Sustaining Intrusion-Tolerance by Proactive Replacement

  1. Lookup NU author(s)
  2. Dr Paul Ezhilchelvan
  3. Dr Dylan Clarke
  4. Emeritus Professor Isi Mitrani
  5. Emeritus Professor Santosh Shrivastava
Author(s)Ezhilchelvan P, Clarke D, Mitrani I, Shrivastava S
Publication type Report
Series TitleSchool of Computing Science Technical Report Series
Year2009
DateMarch 2009
Report Number1146
Pages15
Full text is available for this publication:
We propose and study proactive replacement as a strategy for ensuring that the number of intrusions does not exceed the design threshold within an intrusion-tolerant system. State machine replicas periodically replace themselves, en masse, by selecting a successor set from a large server farm housing spare machines that have been cleaned-up subsequent to any prior use. Selection is random to thwart adversary’s preference for any particular type of successor machines. Optionally, successors’ identities can be kept anonymous from selecting replicas, forcing the adversary to discover first the new replicas’ identities before launching attacks. Practicability of the proposed strategy is established in two ways. Architecture and combinations of well-known protocols for selection and state-transfer are outlined for the three replacement schemes proposed. Using analytical estimations and simulations, the replacement schemes are shown to be effective in sustaining tolerance capability by comparing them with a proactive recovery scheme that is assisted by an idealized Wormhole. With the availability and affordability of redundant machines, proactive replacement is a useful tolerance-sustaining strategy either on its own or in combination with its orthogonal counter-part, proactive recovery.
InstitutionSchool of Computing Science, University of Newcastle upon Tyne
Place PublishedNewcastle upon Tyne
URLhttp://www.cs.ncl.ac.uk/publications/trs/papers/1146.pdf
ActionsLink to this publication