Architecture, Services and Protocols for CRUTIAL

Abou El Kalan, Anas; Baina, Amine; Beitollahi, Hakem; Bessani, Alysson Neves; Bondavalli, Andrea; Correia, Miguel; Daidone, Alessandro; Dantas, Wagner; Deconinck, Geert; Deswarte, Yves; Moniz, Henrique; Neves, Nuno; Sousa, Paulo; Veríssimo, Paulo

Architecture, Services and Protocols for CRUTIAL

Authors: Anas Abou El Kalan
Amine Baina
Hakem Beitollahi
Alysson Neves Bessani
Andrea Bondavalli
Miguel Correia
Alessandro Daidone
Wagner Dantas
Geert Deconinck
Yves Deswarte
Henrique Moniz
Nuno Neves
Paulo Sousa
Paulo Veríssimo
Publication date: 1 March 2009
Publisher

Abstract

This document describes the complete specification of the architecture, services and protocols of the project CRUTIAL. The CRUTIAL Architecture intends to reply to a grand challenge of computer science and control engineering: how to achieve resilience of critical information infrastructures (CII), in particular in the electrical sector. In general lines, the document starts by presenting the main architectural options and components of the architecture, with a special emphasis on a protection device called the CRUTIAL Information Switch (CIS). Given the various criticality levels of the equipments that have to be protected, and the cost of using a replicated device, we define a hierarchy of CIS designs incrementally more resilient. The different CIS designs offer various trade offs in terms of capabilities to prevent and tolerate intrusions, both in the device itself and in the information infrastructure. The Middleware Services, APIs and Protocols chapter describes our approach to intrusion tolerant middleware. The CRUTIAL middleware comprises several building blocks that are organized on a set of layers. The Multipoint Network layer is the lowest layer of the middleware, and features an abstraction of basic communication services, such as provided by standard protocols, like IP, IPsec, UDP, TCP and SSL/TLS. The Communication Support layer features three important building blocks: the Randomized Intrusion-Tolerant Services (RITAS), the CIS Communication service and the Fosel service for mitigating DoS attacks. The Activity Support layer comprises the CIS Protection service, and the Access Control and Authorization service. The Access Control and Authorization service is implemented through PolyOrBAC, which defines the rules for information exchange and collaboration between sub-modules of the architecture, corresponding in fact to different facilities of the CII’s organizations. The Monitoring and Failure Detection layer contains a definition of the services devoted to monitoring and failure detection activities. The Runtime Support Services, APIs, and Protocols chapter features as a main component the Proactive-Reactive Recovery service, whose aim is to guarantee perpetual correct execution of any components it protects.Project co-funded by the European Commission within the Sixth Frame-work Programme (2002-2006

Similar works

Full text

Open in the Core reader

Download PDF

Available Versions

Universidade de Lisboa: Repositório.UL

oai:repositorio.ul.pt:10451/14...

Last time updated on 05/05/2016

Repositório da Universidade de Lisboa

oai:repositorio.ul.pt:10451/14...

Last time updated on 12/06/2020