online read us now
Paper details
Number 4 - December 2022
Volume 32 - 2022
Redundancy-based intrusion tolerance approaches moving from classical fault tolerance methods
Felicita Di Giandomenico, Giulio Masetti, Silvano Chiaradonna
Abstract
Borrowing from well known fault tolerant approaches based on redundancy to mask the effect of faults, redundancy-based
intrusion tolerance schemes are proposed in this paper, where redundancy of ICT components is exploited as a
first defense line against a subset of compromised components within the redundant set, due to cyberattacks. Features to
enhance defense and tolerance capabilities are first discussed, covering diversity-based redundancy, confusion techniques,
protection mechanisms, locality policies and rejuvenation phases. Then, a set of intrusion tolerance variations of classical
fault tolerant schemes (including N Version Programming and Recovery Block, as well as a few hybrid approaches) is
proposed, by enriching each original scheme with one or more of the previously introduced defense mechanisms. As a
practical support to the system designer in making an appropriate choice among the available solutions, for each developed
scheme a schematic summary is provided, in terms of resources and defense facilities needed to tolerate f value failures and
k omission failures, as well as observations regarding time requirements. To provide an example of more detailed analysis,
useful to set up an appropriate intrusion tolerance configuration, a trade-off study between cost and additional redundancy
employed for confusion purposes is also carried out.
Keywords
intrusion tolerance, cyberattack, diversity-based redundancy, protection mechanisms