摘要
软件冗余执行(SRE)基于故障随机发生的性质,实现对软硬件故障的容错处理,是常见的容错设计方法。软件异构冗余执行(SHRE)则在SRE的基础上利用软件多样化特征,通过冗余执行相同功能的异构软件副本,表决执行结果来抵御软件漏洞和同质化威胁。基于此,提出了SHRE系统的分类方法,引入了SHRE系统的安全能力概念,考虑N模冗余、I/O操作模式以及受攻击软件副本的恢复能力,分析了不同结构SHRE系统的安全性。分析结果显示,SHRE系统在三模冗余且受攻击软件副本具备恢复能力的情况下安全能力表现最好,缩短受攻击软件副本的恢复时间能够提高系统安全性。
Software-based redundant execution(SRE)is a popular fault-tolerant design method which makes use of faults occurring randomly to achieve fault-tolerance.Software-based heterogeneous redundant execution(SHRE)uses heterogeneous redundant software replicas with identical function based on SRE and diversity of software.By comparing the results of heterogeneous redundant software replicas,SHRE can resist threats from software vulnerabilities and homogenization.The classification method of SHRE was proposed,and the security capability of SHRE was introduced.Based on N-modular redundancy,I/O operation mode and the recovery capability of attacked software replica,resistance to attack of different structures were analyzed.The analysis shows that the security capability of SHRE performs best when it is triple-mode redundancy architecture and attacked software replica can be recovered.Besides,by shortening the recovery time of attacked software replica,security to SHRE can be improved.
作者
马博林
张铮
任权
张高斐
邬江兴
MA Bolin;ZHANG Zheng;REN Quan;ZHANG Gaofei;WU Jiangxing(Information Engineering University,Zhengzhou 450001,China;Purple Mountain Laboratories,Nanjing 211111,China)
出处
《通信学报》
EI
CSCD
北大核心
2021年第9期1-11,共11页
Journal on Communications
基金
国家自然科学基金资助项目(No.61521003)
国家重点研发计划基金资助项目(No.2018YFB0804003)。
关键词
软件异构冗余执行
软件漏洞和同质化
安全能力
software-based heterogeneous redundant execution
software vulnerabilities and homogenization
security capability
