Intelligence for Cooperative Vehicle-Infrastructure Systems (Special section, pp. 523-599), Baozhen Yao, Shuaian (Hans) Wang and Sobhan (Sean) Asian (Eds.)


Borrowing from well known fault tolerant approaches based on redundancy to mask the effect of faults, redundancy-based intrusion tolerance schemes are proposed in this paper, where redundancy of ICT components is exploited as a first defense line against a subset of compromised components within the redundant set, due to cyberattacks. Features to enhance defense and tolerance capabilities are first discussed, covering diversity-based redundancy, confusion techniques, protection mechanisms, locality policies and rejuvenation phases. Then, a set of intrusion tolerance variations of classical fault tolerant schemes (including N Version Programming and Recovery Block, as well as a few hybrid approaches) is proposed, by enriching each original scheme with one or more of the previously introduced defense mechanisms. As a practical support to the system designer in making an appropriate choice among the available solutions, for each developed scheme a schematic summary is provided, in terms of resources and defense facilities needed to tolerate f value failures and k omission failures, as well as observations regarding time requirements. To provide an example of more detailed analysis, useful to set up an appropriate intrusion tolerance configuration, a trade-off study between cost and additional redundancy employed for confusion purposes is also carried out.

Calendario de la edición:
4 veces al año
Temas de la revista:
Mathematics, Applied Mathematics