Redundancy-based intrusion tolerance approaches moving from classical fault tolerance methods

Di Giandomenico F., Masetti G., Chiaradonna S.

Intrusion tolerance  Diversity-based redundancy  Protection mechanisms  Cyberattack 

Borrowing from well known fault tolerant approaches based on redundancy to mask the effect of faults, redundancy-based intrusion tolerance schemes are proposed in this paper, where redundancy of ICT components is exploited as a first defense line against a subset of compromised components within the redundant set, due to cyberattacks. Features to enhance defense and tolerance capabilities are first discussed, covering diversity-based redundancy, confusion techniques, protection mechanisms, locality policies and rejuvenation phases. Then, a set of intrusion tolerance variations of classical fault tolerant schemes (including N Version Programming and Recovery Block, as well as a few hybrid approaches) is proposed, by enriching each original scheme with one or more of the previously introduced defense mechanisms. As a practical support to the system designer in making an appropriate choice among the available solutions, for each developed scheme a schematic summary is provided, in terms of resources and defense facilities needed to tolerate f value failures and k omission failures, as well as observations regarding time requirements. To provide an example of more detailed analysis, useful to set up an appropriate intrusion tolerance configuration, a trade-off study between cost and additional redundancy employed for confusion purposes is also carried out.

Source: International Journal of Applied Mathematics and Computer Science 32 (2022): 701–719. doi:10.34768/amcs-2022-0048

Publisher: University of Zielona Góra Press, Zielona Góra , Polonia

Metrics