Title :
Increasing Network Resiliency by Optimally Assigning Diverse Variants to Routing Nodes
Author :
Newell, Andrew ; Obenshain, Daniel ; Tantillo, Thomas ; Nita-Rotaru, Cristina ; Amir, Yair
Author_Institution :
Dept. of Comput. Sci., Purdue Univ., West Lafayette, IN, USA
Abstract :
Networks with homogeneous routing nodes are constantly at risk as any vulnerability found against a node could be used to compromise all nodes. Introducing diversity among nodes can be used to address this problem. With few variants, the choice of assignment of variants to nodes is critical to the overall network resiliency. We present the Diversity Assignment Problem (DAP), the assignment of variants to nodes in a network, and we show how to compute the optimal solution in medium-size networks. We also present a greedy approximation to DAP that scales well to large networks. Our solution shows that a high level of overall network resiliency can be obtained even from variants that are weak on their own. We provide a variation of our problem that matches the specific communication requirements of applications run over the network (e.g., Paxos and BFT). Also, we analyze the loss in resiliency when optimally assigning variants based on inaccurate information about compromises.
Keywords :
approximation theory; computer network security; integer programming; linear programming; overlay networks; telecommunication network routing; DAP; computer security; diversity assignment problem; greedy approximation; homogeneous routing nodes; integer linear programming; network resiliency; overlay networks; routing nodes; Cloud computing; Context modeling; Network topology; Operating systems; Routing; Overlay networks, computer security, integer linear programming;
Journal_Title :
Dependable and Secure Computing, IEEE Transactions on
DOI :
10.1109/TDSC.2014.2373392
