A cyber-resilient architecture for critical security services

详细信息    查看全文

• 作者：Diego Kreutz^a ; ^b ; ^{diego.kreutz@uni.lu" class="auth_mail" title="E-mail the corresponding author} ; ^{kreutz@computer.org" class="auth_mail" title="E-mail the corresponding author} ; Oleksandr Malichevskyy^b ; ^{olexmal@lasige.di.fc.ul.pt" class="auth_mail" title="E-mail the corresponding author} ; Eduardo Feitosa^c ; ^{efeitosa@icomp.ufam.edu.br" class="auth_mail" title="E-mail the corresponding author} ; Hugo Cunha^c ; ^{hugo.cunha@icomp.ufam.edu.br" class="auth_mail" title="E-mail the corresponding author} ; Rodrigo da Rosa Righi^d ; ^{rrrighi@unisinos.br" class="auth_mail" title="E-mail the corresponding author} ; Douglas D.J. de Macedo^e ; ^{dmacedo@ufs.br" class="auth_mail" title="E-mail the corresponding author}
• 关键词：Cyber resiliency ; Cyber security ; System design ; Fault and intrusion tolerance ; Identification and authentication services ; Network access control
• 刊名：Journal of Network and Computer Applications
• 出版年：2016
• 出版时间：March 2016
• 年：2016
• 卷：63
• 期：Complete
• 页码：173-189
• 全文大小：2441 K

文摘

Authentication and authorization are two of the most important services for any IT infrastructure. Taking into account the current state of affairs of cyber warfare, the security and dependability of such services is a first class priority. For instance, the correct and continuous operation of identity providers (e.g., OpenID) and authentication, authorization and accounting services (e.g., RADIUS) is essential for all sorts of systems and infrastructures. As a step towards this direction, we introduce a functional architecture and system design artifacts for prototyping fault- and intrusion-tolerant identification and authentication services. The feasibility and applicability of the proposed elements are evaluated through two distinct prototypes. Our findings indicate that building and deploying resilient and reliable critical services is an achievable goal through a set of system design artifacts based on well-established concepts in the fields of security and dependability. Additionally, we provide an extensive evaluation of both resilient RADIUS (R-RADIUS) and OpenID (R-OpenID) prototypes. We show that our solution makes services resilient against attacks without affecting their correct operation. Our results also pinpoint that the prototypes are capable of meeting the needs of small to large-scale systems (e.g., IT infrastructures with 800k to 10M users).