190 likes | 352 Views
Secure Proactive Recovery – a Hardware Based Mission Assurance Scheme. 6 th International Conference on Information Warfare and Security, 2011. Outline. Structure. Motivation. Threat model. System design. Performance analysis. Conclusion. Motivation. Mission assurance Goals
E N D
Secure Proactive Recovery – a Hardware Based Mission Assurance Scheme 6th International Conference on Information Warfare and Security, 2011
Outline Structure Motivation Threat model System design Performance analysis Conclusion
Motivation • Mission assurance • Goals • Survivability • Security • Fault tolerance • Low cost (Time overhead) • Adaptation and evolution • Feasibility study • Long running applications • Prevention Detection Recovery • Hardware-based • Smart defender
Outline Structure Motivation Threat model System design Performance analysis Conclusion
The Quiet Invader • Smart attacker • Make decisions to maximize the potential of achieving their objectives based on dynamic information • Quiet invader • Camouflages to buy more time • Plan to attack mission during critical stage (Why?) • Example: • Long running countdown for a space shuttle launch that runs for several hours
Outline Structure Motivation Threat model System design Performance analysis Conclusion
Replica 3 Coordinator Workload Workload Workload Workload Workload Replica 1 Replica 2 Replica 3 Replica n R R R R Hardware Signature Hardware Signature Hardware Signature Hardware Signature Hardware Signature C C C C Periodic checkpoint Periodic checkpoint H H H H Periodic checkpoint Periodic checkpoint Periodic checkpoint
Hardware Signature Generation IDS System reg
Outline Structure Motivation Threat model System design Performance analysis Conclusion
Performance Analysis • Cases • Case 1: Systems with no checkpointing • Case 2: Systems with checkpointing, no failures/attacks • Case 3: Systems with checkpointing, failures/attacks • Workload • Java SciMark 2.0 benchmark workloads: FFT, SOR, Sparse, LU • Multi-step simulation based evaluation approach[Reference: Mehresh, R., Upadhyaya, S. and Kwiat, K. (2010) “A Multi-Step Simulation Approach Toward Fault Tolerant system Evaluation”, ThirdInternational Workshop on Dependable Network Computing and Mobile Systems, October]
Table 1: Execution Times (in hours) for the Scimark workloads across three cases Results Table : Execution times (in hours) for the Scimark workloads for the three cases
Results Table : Approximate optimal checkpoint interval values and their corresponding workload execution times for LU (Case 3) at different values of M
Outline Structure Motivation Threat model System design Performance analysis Conclusion
Conclusion • Low cost solution to secure proactive recovery • Mission survivability • Utilized redundant hardware • Small overhead in absence of failures • Effective preventive measure • Future work • To evaluate this scheme for a distributed system