On the Reliability and Availability of Systems Tolerant to Stealth Intrusion

This paper considers the estimation of reliability and availability of intrusion-tolerant systems subject to non-detectable intrusions. Our motivation comes from the observation that typical techniques of intrusion tolerance may in certain circumstances worsen the non-functional properties they were meant to improve (e.g., dependability). We start by modeling attacks as adversarial efforts capable of affecting the intrusion rate probability of components of the system. Then, we analyze several configurations of intrusion-tolerant replication and pro-active rejuvenation, to find which ones lead to security enhancements. We analyze several parameterizations, considering different attack and rejuvenation models and taking into account the mission time of the overall system and the expected time to intrusion of its components. In doing so, we identify thresholds that distinguish between improvement and degradation. We compare the effects of replication and rejuvenation and highlight their complementarity, showing improvements of resilience not attainable with any of the techniques alone, but possible only as a synergy of their combination. We advocate the need for thorougher system models, by showing fundamental vulnerabilities arising from incomplete specifications.