Modeling fault tolerant architectures with design diversity for secure systems

Modern critical systems are facing an increasingly number of new security risks. Nowadays, the extensive use of third-party components and tools during design, and the massive outsourcing overseas of the implementation and integration of systems parts, augment the chances for the introduction of malicious system alterations along the development lifecycle. In addition, the growing dominance of monocultures in the cyberspace, comprising collections of identical interconnected computer platforms, leads to systems that are subject to the same vulnerabilities and attacks. This is especially important for cyber-physical systems, which interconnect cyberspace with computing resources and physical processes. The application of concepts and principles from design diversity to the development and operation of critical systems can help palliate these emerging security challenges. This paper defines and analyzes models of fault tolerant architectures for secure systems that rely on the use of design diversity. The models are built using minimal extensions to classical architectures according to a set of defined failure classes for secure services. A number of metrics are provided to quantify fault tolerance and performance as a function of design diversity. The architectures are analyzed with respect to the design diversity, and compared based on the undetected failure probability, the number of tolerated and detected failures, and the performance delay.

[1]  Jean Arlat,et al.  Definition and analysis of hardware- and software-fault-tolerant architectures , 1990, Computer.

[2]  Ravishankar K. Iyer,et al.  Transparent runtime randomization for security , 2003, 22nd International Symposium on Reliable Distributed Systems, 2003. Proceedings..

[3]  James E. Just,et al.  Review and analysis of synthetic diversity for breaking monocultures , 2004, WORM '04.

[4]  Algirdas Avizienis,et al.  The N-Version Approach to Fault-Tolerant Software , 1985, IEEE Transactions on Software Engineering.

[5]  Harish Sethu,et al.  Software diversity as a defense against viral propagation: models and simulations , 2005, Workshop on Principles of Advanced and Distributed Simulation (PADS'05).

[6]  Y. C. Yeh,et al.  Triple-triple redundant 777 primary flight computer , 1996, 1996 IEEE Aerospace Applications Conference. Proceedings.

[7]  Algirdas Avizienis,et al.  A fault tolerance approach to computer viruses , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[8]  Jeffrey M. Voas,et al.  Reducing uncertainty about common-mode failures , 1997, Proceedings The Eighth International Symposium on Software Reliability Engineering.

[9]  David H. Ackley,et al.  Building diverse computer systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).

[10]  Brian Randell,et al.  System structure for software fault tolerance , 1975, IEEE Transactions on Software Engineering.

[11]  Edward J. McCluskey,et al.  A Design Diversity Metric and Analysis of Redundant Systems , 2002, IEEE Trans. Computers.

[12]  Barry W. Johnson Design & analysis of fault tolerant digital systems , 1988 .

[13]  Kenneth P. Birman,et al.  The Monoculture Risk Put into Context , 2009, IEEE Security & Privacy Magazine.

[14]  Mark Mohammad Tehranipoor,et al.  Trustworthy Hardware: Identifying and Classifying Hardware Trojans , 2010, Computer.

[15]  Paul Ammann,et al.  Data Diversity: An Approach to Software Fault Tolerance , 1988, IEEE Trans. Computers.

[16]  Michael R. Lyu,et al.  Software diversity metrics and measurements , 1992, [1992] Proceedings. The Sixteenth Annual International Computer Software and Applications Conference.

[17]  Pascal Traverse,et al.  AIRBUS A320/A330/A340 electrical flight controls - A family of fault-tolerant systems , 1993, FTCS-23 The Twenty-Third International Symposium on Fault-Tolerant Computing.

[18]  Tristan Newby,et al.  Hardware trojan resistant computation using heterogeneous COTS processors , 2013 .

[19]  A. Avizienis,et al.  Dependable computing: From concepts to design diversity , 1986, Proceedings of the IEEE.

[20]  Algirdas Avizienis,et al.  Fault Tolerance by Design Diversity: Concepts and Experiments , 1984, Computer.

[21]  Daniel C. DuVarney,et al.  Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits , 2003, USENIX Security Symposium.