On the reliability and availability of replicated and rejuvenating systems under stealth attacks and intrusions

Brandão, Luís T. A. N.; Bessani, Alysson

doi:10.1007/s13173-012-0062-x

Cited by 11 publications

(8 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Finally, [7,28] are examples of studies that model and verify the effectiveness of cleansing (proactive recovery).…”

Section: Related Researchmentioning

confidence: 99%

Models of Reliability of Fault-Tolerant Software Under Cyber-Attacks

Popov

2017

2017 IEEE 28th International Symposium on Software Reliability Engineering (ISSRE)

View full text Add to dashboard Cite

This is the accepted version of the paper.This version of the publication may differ from the final published version. Abstract -This paper offers a new approach to modelling the effect of cyber-attacks on reliability of software used in industrial control applications. The model is based on the view that successful cyber-attacks introduce failure regions, which are not present in non-compromised software. The model is then extended to cover a fault tolerant architecture, such as the 1-out-of-2 software, popular for building industrial protection systems. The model is used to study the effectiveness of software maintenance policies such as patching and "cleansing" ("proactive recovery") under different adversary models ranging from independent attacks to sophisticated synchronized attacks on the channels. We demonstrate that the effect of attacks on reliability of diverse software significantly depends on the adversary model. Under synchronized attacks system reliability may be more than an order of magnitude worse than under independent attacks on the channels. These findings, although not surprising, highlight the importance of using an adequate adversary model in the assessment of how effective various cyber-security controls are. Permanent repository link:

show abstract

“…Finally, [7,28] are examples of studies that model and verify the effectiveness of cleansing (proactive recovery).…”

Section: Related Researchmentioning

confidence: 99%

Models of Reliability of Fault-Tolerant Software Under Cyber-Attacks

Popov

2017

2017 IEEE 28th International Symposium on Software Reliability Engineering (ISSRE)

View full text Add to dashboard Cite

show abstract

“…Theoretical models for proactive recovery have been presented in [11] and [24]. The paper in [11] compares different system configurations under parallel attacks (multiple healthy replicas are attacked at the same time) and serial attacks (only a single healthy replica is attacked at a time).…”

Section: A Proactive Rejuvenationmentioning

confidence: 99%

“…The paper in [11] compares different system configurations under parallel attacks (multiple healthy replicas are attacked at the same time) and serial attacks (only a single healthy replica is attacked at a time). That theoretical model computes the system availability, defined as the proportion of time in which the number of intruded replicas is at most f , by varying the time δ between rejuvenations of different replicas.…”

Section: A Proactive Rejuvenationmentioning

confidence: 99%

“…In our work we concentrate on serial rejuvenations and do not consider the common vulnerabilities among replicas due to the high entropy among variants generated by the MultiCompiler. In addition, we define the rejuvenation rate taking into account the size of the state that may need to be transferred and the time to transfer it, while the models in [11] and [24] are designed for stateless systems.…”

Section: A Proactive Rejuvenationmentioning

confidence: 99%

“…A theoretical model for proactive rejuvenations has also been presented in [11]. While this model applies to stateless systems, in our work we define the rejuvenation rate taking into account the size of the state that may need to be transferred and the time to transfer it.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Towards a Practical Survivable Intrusion Tolerant Replication System

Platania

Obenshain

Tantillo

et al. 2014

2014 IEEE 33rd International Symposium on Reliable Distributed Systems

View full text Add to dashboard Cite

Abstract-The increasing number of cyber attacks against critical infrastructures, which typically require large state and long system lifetimes, necessitates the design of systems that are able to work correctly even if part of them is compromised.We present the first practical survivable intrusion tolerant replication system, which defends across space and time using compiler-based diversity and proactive recovery, respectively. Our system supports large-state applications, and utilizes the Prime BFT protocol (providing performance guarantees under attack) with a compiler-based diversification engine. We devise a novel theoretical model that computes how resilient the system is over its lifetime based on the rejuvenation rate and the number of replicas.This model shows that we can achieve a confidence in the system of 95% over 30 years even when we transfer a state of 1 terabyte after each rejuvenation.

show abstract

Evaluation of isolation in virtual machine environments encounter in effective attacks against memory

Hakamian

Rahmani

2015

Security Comm Networks

View full text Add to dashboard Cite

One of the main features of the hypervisor is the isolation among virtual machine (VM) environments. By isolation between VMs, malicious activity in one VM could not affect all other VMs, so it is necessary to apply security mechanisms in order to improve isolation between VMs. Before applying security policies to a virtualization system, it is necessary to quantitatively measure the hypervisor from isolation point of view aiming at increasing security of isolation among VMs; then considering the circumstances of the VM execution environments and the results of measurements, we can find areas in the virtualization system with the most effective on enhancing isolation. This paper, proposed a semi-Markov model for evaluation of isolation, by studying the Xen virtualization architecture. We considered certain type of vulnerability that successfully exploiting it can lead to the attacker's malicious codes execution in part of memory address space. We included all three layers in virtualization for the evaluation purpose, because we wanted to consider strength and weakness areas in virtualization system and not just specific layer such as hypervisor, so it can be figured out that improving security in which layer of virtualization is most effective in improving security of isolation, in respect to the increasing or decreasing attacker's (defender's) ability to be successful. The sensitivity analysis results show that MTTSF is more sensitive to the increasing ability of defensive mechanisms to be successful at the application layer and decreasing the attacker's ability to successfully exploit vulnerabilities at the guest operating system layer, model parameters.

show abstract

On the reliability and availability of replicated and rejuvenating systems under stealth attacks and intrusions

Cited by 11 publications

References 16 publications

Models of Reliability of Fault-Tolerant Software Under Cyber-Attacks

Models of Reliability of Fault-Tolerant Software Under Cyber-Attacks

Towards a Practical Survivable Intrusion Tolerant Replication System

Evaluation of isolation in virtual machine environments encounter in effective attacks against memory

Contact Info

Product

Resources

About