On the Reliability and Availability of Systems Tolerant to Stealth Intrusion

This paper considers the estimation of reliability and availability of intrusion-tolerant systems subject to non-detectable intrusions. Our motivation comes from the observation that typical techniques of intrusion tolerance may in certain circumstances worsen the non-functional properties they were meant to improve (e.g., dependability). We start by modeling attacks as adversarial efforts capable of affecting the intrusion rate probability of components of the system. Then, we analyze several configurations of intrusion-tolerant replication and pro-active rejuvenation, to find which ones lead to security enhancements. We analyze several parameterizations, considering different attack and rejuvenation models and taking into account the mission time of the overall system and the expected time to intrusion of its components. In doing so, we identify thresholds that distinguish between improvement and degradation. We compare the effects of replication and rejuvenation and highlight their complementarity, showing improvements of resilience not attainable with any of the techniques alone, but possible only as a synergy of their combination. We advocate the need for thorougher system models, by showing fundamental vulnerabilities arising from incomplete specifications.

[1]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[2]  Miguel Correia,et al.  Spin One's Wheels? Byzantine Fault Tolerance with a Spinning Primary , 2009, 2009 28th IEEE International Symposium on Reliable Distributed Systems.

[3]  Alysson Bessani,et al.  Enhancing Fault / Intrusion Tolerance through Design and Configuration Diversity , 2009 .

[4]  Paulo Veríssimo,et al.  How resilient are distributed f fault/intrusion-tolerant systems? , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[5]  Bev Littlewood,et al.  Redundancy and Diversity in Security , 2004, ESORICS.

[6]  Fred B. Schneider,et al.  Proactive obfuscation , 2010, TOCS.

[7]  Miguel Correia,et al.  How to tolerate half less one Byzantine nodes in practical distributed systems , 2004, Proceedings of the 23rd IEEE International Symposium on Reliable Distributed Systems, 2004..

[8]  Miguel Correia,et al.  Highly Available Intrusion-Tolerant Services with Proactive-Reactive Recovery , 2010, IEEE Transactions on Parallel and Distributed Systems.

[9]  Elaine B. Barker,et al.  SP 800-57. Recommendation for Key Management, Part 1: General (revised) , 2007 .

[10]  Miguel Correia,et al.  Intrusion-Tolerant Architectures: Concepts and Design , 2002, WADS.

[11]  William E. Burr,et al.  Recommendation for Key Management, Part 1: General (Revision 3) , 2006 .

[12]  Miguel Correia,et al.  How Practical Are Intrusion-Tolerant Distributed Systems? , 2006 .

[13]  Nathanael Paul,et al.  Where's the FEEB? The Effectiveness of Instruction Set Randomization , 2005, USENIX Security Symposium.

[14]  Ronald F. Boisvert,et al.  NIST Handbook of Mathematical Functions , 2010 .

[15]  Andrea Bondavalli,et al.  Analysis of a Redundant Architecture for Critical Infrastructure Protection , 2007, WADS.

[16]  Kishor S. Trivedi Probability and Statistics with Reliability, Queuing, and Computer Science Applications , 1984 .

[17]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[18]  B SchneiderFred Implementing fault-tolerant services using the state machine approach: a tutorial , 1990 .

[19]  Israel Koren,et al.  Reliability analysis of hybrid redundancy systems , 1984 .

[20]  Paulo Veríssimo,et al.  Hidden problems of asynchronous proactive recovery , 2007 .

[21]  David H. Ackley,et al.  Building diverse computer systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).

[22]  Yennun Huang,et al.  Software rejuvenation: analysis, module and applications , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing. Digest of Papers.

[23]  Richard E. Barlow MATHEMATICAL RELIABILITY THEORY: FROM THE BEGINNING TO THE PRESENT TIME , 2003 .