“Cheap Intrusion-Tolerant Protection for CRUTIAL Things”
Missing institution, Tech. Rep., Aug. 2009.DI-FCUL TR-2009-14.
Abstract: Today’s critical infrastructures like the power grid are essentially physical processes controlled by computers connected by networks. They are usually as vulnerable as any other interconnected computer system, but their failure has a high socio-economic impact. The report describes a new construct for the protection of these infrastructures, based on distributed algorithms and mechanisms implemented between a set of devices called CIS. CIS collectively ensure that incoming/outgoing traffic satisfies the security policy of an organization facing accidents and attacks. However, they are not simple firewalls but distributed protection devices based on a sophisticated access control model and designed with intrusion-tolerant capabilities. The report discusses the rationale behind the use of CIS to improve the resilience of critical infrastructures, and it describes and evaluates two CIS implementations, one using physical replicas, and another using virtual machine (VM) based replicas. Our intrusion-tolerant solution is cheap in four different ways: it uses less replicas than other intrusion-tolerant services; it does not requires expensive consensus protocols; the performance overhead is minimal; and it can be deployed in a single physical machine through the use of VM technology.
Research line(s): Fault And Intrusion Tolerance in Open Distributed Systems (FIT)