“On the Reliability and Availability of Systems Tolerant to Stealth Intrusion”

From Navigators

(Difference between revisions)
Jump to: navigation, search
(NavsPubsFull5.xml import (201201141459, full reimport with new ids for legacy pubs avoiding collisions))
 
Line 1: Line 1:
{{Publication
{{Publication
-
|type=inproceedings
+
|title=
-
|document=Document for Publication-Brandao11rel.pdf
+
   
-
|title=On the Reliability and Availability of Systems Tolerant to Stealth Intrusion
+
 
-
|author=Luís T. A. N. Brandão, Alysson Bessani
+
 
-
|Project=Project:REGENESYS
+
 
-
|ResearchLine=Fault and Intrusion Tolerance in Open Distributed Systems (FIT)
+
 
-
|month=apr
+
   
-
|year=2011
+
        On the Reliability and Availability of Systems Tolerant to Stealth Intrusion
-
|abstract=This paper considers the estimation of reliability and availability of intrusion-tolerant systems subject to non-detectable intrusions. Our motivation comes from the observation that typical intrusion tolerance techniques may in certain circumstances worsen the non-functional properties they were meant to improve, such as dependability. We start by modeling attacks as adversarial efforts capable of affecting the intrusion rate probability of components of the system. Then, we analyze several configurations of intrusion-tolerant replication and proactive rejuvenation, to find which ones lead to security enhancements. We consider different attack and rejuvenation models and take into account the mission time of the overall system and the expected time to intrusion of its components. In doing so, we identify thresholds that distinguish between improvement and degradation. We compare the effects of replication and rejuvenation and highlight their complementarity, showing improvements of resilience not attainable with any of the techniques alone, but possible only as a synergy of their combination.
+
|author=
 +
        Luis Brandão, Alysson Bessani
 +
|url=
 +
        http://www.navigators.di.fc.ul.pt/archive/papers/ladc11-reliability_.pdf
 +
|abstract=
 +
        This paper considers the estimation of reliability and availability of intrusion-tolerant systems subject to non-detectable intrusions. Our motivation comes from the observation that typical intrusion tolerance techniques may in certain circumstances worsen the non-functional properties they were meant to improve, such as dependability. We start by modeling attacks as adversarial efforts capable of affecting the intrusion rate probability of components of the system. Then, we analyze several configurations of intrusion-tolerant replication and proactive rejuvenation, to find which ones lead to security enhancements. We consider different attack and rejuvenation models and take into account the mission time of the overall system and the expected time to intrusion of its components. In doing so, we identify thresholds that distinguish between improvement and degradation. We compare the effects of replication and rejuvenation and highlight their complementarity, showing improvements of resilience not attainable with any of the techniques alone, but possible only as a synergy of their combination.
We advocate the need for thorougher system models, by showing fundamental vulnerabilities arising from incomplete specifications.
We advocate the need for thorougher system models, by showing fundamental vulnerabilities arising from incomplete specifications.
-
|address=São José dos Campos, Brazil
+
 
-
|booktitle=Proceedings of the 5th Latin-American Symposium on Dependable Computing - LADC'11
+
|type=
 +
        inproceedings
 +
|booktitle=
 +
        Proceedings of the 5th Latin-American Symposium on Dependable Computing - LADC'11. São José dos Campos, Brazil. April 2011.
 +
|month=
 +
        apr
 +
|year=
 +
        2011
 +
|Project=
 +
        Project:REGENESYS
 +
|ResearchLine=
 +
        Fault And Intrusion Tolerance in Open Distributed Systems (FIT)
}}
}}

Latest revision as of 14:40, 14 January 2013

Luis Brandão, Alysson Bessani

in Proceedings of the 5th Latin-American Symposium on Dependable Computing - LADC'11. São José dos Campos, Brazil. April 2011., Apr. 2011.

Abstract: This paper considers the estimation of reliability and availability of intrusion-tolerant systems subject to non-detectable intrusions. Our motivation comes from the observation that typical intrusion tolerance techniques may in certain circumstances worsen the non-functional properties they were meant to improve, such as dependability. We start by modeling attacks as adversarial efforts capable of affecting the intrusion rate probability of components of the system. Then, we analyze several configurations of intrusion-tolerant replication and proactive rejuvenation, to find which ones lead to security enhancements. We consider different attack and rejuvenation models and take into account the mission time of the overall system and the expected time to intrusion of its components. In doing so, we identify thresholds that distinguish between improvement and degradation. We compare the effects of replication and rejuvenation and highlight their complementarity, showing improvements of resilience not attainable with any of the techniques alone, but possible only as a synergy of their combination. We advocate the need for thorougher system models, by showing fundamental vulnerabilities arising from incomplete specifications.

Download paper

Download On the Reliability and Availability of Systems Tolerant to Stealth Intrusion

Export citation

BibTeX

Project(s): Project:REGENESYS

Research line(s): Fault And Intrusion Tolerance in Open Distributed Systems (FIT)

Retrieved from "https://navigators.di.fc.ul.pt/wiki/Publication:Brandao11rel"
Personal tools
Navigators toolbox