Secure Proactive Recovery - A Hardware Based Mission Assurance Scheme

Mission Assurance in critical systems entails both fault tolerance and security. Since fault tolerance via redundancy or replication is contradictory to the notion of a limited trusted computing base, normal security techniques cannot be applied to fault tolerant systems. Thus, in order to enhance the dependability of mission critical systems, designers employ a multi-phase approach that includes fault/threat avoidance/prevention, detection and recovery. Detection phase is the fallback plan for avoidance/prevention phase, as recovery phase is the fallback plan for detection phase. However, despite this three-stage barrier, a determined adversary can still defeat system security by staging an attack on the recovery phase. Recovery being the final stage of the dependability life-cycle, unless certain security methodologies are used, full assurance to mission critical operations cannot be guaranteed. For this reason, we propose a new methodology, viz. secure proactive recovery that can be built into future mission-critical systems in order to secure the recovery phase at low cost. The solution proposed is realized through a hardware-supported design of a consensus protocol. One of the major strengths of this scheme is that it not only detects abnormal behavior due to system faults or attacks, but also secures the system in case where a smart attacker attempts to camouflage by playing along with the predefined protocols. This sort of adversary may compromise certain system nodes at some earlier stage but remain dormant until the critical phase of the mission is reached. We call such an adversary The Quiet Invader. In an effort to minimize overhead, enhance performance and tamper-proof our scheme, we employ redundant hardware typically found in today's self-testing processor ICs, like design for testability (DFT) and built-in self-test (BIST) logic. The cost and performance analysis presented in this paper validates the feasibility and efficiency of our solution.