Models of Reliability of Fault-Tolerant Software Under Cyber-Attacks
| Title | Models of Reliability of Fault-Tolerant Software Under Cyber-Attacks |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Popov, P. |
| Conference Name | 2017 IEEE 28th International Symposium on Software Reliability Engineering (ISSRE) |
| Keywords | adequate adversary model, adversary, Adversary Models, computer security, cyber-attacks, cyber-security controls, diverse software, failure regions, Fault tolerance, fault tolerant architecture, Fault tolerant systems, fault-tolerant software, Human Behavior, independent attacks, industrial control applications, industrial protection systems, Metrics, noncompromised software, on-demand software, Probabilistic logic, probabilistic model, pubcrawl, resilience, Resiliency, Scalability, security of data, Software, software fault tolerance, software fault-tolerance, software maintenance, software maintenance policies, software reliability, sophisticated synchronized attacks, synchronized attacks system reliability, telecommunication security |
| Abstract | This paper offers a new approach to modelling the effect of cyber-attacks on reliability of software used in industrial control applications. The model is based on the view that successful cyber-attacks introduce failure regions, which are not present in non-compromised software. The model is then extended to cover a fault tolerant architecture, such as the 1-out-of-2 software, popular for building industrial protection systems. The model is used to study the effectiveness of software maintenance policies such as patching and "cleansing" ("proactive recovery") under different adversary models ranging from independent attacks to sophisticated synchronized attacks on the channels. We demonstrate that the effect of attacks on reliability of diverse software significantly depends on the adversary model. Under synchronized attacks system reliability may be more than an order of magnitude worse than under independent attacks on the channels. These findings, although not surprising, highlight the importance of using an adequate adversary model in the assessment of how effective various cyber-security controls are. |
| URL | http://ieeexplore.ieee.org/document/8109089/ |
| DOI | 10.1109/ISSRE.2017.23 |
| Citation Key | popov_models_2017 |
- Software
- on-demand software
- Probabilistic logic
- probabilistic model
- pubcrawl
- resilience
- Resiliency
- Scalability
- security of data
- noncompromised software
- software fault tolerance
- software fault-tolerance
- software maintenance
- software maintenance policies
- software reliability
- sophisticated synchronized attacks
- synchronized attacks system reliability
- telecommunication security
- fault tolerant architecture
- adversary
- Adversary Models
- computer security
- cyber-attacks
- cyber-security controls
- diverse software
- failure regions
- fault tolerance
- adequate adversary model
- Fault tolerant systems
- fault-tolerant software
- Human behavior
- independent attacks
- industrial control applications
- industrial protection systems
- Metrics