Di Giandomenico F., Masetti G., Chiaradonna S.
Intrusion tolerance Diversity-based redundancy Protection mechanisms Cyberattack
Borrowing from well known fault tolerant approaches based on redundancy to mask the effect of faults, redundancy-based intrusion tolerance schemes are proposed in this paper, where redundancy of ICT components is exploited as a first defense line against a subset of compromised components within the redundant set, due to cyberattacks. Features to enhance defense and tolerance capabilities are first discussed, covering diversity-based redundancy, confusion techniques, protection mechanisms, locality policies and rejuvenation phases. Then, a set of intrusion tolerance variations of classical fault tolerant schemes (including N Version Programming and Recovery Block, as well as a few hybrid approaches) is proposed, by enriching each original scheme with one or more of the previously introduced defense mechanisms. As a practical support to the system designer in making an appropriate choice among the available solutions, for each developed scheme a schematic summary is provided, in terms of resources and defense facilities needed to tolerate f value failures and k omission failures, as well as observations regarding time requirements. To provide an example of more detailed analysis, useful to set up an appropriate intrusion tolerance configuration, a trade-off study between cost and additional redundancy employed for confusion purposes is also carried out.
Source: International Journal of Applied Mathematics and Computer Science 32 (2022): 701–719. doi:10.34768/amcs-2022-0048
Publisher: University of Zielona Góra Press, Zielona Góra , Polonia
@article{oai:it.cnr:prodotti:478277, title = {Redundancy-based intrusion tolerance approaches moving from classical fault tolerance methods}, author = {Di Giandomenico F. and Masetti G. and Chiaradonna S.}, publisher = {University of Zielona Góra Press, Zielona Góra , Polonia}, doi = {10.34768/amcs-2022-0048}, journal = {International Journal of Applied Mathematics and Computer Science}, volume = {32}, pages = {701–719}, year = {2022} }