A complex networks approach to designing resilient system-of-systems

Tran, Huy T.

07 January 2016

This thesis develops a methodology for designing resilient system-of-systems (SoS) networks. This methodology includes a capability-based resilience assessment framework, used to quantify SoS resilience. A complex networks approach is used to generate potential SoS network designs, focusing on scale-free and random network topologies, degree-based and random rewiring adaptation, and targeted and random node removal threats. Statistical design methods, specifically response surface methodology, are used to evaluate SoS networks and provide an understanding of the advantages and disadvantages of potential designs. Linear regression is used to model a continuous representation of the network design space, and determine optimally resilient networks for particular threat types. The methodology is applied to an information exchange (IE) network model (i.e., a message passing network model) and military command and control (C2) model. Results show that optimally resilient IE network topologies are random for networks with adaptation, regardless of the threat type. However, the optimally resilient adaptation method sharply transitions from being fully random to fully degree-based as threat randomness increases. These findings suggest that intermediately defined networks should not be considered when designing for resilience. Cost-benefit analysis of C2 networks suggests that resilient C2 networks are more cost-effective than robust ones, as long as the cost of rewiring network links is less than three-fourths the cost of creating new links. This result identifies a threshold for which a resilient network design approach is more cost-effective than a robust one.This thesis develops a methodology for designing resilient system-of-systems (SoS) networks. This methodology includes a capability-based resilience assessment framework, used to quantify SoS resilience. A complex networks approach is used to generate potential SoS network designs, focusing on scale-free and random network topologies, degree-based and random rewiring adaptation, and targeted and random node removal threats. Statistical design methods, specifically response surface methodology, are used to evaluate SoS networks and provide an understanding of the advantages and disadvantages of potential designs. Linear regression is used to model a continuous representation of the network design space, and determine optimally resilient networks for particular threat types. The methodology is applied to an information exchange (IE) network model (i.e., a message passing network model) and military command and control (C2) model. Results show that optimally resilient IE network topologies are random for networks with adaptation, regardless of the threat type. However, the optimally resilient adaptation method sharply transitions from being fully random to fully degree-based as threat randomness increases. These findings suggest that intermediately defined networks should not be considered when designing for resilience. Cost-benefit analysis of C2 networks suggests that resilient C2 networks are more cost-effective than robust ones, as long as the cost of rewiring network links is less than three-fourths the cost of creating new links. This result identifies a threshold for which a resilient network design approach is more cost-effective than a robust one.

System-of-systems

Complex networks

Resilient systems

Resilience

Response surface methodology

Linear regression

An architecture to resilient and highly available identity providers based on OpenID standard / Uma arquitetura para provedores de identidade resistente e altamente disponíveis com base no padrão OpenID

Cunha, Hugo Assis

26 September 2014

Submitted by Lúcia Brandão (lucia.elaine@live.com) on 2015-07-14T15:58:20Z No. of bitstreams: 1 Dissertação - Hugo Assis Cunha.pdf: 4753834 bytes, checksum: 4304c038b5fb3c322af4b88ba5d58195 (MD5) / Approved for entry into archive by Divisão de Documentação/BC Biblioteca Central (ddbc@ufam.edu.br) on 2015-07-20T14:08:11Z (GMT) No. of bitstreams: 1 Dissertação - Hugo Assis Cunha.pdf: 4753834 bytes, checksum: 4304c038b5fb3c322af4b88ba5d58195 (MD5) / Approved for entry into archive by Divisão de Documentação/BC Biblioteca Central (ddbc@ufam.edu.br) on 2015-07-20T14:12:26Z (GMT) No. of bitstreams: 1 Dissertação - Hugo Assis Cunha.pdf: 4753834 bytes, checksum: 4304c038b5fb3c322af4b88ba5d58195 (MD5) / Made available in DSpace on 2015-07-20T14:12:26Z (GMT). No. of bitstreams: 1 Dissertação - Hugo Assis Cunha.pdf: 4753834 bytes, checksum: 4304c038b5fb3c322af4b88ba5d58195 (MD5) Previous issue date: 2014-09-26 / Não Informada / Quando se trata de sistemas e serviços de autenticação seguros, há duas abordagens principais: a primeira procura estabelecer defesas para todo e qualquer tipo de ataque. Na verdade, a maioria dos serviços atuais utilizam esta abordagem, a qualsabe-sequeéinfactívelefalha. Nossapropostautilizaasegundaabordagem, a qual procura se defender de alguns ataques, porém assume que eventualmente o sistema pode sofrer uma intrusão ou falha e ao invés de tentar evitar, o sistema simplesmente as tolera através de mecanismos inteligentes que permitem manter o sistema atuando de maneira confiável e correta. Este trabalho apresenta uma arquiteturaresilienteparaserviçosdeautenticaçãobaseadosemOpenIDcomuso deprotocolosdetolerânciaafaltaseintrusões, bemcomoumprotótipofuncional da arquitetura. Por meio dos diversos testes realizados foi possível verificar que o sistema apresenta um desempenho melhor que um serviço de autenticação do OpenID padrão, ainda com muito mais resiliência, alta disponibilidade, proteção a dados sensíveis e tolerância a faltas e intrusões. Tudo isso sem perder a compatibilidade com os clientes OpenID atuais. / Secure authentication services and systems typically are based on two main approaches: the first one seeks to defend itself of all kind of attack. Actually, the major current services use this approach, which is known for present failures as well as being completely infeasible. Our proposal uses the second approach, which seeks to defend itself of some specific attacks, and assumes that eventually the system may suffer an intrusion or fault. Hence, the system does not try avoiding the problems, but tolerate them by using intelligent mechanisms which allow the system keep executing in a trustworthy and safe state. This research presents a resilient architecture to authentication services based on OpenID by the use of fault and intrusion tolerance protocols, as well as a functional prototype. Through the several performed tests, it was possible to note that our system presents a better performance than a standard OpenID service, but with additional resilience, high availability, protection of the sensitive data, beyond fault and intrusion tolerance, always keeping the compatibility with the current OpenID clients.

Tolerância a faltas e intrusões

Sistemas resilientes

Replicação de máquinas de estado

Fault and intrusion tolerance

Resilient systems

State machine replication

OpenID