Towards a Practical Survivable Intrusion Tolerant Replication System

Platania, Marco; Obenshain, Daniel; Tantillo, Thomas; Sharma, Ricky A.; Amir, Yair

doi:10.1109/srds.2014.16

Cited by 21 publications

(7 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The proponents of "proactive recovery", e.g. [1] [6], [16] and [18], would argue that it is, while some may argue that such practice may in fact reduce dependability. Indeed, the benefits, of cleansing are questionable: an advanced persistent threat (APT) that has successfully compromised a piece of software once is likely to persist and likely to compromise it again and again, probably taking increasingly shorter time to compromise a replica after cleansing.…”

Section: Resultsmentioning

confidence: 99%

“…• We limited our work to the simplest fault-tolerant architecture -the 1-out-of-2 software -but referred several times to systems of significantly higher complexity such intrusion-tolerant architectures based on Byzantine agreement protocol [1,16,18]. The proposed style of modelling seems applicable to such systems, too.…”

Section: Discussionmentioning

confidence: 99%

“…[16], report that this may take seconds, minutes and even hours. Examples of techniques to minimize this duration are: i) on-the-fly patching [17]; ii) adding spare channels before some channels are taken down for maintenance [18], [16], etc. In our model the duration of maintenance is defined as a model parameter, which we varied in different studies.…”

Section: E Software Maintenancementioning

confidence: 99%

See 2 more Smart Citations

Models of Reliability of Fault-Tolerant Software Under Cyber-Attacks

Popov

2017

2017 IEEE 28th International Symposium on Software Reliability Engineering (ISSRE)

View full text Add to dashboard Cite

This is the accepted version of the paper.This version of the publication may differ from the final published version. Abstract -This paper offers a new approach to modelling the effect of cyber-attacks on reliability of software used in industrial control applications. The model is based on the view that successful cyber-attacks introduce failure regions, which are not present in non-compromised software. The model is then extended to cover a fault tolerant architecture, such as the 1-out-of-2 software, popular for building industrial protection systems. The model is used to study the effectiveness of software maintenance policies such as patching and "cleansing" ("proactive recovery") under different adversary models ranging from independent attacks to sophisticated synchronized attacks on the channels. We demonstrate that the effect of attacks on reliability of diverse software significantly depends on the adversary model. Under synchronized attacks system reliability may be more than an order of magnitude worse than under independent attacks on the channels. These findings, although not surprising, highlight the importance of using an adequate adversary model in the assessment of how effective various cyber-security controls are. Permanent repository link:

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Discussionmentioning

confidence: 99%

Section: E Software Maintenancementioning

confidence: 99%

See 1 more Smart Citation

Models of Reliability of Fault-Tolerant Software Under Cyber-Attacks

Popov

2017

2017 IEEE 28th International Symposium on Software Reliability Engineering (ISSRE)

View full text Add to dashboard Cite

show abstract

“…In [144], the authors present a survivable intrusion-tolerant replication model, that ensures the reliability across diverse system components and the resilience of the system over its lifetime. The model was evaluated through experiments involving both physical and virtualized environments.…”

Section: Scada Survivability and Resiliencementioning

confidence: 99%

A Survey on SCADA Systems: Secure Protocols, Incidents, Threats and Tactics

Pliatsios

Sarigiannidis

Λάγκας

et al. 2020

IEEE Commun. Surv. Tutorials

168

View full text Add to dashboard Cite

Supervisory Control and Data Acquisition (SCADA) systems are the underlying monitoring and control components of critical infrastructures, such as power, telecommunication, transportation, pipelines, chemicals and manufacturing plants. Legacy SCADA systems operated on isolated networks, that made them less exposed to Internet threats. However, the increasing connection of SCADA systems to the Internet, as well as corporate networks, introduces severe security issues. Security considerations for SCADA systems are gaining higher attention, as the number of security incidents against these critical infrastructures is increasing. In this survey, we provide an overview of the general SCADA architecture, along with a detailed description of the SCADA communication protocols. Additionally, we discuss certain high-impact security incidents, objectives, and threats. Furthermore, we carry out an extensive review of the security proposals and tactics that aim to secure SCADA systems. We also discuss the state of SCADA system security. Finally, we present the current research trends and future advancements of SCADA security.

show abstract

“…However, real-world software diversity is often employed in an ad hoc fashion, which can be justified by how different OSes (e.g., Windows vs. various kinds of Unix) and browsers (e.g., Safari vs. Firefox vs. Chrome) are employed in practice. One exception is the investigation of employing software diversity to enhance Byzantine Fault-Tolerance (BFT), namely how to employ software diversity in the replica implementations so that they do not contain common vulnerabilities [23], [24], [25], [26], [27], [28]. This is important because the theoretical fault-tolerance guarantee can be ruined otherwise.…”

Section: Introductionmentioning

confidence: 99%

Quantifying Cybersecurity Effectiveness of Dynamic Network Diversity

Chen¹,

Çam²,

Xu³

2021

Preprint

View full text Add to dashboard Cite

The deployment of monoculture software stacks can have devastating consequences because a single attack can compromise all of the vulnerable computers in cyberspace. This one-vulnerability-affects-all phenomenon will continue until after software stacks are diversified, which is well recognized by the research community. However, existing studies mainly focused on investigating the effectiveness of software diversity at the building-block level (e.g., whether two independent implementations indeed exhibit independent vulnerabilities); the effectiveness of enforcing network-wide software diversity is little understood, despite its importance in possibly helping justify investment in software diversification. As a first step towards ultimately tackling this problem, we propose a systematic framework for modeling and quantifying the cybersecurity effectiveness of network diversity, including a suite of cybersecurity metrics. We also present an agent-based simulation to empirically demonstrate the usefulness of the framework. We draw a number of insights, including the surprising result that proactive diversity is effective under very special circumstances, but reactive-adaptive diversity is much more effective in most cases.

show abstract

Towards a Practical Survivable Intrusion Tolerant Replication System

Cited by 21 publications

References 20 publications

Models of Reliability of Fault-Tolerant Software Under Cyber-Attacks

Models of Reliability of Fault-Tolerant Software Under Cyber-Attacks

A Survey on SCADA Systems: Secure Protocols, Incidents, Threats and Tactics

Quantifying Cybersecurity Effectiveness of Dynamic Network Diversity

Contact Info

Product

Resources

About