Resource allocation for restoration of compromised systems

Computer systems are constantly under the threats of being attacked and in many cases these attacks succeed. Today’s networked systems are thus built to be intrusion tolerant. In a large scale, the progresses of compromising the networked system and recovering the damage will carry on in parallel, allowing services to be continued (at a degraded level). One of the key problems in the restoration procedure regards to the resource allocation strategies and the cost associated with, specifically, a minimal cost is desired. In this paper we model the cost as a sum of service loss and resource expense that incur during the restoration procedure. We investigate the achievable minimal total cost and corresponding resource allocation strategy for different situations. The situations include both constant rates and time-variant rates in terms of the speed of compromising and recovering. We also consider the fact that the restoration rate is constrained by the resource allocated. The relationship can be either linear or obeying the law of diminishing marginal utility. We present both analytical and numerical results in the paper. The results show the impact from various system parameters on the critical conditions for a successful system restoration and on the minimal cost.

[1]  Eyal de Lara,et al.  The taser intrusion recovery system , 2005, SOSP '05.

[2]  Evangelos P. Markatos,et al.  Defending against hitlist worms using network address space randomization , 2007, Comput. Networks.

[3]  Catherine A. Meadows,et al.  A Cost-Based Framework for Analysis of Denial of Service Networks , 2001, J. Comput. Secur..

[4]  Hal Berghel,et al.  The Code Red Worm , 2001, CACM.

[5]  Donald F. Towsley,et al.  The monitoring and early detection of Internet worms , 2005, IEEE/ACM Transactions on Networking.

[6]  Dimitri P. Bertsekas,et al.  Nonlinear Programming , 1997 .

[7]  Jun Xu,et al.  WORM vs. WORM: preliminary study of an active counter-attack mechanism , 2004, WORM '04.

[8]  Archana Ganapathi,et al.  Why Do Internet Services Fail, and What Can Be Done About It? , 2002, USENIX Symposium on Internet Technologies and Systems.

[9]  Bernhard Plattner,et al.  An economic damage model for large-scale Internet attacks , 2004, 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[10]  Miguel Correia,et al.  Intrusion-Tolerant Architectures: Concepts and Design , 2002, WADS.

[11]  Noah Treuhaft,et al.  Recovery Oriented Computing (ROC): Motivation, Definition, Techniques, and Case Studies , 2002 .

[12]  Jim Gray,et al.  Why Do Computers Stop and What Can Be Done About It? , 1986, Symposium on Reliability in Distributed Software and Database Systems.

[13]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[14]  F. Brauer,et al.  Mathematical Models in Population Biology and Epidemiology , 2001 .

[15]  David M. Nicol,et al.  Simulating realistic network worm traffic for worm warning system design and testing , 2003, WORM '03.

[16]  Eric A. Brewer,et al.  Pinpoint: problem determination in large, dynamic Internet services , 2002, Proceedings International Conference on Dependable Systems and Networks.

[17]  Tamer Basar,et al.  The detection of RCS worm epidemics , 2005, WORM '05.

[18]  Bernhard Plattner,et al.  Experiences with worm propagation simulations , 2003, WORM '03.

[19]  Stefan Savage,et al.  Self-stopping worms , 2005, WORM '05.

[20]  David A. Patterson,et al.  A Simple Way to Estimate the Cost of Downtime , 2002, LISA.

[21]  David A. Patterson,et al.  Experience with evaluating human-assisted recovery processes , 2004, International Conference on Dependable Systems and Networks, 2004.

[22]  Kevin A. Kwiat,et al.  Modeling the spread of active worms , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[23]  W. Baumol,et al.  Economics--principles and policy , 1979 .

[24]  Lawrence A. Gordon,et al.  The economics of information security investment , 2002, TSEC.

[25]  K. Schittkowski,et al.  NONLINEAR PROGRAMMING , 2022 .

[26]  David Moore,et al.  Code-Red: a case study on the spread and victims of an internet worm , 2002, IMW '02.

[27]  Chuanyi Ji,et al.  A self-learning worm using importance scanning , 2005, WORM '05.

[28]  Hal Berghel Digital: The Y2K e-commerce tumble , 2001, Commun. ACM.

[29]  David A. Patterson,et al.  A recovery-oriented approach to dependable services: repairing past errors with system-wide undo , 2003 .

[30]  Donald F. Towsley,et al.  Code red worm propagation modeling and analysis , 2002, CCS '02.

[31]  Jaynarayan H. Lala,et al.  Foundations of Intrusion Tolerant Systems , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].