DocumentCode
3600852
Title
Increasing Network Resiliency by Optimally Assigning Diverse Variants to Routing Nodes
Author
Newell, Andrew ; Obenshain, Daniel ; Tantillo, Thomas ; Nita-Rotaru, Cristina ; Amir, Yair
Author_Institution
Dept. of Comput. Sci., Purdue Univ., West Lafayette, IN, USA
Volume
12
Issue
6
fYear
2015
Firstpage
602
Lastpage
614
Abstract
Networks with homogeneous routing nodes are constantly at risk as any vulnerability found against a node could be used to compromise all nodes. Introducing diversity among nodes can be used to address this problem. With few variants, the choice of assignment of variants to nodes is critical to the overall network resiliency. We present the Diversity Assignment Problem (DAP), the assignment of variants to nodes in a network, and we show how to compute the optimal solution in medium-size networks. We also present a greedy approximation to DAP that scales well to large networks. Our solution shows that a high level of overall network resiliency can be obtained even from variants that are weak on their own. We provide a variation of our problem that matches the specific communication requirements of applications run over the network (e.g., Paxos and BFT). Also, we analyze the loss in resiliency when optimally assigning variants based on inaccurate information about compromises.
Keywords
approximation theory; computer network security; integer programming; linear programming; overlay networks; telecommunication network routing; DAP; computer security; diversity assignment problem; greedy approximation; homogeneous routing nodes; integer linear programming; network resiliency; overlay networks; routing nodes; Cloud computing; Context modeling; Network topology; Operating systems; Routing; Overlay networks, computer security, integer linear programming;
fLanguage
English
Journal_Title
Dependable and Secure Computing, IEEE Transactions on
Publisher
ieee
ISSN
1545-5971
Type
jour
DOI
10.1109/TDSC.2014.2373392
Filename
6963468
Link To Document