No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
A Semi-Markov Evaluation Model for the Survivability of Real-Time Database with Intrusion Tolerance
Abstract
Based on the real-time features of transactions and data, an intrusion tolerant architecture is proposed for the real-time database system. Considering real-time parameters and intrusion detection latency, Semi-Markov evaluation model is established to access the survivability of real-time database. Based on this model, relevant quantitative criteria are given to define the indicators of the survivability, such as integrity and availability, so as to validate the survivability of real-time database. Because the factors such as false alarm, detection rate and the intensity of attacks have important effects on the survivability, they are analyzed by the TPC-C benchmark in detail. Experiments show that the model can accurately predict the behaviors of real-time database. The proposed real-time database with intrusion tolerance can still keep the basic survival when facing attacks.
The openness, sharing and interaction of data pose many challenges to the data security protection of the Energy Internet. Most of the existing methods focus on data encryption and reliable data storage. However, these methods cannot avoid attacks on data in the Energy Internet. To solve data security under the condition that the data is attacked, this paper addresses optimal data partition and recovery considering attacks for the Energy Internet. Firstly, in order to greatly reduce data dimension, we propose an attribute reduction algorithm based on indiscernibility and equivalence (AR-IE) and an optimal data partition algorithm via attribute reduction Rough Set (ODP-ARRS). Secondly, on the basis of ODP-ARRS, this paper presents a data recovery algorithm by using the erasure code (DR-EC). Finally, three comparative experiments are implemented on the five standard datasets from UCI. Experimental results show that AR-IE algorithm has the obvious effect of attribute reduction for experimental datasets so that the average number of attributes is reduced by 64.27%, and the running time of ODP-ARRS and DR-EC algorithm has advantages in terms of running time.
As one of network and business integration standard, IP multimedia subsystem (IMS) plays an important role in network convergence. It is important to analyze the authentication and registration process, and build a survivability model for IMS. Having defined survivability and its attributes, this paper proposes a survivability stochastic Petri net (SPN) model and its simplified version, and analyzes the survivability attributes including reliability, maintainability and availability. Simulation results show that the measures of survivability vary with time, failure rate and repair rate, respectively. Reliability is reduced with the increase of time and failure rate, and maintainability enhanced with the increase of time and repair rate. This study provides useful clue for improving survivability of IMS systems.
It has always been a challenging problem to evaluate the security of cloud services. In this paper, we analyze this problem exploiting the loss expectation by illegal attack in a quantitative way. With one of the key cloud services, storage cloud services based on key–value pairs (SCSKP for short), we quantify the protection ability with the Markov model analysis on the possibilities of various illegal attack. The loss expectation caused by the illegal attack will be calculated based on the analysis and then be used to quantify the resistance ability of SCSKP against such attacks, which serves as a metric to evaluate the security of the cloud service. We provide three series of experiments are exploited to test the expectation of losses. The results show that our method is valid and able to reflect the security situation of the cloud service.
Smartphone applications are getting more and more popular and pervasive in our daily life, and are also attractive to malware writers due to their limited computing source and vulnerabilities. At the same time, we possess limited understanding of our opponents in cyberspace. In this paper, we investigate the propagation model of SMS/MMS-based worms through integrating semi-Markov process and social relationship graph. In our modeling, we use semi-Markov process to characterize state transition among mobile nodes, and hire social network theory, a missing element in many previous works, to enhance the proposed mobile malware propagation model. In order to evaluate the proposed models, we have developed a specific software, and collected a large scale real-world data for this purpose. The extensive experiments indicate that the proposed models and algorithms are effective and practical.
Efforts to build "secure" computer systems have now been underway for more than a decade. Many designs have been proposed, some prototypes have been constructed, and a few systems are approaching the production stage. A small number of systems are even operating in what the Department of Defense calls the "multilevel" mode some information contained m these computer systems may have a clasmfication higher than the clearance of some of the users of those systems. This paper revmws the need for formal security models, describes the structure and operation of military security controls, considers how automation has affected security problems, surveys models that have been proposed and applied to date, and suggests possible d~rectlons for future models
Malicious transaction immediate repairing is an important aspect in building survivable DBMS. Based on traditional malicious transaction repairing solutions, this paper solves transaction undo collision and incorrect executing sequence of transaction operations using Petri net models. Considering characteristics of survivable DBMS, algorithms of static and on-the-fly malicious transaction repairing are provided. Further, related repairing system models are put up based on stochastic Petri net models. After consistency analysis of malicious transaction repairing stochastic Petri net model with continuous time Markov chain, this paper provides malicious transaction repairing solutions using continuous time Markov chain.
Complex software and network based information server systems may exhibit failures. Quite often, such failures may not be accidental. Instead some failures may be caused by deliberate security intrusions with the intent ranging from simple mischief, theft of confidential information to loss of crucial and possibly life saving services. Not only it is important to prevent and/or tolerate security intrusions, it is equally important to treat security as a QoS attribute at par with other QoS attributes such as availability and performance. This paper deals with various issues related to quantifying the security attributes of an intrusion tolerant system, such as the SITAR system. A security intrusion and the response of an intrusion tolerant system to an attack is modeled as a random process. This facilitates the use of stochastic modeling techniques to capture the attacker behavior as well as the system’s response to a security intrusion. This model is used to analyze and quantify the security attributes of the system. The security quantification analysis is first carried out for steady-state behavior leading to measures like steady-state availability. By transforming this model to a model with absorbing states, we compute a security measure called the “mean time (or effort) to security failure” (MTTSF) and also compute probabilities of security failure due to violations of different security attributes.
The immaturity of current intrusion detection techniques limits the traditional security systems in surviving malicious attacks.
Intrusion tolerance approaches have emerged to overcome these limitations. Before intrusion tolerance is accepted as an approach
to security, there must be quantitative methods to measure its survivability. However, there are very few attempts to do quantitative,
model-based evaluation of the survivability of intrusion tolerant systems, especially in database field. In this paper, we
focus on modeling the behaviors of an intrusion tolerant database system in the presence of attacks. Quantitative measures
are proposed to characterize the capability of a resilient database system surviving intrusions. An Intrusion Tolerant DataBase
system (ITDB) is studied as an example. Our experimental results validate the models we proposed. Survivability evaluation
is also conducted to study the impact of attack intensity and various system deficiencies on the survivability.
With the application of real-time databases and the intrusion of malicious transactions, it has become increasingly important to model the ability of real-time database intrusion tolerance and effectively evaluate its survivability. Based on the features of transaction and data for real-time database system, an intrusion tolerant architecture has been proposed for real-time database system. Considering factors such as intrusion detection latency and a variety of parameters for real-time, Semi-Markov evaluation model for survival assessment is established. Based on this model, relevant quantitative criteria are made to define the important indicators of survivability, such as integrity and availability, so as to validate intrusion detection capability and the survivability of real-time database. The three important factors of false alarm, detection rate and the intensity of attack are analyzed in detail by the TPC-C benchmark. Experiments show that the model can accurately predict the behavior of real- time database. The real-time database following the model can still provide essential services when facing attacks and the basic survival characteristics will not be seriously affected.
Survivability is the capability of a system to fulfill its mission in a timely manner in the presence of attacks, failures, or accidents. The emphasis of survivability is on continuity of operations, with the understanding that security precautions cannot guarantee that systems will not be penetrated and compromised. Survivability focuses on unbounded networked systems where traditional security measures are inadequate. As an emerging discipline, it builds on related fields of study (such as security, fault tolerance, reliability, and verification) and introduces new concepts and principles.
The development of techniques for quantitative, model-based evaluation of computer system dependability has a long and rich history. A wide array of model-based evaluation techniques is now available, ranging from combinatorial methods, which are useful for quick, rough-cut analyses, to state-based methods, such as Markov reward models, and detailed, discrete-event simulation. The use of quantitative techniques for security evaluation is much less common, and has typically taken the form of formal analysis of small parts of an overall design, or experimental red team-based approaches. Alone, neither of these approaches is fully satisfactory, and we argue that there is much to be gained through the development of a sound model-based methodology for quantifying the security one can expect from a particular design. In this work, we survey existing model-based techniques for evaluating system dependability, and summarize how they are now being extended to evaluate system security. We find that many techniques from dependability evaluation can be applied in the security domain, but that significant challenges remain, largely due to fundamental differences between the accidental nature of the faults commonly assumed in dependability evaluation, and the intentional, human nature of cyber attacks.