{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,31]],"date-time":"2025-12-31T01:07:24Z","timestamp":1767143244730,"version":"build-2238731810"},"reference-count":28,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2012,3,1]],"date-time":"2012-03-01T00:00:00Z","timestamp":1330560000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/2.0"},{"start":{"date-parts":[[2012,3,1]],"date-time":"2012-03-01T00:00:00Z","timestamp":1330560000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/2.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Braz Comput Soc"],"published-print":{"date-parts":[[2012,3]]},"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>This paper considers the estimation of reliability and availability of intrusion-tolerant systems subject to non-detectable intrusions caused by stealth attacks. We observe that typical intrusion tolerance techniques may in certain circumstances worsen the dependability properties they were meant to improve. We model intrusions as a probabilistic effect of adversarial efforts and analyze different strategies of attack and rejuvenation. We compare several configurations of intrusion-tolerant replication and proactive rejuvenation, and varying mission times and expected times to node-intrusion. In doing so, we identify thresholds that distinguish between improvement and degradation of dependability, with a focus on security. We highlight the complementarity of replication and rejuvenation, showing improvements of resilience not attainable with any of the techniques alone, but possible when they are combined. We advocate the need for thorougher system models, by showing vulnerabilities arising from incomplete specifications.<\/jats:p>","DOI":"10.1007\/s13173-012-0062-x","type":"journal-article","created":{"date-parts":[[2012,2,29]],"date-time":"2012-02-29T03:58:38Z","timestamp":1330487918000},"page":"61-80","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":10,"title":["On the reliability and availability of replicated and rejuvenating systems under stealth attacks and intrusions"],"prefix":"10.1007","volume":"18","author":[{"given":"Lu\u00eds","family":"Teixeira\u00a0d\u2019Aguiar\u00a0Norton\u00a0Brand\u00e3o","sequence":"first","affiliation":[]},{"given":"Alysson","family":"Neves\u00a0Bessani","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2012,3,1]]},"reference":[{"key":"62_CR1","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1109\/TDSC.2004.2","volume":"1","author":"A Avizienis","year":"2004","unstructured":"Avizienis A, Laprie JC, Randell B, Landwehr C (2004) Basic concepts and taxonomy of dependable and secure computing. IEEE Trans Dependable Secure Comput 1:11\u201333","journal-title":"IEEE Trans Dependable Secure Comput"},{"key":"62_CR2","first-page":"159","volume-title":"Mathematical reliability theory: from the beginning to the present time","author":"RE Barlow","year":"2002","unstructured":"Barlow RE (2002) Mathematical and statistical methods in reliability. In: Mathematical reliability theory: from the beginning to the present time, vol 7. World Scientific, Singapore, pp 159\u2013175"},{"key":"62_CR3","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1145\/1966445.1966449","volume-title":"Proceedings of the 6th conference on computer systems (EuroSys\u201911)","author":"A Bessani","year":"2011","unstructured":"Bessani A, Correia M, Quaresma B, Andr\u00e9 F, Sousa P (2011) DepSky: dependable and secure storage in a cloud-of-clouds. In: Proceedings of the 6th conference on computer systems (EuroSys\u201911). ACM, New York, pp 31\u201346"},{"key":"62_CR4","volume-title":"Proceedings of the 3rd workshop on recent advances on intrusion-tolerant systems (WRAITS\u201909)","author":"A Bessani","year":"2009","unstructured":"Bessani A, Daidone A, Gashi I, Obelheiro R, Sousa P, Stankovic\u00a0V (2009) Enhancing fault\/intrusion tolerance through design and configuration diversity. In: Proceedings of the 3rd workshop on recent advances on intrusion-tolerant systems (WRAITS\u201909)"},{"key":"62_CR5","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1109\/LADC.2011.27","volume-title":"Proceedings of the 5th Latin-American symposium on dependable computing (LADC 2011)","author":"LTAN Brand\u00e3o","year":"2011","unstructured":"Brand\u00e3o LTAN, Bessani A (2011) On the reliability and availability of systems tolerant to stealth intrusion. In: Proceedings of the 5th Latin-American symposium on dependable computing (LADC 2011). IEEE Computer Society, Los Alamitos, pp 35\u201344"},{"key":"62_CR6","doi-asserted-by":"publisher","first-page":"398","DOI":"10.1145\/571637.571640","volume":"20","author":"M Castro","year":"2002","unstructured":"Castro M, Liskov B (2002) Practical Byzantine fault tolerance and proactive recovery. ACM Trans Comput Syst 20:398\u2013461","journal-title":"ACM Trans Comput Syst"},{"key":"62_CR7","doi-asserted-by":"publisher","first-page":"174","DOI":"10.1109\/RELDIS.2004.1353018","volume-title":"Proceedings of the 23rd IEEE international symposium on reliable distributed systems (SRDS\u201904)","author":"M Correia","year":"2004","unstructured":"Correia M, Neves NF, Ver\u00edssimo P (2004) How to tolerate half less one byzantine nodes in practical distributed systems. In: Proceedings of the 23rd IEEE international symposium on reliable distributed systems (SRDS\u201904). IEEE Computer Society, Washington, pp 174\u2013183"},{"key":"62_CR8","series-title":"Lecture notes in computer science","doi-asserted-by":"publisher","first-page":"78","DOI":"10.1007\/978-3-540-85571-2_4","volume-title":"Architecting dependable systems V","author":"A Daidone","year":"2008","unstructured":"Daidone A, Chiaradonna S, Bondavalli A, Ver\u00edssimo P (2008) Analysis of a redundant architecture for critical infrastructure protection. In: de Lemos R, Di Giandomenico F, Gacek C, Muccini H, Vieira M (eds) Architecting dependable systems V. Lecture notes in computer science, vol 5135. Springer, Berlin, pp 78\u2013100"},{"key":"62_CR9","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1109\/HOTOS.1997.595185","volume-title":"Proceedings of the 6th workshop on hot topics in operating systems (HotOS-VI)","author":"S Forrest","year":"1997","unstructured":"Forrest S, Somayaji A, Ackley DH (1997) Building diverse computer systems. In: Proceedings of the 6th workshop on hot topics in operating systems (HotOS-VI). IEEE Computer Society, Washington, p\u00a067"},{"key":"62_CR10","first-page":"203","volume-title":"Proceedings of the 3rd international conference on computer security","author":"JS Fraga","year":"1985","unstructured":"Fraga JS, Powell D (1985) A fault- and intrusion-tolerant file system. In: Proceedings of the 3rd international conference on computer security, pp 203\u2013218"},{"key":"62_CR11","volume-title":"Proceedings of the international conference on dependable systems and networks (DSN\u201911)","author":"M Garcia","year":"2011","unstructured":"Garcia M, Bessani A, Gashi I, Neves N, Obelheiro R (2011) OS diversity for intrusion tolerance: myth or reality. In: Proceedings of the international conference on dependable systems and networks (DSN\u201911), Hong Kong"},{"key":"62_CR12","first-page":"381","volume-title":"Proceedings of 25th international symposium on fault tolerant computing (FTCS\u201995)","author":"Y Huang","year":"1995","unstructured":"Huang Y, Kintala CMR, Kolettis N, Fulton ND (1995) Software rejuvenation: analysis, module and applications. In: Proceedings of 25th international symposium on fault tolerant computing (FTCS\u201995). IEEE Computer Society, Washington, pp 381\u2013390"},{"key":"62_CR13","volume-title":"Fault tolerant systems","author":"I Koren","year":"2007","unstructured":"Koren I, Krishna CM (2007) Fault tolerant systems. Morgan Kaufmann Publishers Inc, San Francisco"},{"key":"62_CR14","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1049\/ip-e.1984.0005","volume":"131","author":"I Koren","year":"1984","unstructured":"Koren I, Shalev E (1984) Reliability analysis of hybrid redundancy systems. IEE Proc E, Comput Digit Tech 131:31\u201336","journal-title":"IEE Proc E, Comput Digit Tech"},{"key":"62_CR15","series-title":"Lecture notes in computer science","doi-asserted-by":"publisher","first-page":"423","DOI":"10.1007\/978-3-540-30108-0_26","volume-title":"Computer security\u2014ESORICS 2004","author":"B Littlewood","year":"2004","unstructured":"Littlewood B, Strigini L (2004) Redundancy and diversity in security. In: Samarati P, Ryan P, Gollmann D, Molva R (eds) Computer security\u2014ESORICS 2004. Lecture notes in computer science, vol 3193. Springer, Berlin, pp 423\u2013438"},{"key":"62_CR16","unstructured":"Obelheiro RR, Bessani AN, Lung LC, Correia M (2006) How practical are intrusion-tolerant distributed systems? DI-FCUL TR 06\u201315, Dep. of Informatics, Univ of Lisbon"},{"key":"62_CR17","volume-title":"NIST handbook of mathematical functions","author":"FW Olver","year":"2010","unstructured":"Olver FW, Lozier DW, Boisvert RF, Clark CW (2010) NIST handbook of mathematical functions. Cambridge University Press, New York"},{"key":"62_CR18","doi-asserted-by":"publisher","first-page":"4:1","DOI":"10.1145\/1813654.1813655","volume":"28","author":"T Roeder","year":"2010","unstructured":"Roeder T, Schneider FB (2010) Proactive obfuscation. ACM Trans Comput Syst 28:4:1\u20134:54","journal-title":"ACM Trans Comput Syst"},{"key":"62_CR19","doi-asserted-by":"publisher","first-page":"299","DOI":"10.1145\/98163.98167","volume":"22","author":"FB Schneider","year":"1990","unstructured":"Schneider FB (1990) Implementing fault-tolerant service using the state machine approach: a tutorial. ACM Comput Surv 22:299\u2013319","journal-title":"ACM Comput Surv"},{"key":"62_CR20","doi-asserted-by":"publisher","first-page":"612","DOI":"10.1145\/359168.359176","volume":"22","author":"A Shamir","year":"1979","unstructured":"Shamir A (1979) How to share a secret. Commun ACM 22:612\u2013613","journal-title":"Commun ACM"},{"issue":"4","key":"62_CR21","doi-asserted-by":"publisher","first-page":"452","DOI":"10.1109\/TPDS.2009.83","volume":"21","author":"P Sousa","year":"2010","unstructured":"Sousa P, Bessani AN, Correia M, Neves NF, Verissimo P (2010) Highly available intrusion-tolerant services with proactive-reactive recovery. IEEE Trans Parallel Distrib Syst 21(4):452\u2013465","journal-title":"IEEE Trans Parallel Distrib Syst"},{"key":"62_CR22","doi-asserted-by":"publisher","first-page":"98","DOI":"10.1109\/DSN.2005.55","volume-title":"Proceedings of the 2005 international conference on dependable systems and networks (DSN\u20192005)","author":"P Sousa","year":"2005","unstructured":"Sousa P, Neves NF, Ver\u00edssimo P (2005) How resilient are distributed f fault\/intrusion-tolerant systems. In: Proceedings of the 2005 international conference on dependable systems and networks (DSN\u20192005). IEEE Computer Society, Washington, pp 98\u2013107"},{"key":"62_CR23","volume-title":"Proceedings of the 3rd workshop on hot topics in system dependability (HotDep\u201907)","author":"P Sousa","year":"2007","unstructured":"Sousa P, Neves NF, Verissimo P (2007) Hidden problems of asynchronous proactive recovery. In: Proceedings of the 3rd workshop on hot topics in system dependability (HotDep\u201907). USENIX Association, Berkeley"},{"key":"62_CR24","first-page":"10","volume-title":"Proceedings of the 14th conference on USENIX security symposium (SSYM\u201905)","author":"AN Sovarel","year":"2005","unstructured":"Sovarel AN, Evans D, Paul N (2005) Where\u2019s the FEEB? The effectiveness of instruction set randomization. In: Proceedings of the 14th conference on USENIX security symposium (SSYM\u201905). USENIX Association, Berkeley, p\u00a010"},{"key":"62_CR25","volume-title":"Probability and statistics with reliability, queuing and computer science applications","author":"KS Trivedi","year":"2001","unstructured":"Trivedi KS (2001) Probability and statistics with reliability, queuing and computer science applications, 2nd edn. Wiley, Chichester","edition":"2"},{"key":"62_CR26","doi-asserted-by":"publisher","first-page":"135","DOI":"10.1109\/SRDS.2009.36","volume-title":"Proceedings of the 28th IEEE international symposium on reliable distributed systems (SRDS\u201909)","author":"GS Veronese","year":"2009","unstructured":"Veronese GS, Correia M, Bessani AN, Lung LC (2009) Spin one\u2019s wheels? Byzantine fault tolerance with a spinning primary. In: Proceedings of the 28th IEEE international symposium on reliable distributed systems (SRDS\u201909). IEEE Computer Society, Washington, pp 135\u2013144"},{"key":"62_CR27","series-title":"Lecture notes in computer science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/3-540-45177-3_1","volume-title":"Architecting dependable systems","author":"P Ver\u00edssimo","year":"2003","unstructured":"Ver\u00edssimo P, Neves N, Correia M (2003) Intrusion-tolerant architectures: concepts and design. In: de Lemos R, Gacek C, Romanovsky A (eds) Architecting dependable systems. Lecture notes in computer science, vol 2677. Springer, Berlin, pp 3\u201336"},{"key":"62_CR28","doi-asserted-by":"crossref","unstructured":"Wolfram Research I (2011) Mathematica 8.0 for students","DOI":"10.31855\/07868f86-19f"}],"updated-by":[{"DOI":"10.1007\/s13173-012-0074-6","type":"erratum","label":"Erratum","source":"publisher","updated":{"date-parts":[[2012,5,12]],"date-time":"2012-05-12T00:00:00Z","timestamp":1336780800000}}],"container-title":["Journal of the Brazilian Computer Society"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s13173-012-0062-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s13173-012-0062-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s13173-012-0062-x","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s13173-012-0062-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,22]],"date-time":"2025-03-22T01:51:05Z","timestamp":1742608265000},"score":1,"resource":{"primary":{"URL":"https:\/\/journal-bcs.springeropen.com\/articles\/10.1007\/s13173-012-0062-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,3]]},"references-count":28,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2012,3]]}},"alternative-id":["62"],"URL":"https:\/\/doi.org\/10.1007\/s13173-012-0062-x","relation":{},"ISSN":["0104-6500","1678-4804"],"issn-type":[{"value":"0104-6500","type":"print"},{"value":"1678-4804","type":"electronic"}],"subject":[],"published":{"date-parts":[[2012,3]]},"assertion":[{"value":"19 September 2011","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"28 January 2012","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"1 March 2012","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}