Towards Autonomic Mode Control of a Scalable Intrusion Tolerant Architecture

In this article we consider an intrusion tolerant system with two detection modes; automatic detection mode and manual detection mode for intrusions, and describe the dynamic transition behavior by a continuous-time semi-Markov chain (CTSMC). Based on the embedded Markov chain (EMC) approach, we derive the steady-state probability of the CTSMC, the steady-state system availability and the mean time to security failure (MTTSF). Especially, we show necessary and sufficient conditions to exist the optimal switching time from an automatic detection mode to a manual detection mode, which maximizes the steady-state system availability. Next, we develop an autonomic mode control scheme to estimate the optimal switching time without specifying any probability distribution function in an adaptive way, where the basic idea comes from a statistically non-parametric algorithm by means of the total time on test concept. Numerical examples through a simulation study are presented for illustrating the optimal switching of detection mode, and investigating the asymptotic property of the resulting autonomic mode control scheme.

[1]  Tadashi Dohi,et al.  Dependability Analysis of a Scalable Intrusion Tolerant Architecture with Two Detection Modes , 2010 .

[2]  Tadashi Dohi,et al.  Security Evaluation of an Intrusion Tolerant System with MRSPNs , 2009, 2009 International Conference on Availability, Reliability and Security.

[3]  Tadashi Dohi,et al.  Quantitative Evaluation of Intrusion Tolerant Systems Subject to DoS Attacks Via Semi-Markov Cost Models , 2007, EUC Workshops.

[4]  Rodolphe Ortalo,et al.  Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security , 1999, IEEE Trans. Software Eng..

[5]  Jeffrey O. Kephart,et al.  The Vision of Autonomic Computing , 2003, Computer.

[6]  Yi Mu,et al.  Emerging Directions in Embedded and Ubiquitous Computing , 2006 .

[7]  Brian Hayes,et al.  What Is Cloud Computing? , 2019, Cloud Technologies.

[8]  Tadashi Dohi,et al.  Availability Analysis of a Scalable Intrusion Tolerant Architecture with Two Detection Modes , 2009, CloudCom.

[9]  Tomas Olovsson,et al.  A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior , 1997, IEEE Trans. Software Eng..

[10]  Bharat B. Madan,et al.  A method for modeling and quantifying the security attributes of intrusion tolerant systems , 2004, Perform. Evaluation.

[11]  Peng Liu,et al.  Modeling and Evaluating the Survivability of an Intrusion Tolerant Database System , 2006, ESORICS.

[12]  Bharat B. Madan,et al.  Modeling and quantification of security attributes of software systems , 2002, Proceedings International Conference on Dependable Systems and Networks.

[13]  Tadashi Dohi,et al.  TOTAL TIME ON TEST PROCESSES AND THEIR APPLICATION TO MAINTENANCE PROBLEM , 2001 .

[14]  Tadashi Dohi,et al.  Optimizing Security Measures in an Intrusion Tolerant Database System , 2008, ISAS.

[15]  Feiyi Wang,et al.  SITAR: a scalable intrusion-tolerant architecture for distributed services , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[16]  Yves Deswarte,et al.  Internet Security: An Intrusion-Tolerance Approach , 2006, Proceedings of the IEEE.

[17]  David Wright,et al.  Towards Operational Measures of Computer Security , 1993, J. Comput. Secur..

[18]  Tadashi Dohi,et al.  Optimal Security Patch Management Policies Maximizing System Availability , 2010, J. Commun..

[19]  Kishor S. Trivedi,et al.  Security analysis of SITAR intrusion tolerance system , 2003, SSRS '03.

[20]  Tadashi Dohi,et al.  Availability Analysis of an IMS-Based VoIP Network System , 2010, ICCSA.

[21]  David Taniar,et al.  Computational Science and Its Applications - ICCSA 2010, International Conference, Fukuoka, Japan, March 23-26, 2010, Proceedings, Part I , 2010, ICCSA.

[22]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[23]  Dieter Gollmann,et al.  Computer Security - ESORICS 2006, 11th European Symposium on Research in Computer Security, Hamburg, Germany, September 18-20, 2006, Proceedings , 2006, ESORICS.

[24]  Tadashi Dohi,et al.  Availability Analysis of an Intrusion Tolerant Distributed Server System With Preventive Maintenance , 2010, IEEE Transactions on Reliability.

[25]  Sungsoo Kim,et al.  A Self-healing Mechanism for an Intrusion Tolerance System , 2005, TrustBus.