Toggle Main Menu Toggle Search

Open Access padlockePrints

Sustaining Intrusion-Tolerance by Proactive Replacement

Lookup NU author(s): Dr Paul EzhilchelvanORCiD, Dr Dylan Clarke, Emeritus Professor Isi Mitrani, Emeritus Professor Santosh Shrivastava



We propose and study proactive replacement as a strategy for ensuring that the number of intrusions does not exceed the design threshold within an intrusion-tolerant system. State machine replicas periodically replace themselves, en masse, by selecting a successor set from a large server farm housing spare machines that have been cleaned-up subsequent to any prior use. Selection is random to thwart adversary’s preference for any particular type of successor machines. Optionally, successors’ identities can be kept anonymous from selecting replicas, forcing the adversary to discover first the new replicas’ identities before launching attacks. Practicability of the proposed strategy is established in two ways. Architecture and combinations of well-known protocols for selection and state-transfer are outlined for the three replacement schemes proposed. Using analytical estimations and simulations, the replacement schemes are shown to be effective in sustaining tolerance capability by comparing them with a proactive recovery scheme that is assisted by an idealized Wormhole. With the availability and affordability of redundant machines, proactive replacement is a useful tolerance-sustaining strategy either on its own or in combination with its orthogonal counter-part, proactive recovery.

Publication metadata

Author(s): Ezhilchelvan P, Clarke D, Mitrani I, Shrivastava S

Publication type: Report

Publication status: Published

Series Title: School of Computing Science Technical Report Series

Year: 2009

Pages: 15

Print publication date: 01/03/2009

Source Publication Date: March 2009

Report Number: 1146

Institution: School of Computing Science, University of Newcastle upon Tyne

Place Published: Newcastle upon Tyne