Evaluation of Defence Mechanisms in Survivable Networks

In this paper we present an environment for evaluating self-healing mechanisms in survivable networks. The work is based on the thesis that system level requirements of integrity and availability can be inherently conflicting, and that the type and level of defence in each particular network should be determined in relation to the particular network’s characteristics. The study shows that defined levels of critical service, intensity of attacks and time to recovery are important ingredients in measuring survivability. The paper presents a preliminary study of defence mechanisms in a telecommunication management network and illustrates how the network survivability is affected by several parameters such as network size, the implemented defence mechanisms, and the accepted trade-off against availability. The presented results are based on a model of the network built on top of the Swarm simulation platform and illustrate a potentially powerful tool in the hand of network security engineers. Keywords—Survivability, Simulation, Intrusion Tolerance, System Security, Security Metrics, Dependability

[1]  John A. Zinky,et al.  Open implementation toolkit for building survivable applications , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[2]  Nancy R. Mead,et al.  Survivable Network Systems: An Emerging Discipline , 1997 .

[3]  Sven Dietrich,et al.  The survivability of survivability , 2001 .

[4]  Suresh L. Konda,et al.  A Simulation Model for Managing Survivability of Networked Information Systems , 2000 .

[5]  Nancy R. Mead,et al.  The Survivability Imperative: Protecting Critical Systems , 2000 .

[6]  Brian Randell,et al.  Fundamental Concepts of Dependability , 2000 .

[7]  Matthew C. Elder,et al.  On computer viral infection and the effect of immunization , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[8]  Nancy R. Mead,et al.  Survivability: Protecting Your Critical Systems , 1999, IEEE Internet Comput..

[9]  John C. Munson,et al.  Watcher: the missing piece of the security puzzle , 2001, Seventeenth Annual Computer Security Applications Conference.

[10]  Nancy R. Mead,et al.  Survivable Network System Analysis: A Case Study , 1999, IEEE Softw..

[11]  Peter G. Neumann,et al.  Practical Architectures for Survivable Systems and Networks , 1999 .

[12]  Partha Pal,et al.  Defense-enabled applications , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.