Quantifying cyber-resilience against resource-exhaustion attacks

Author

Fink, Glenn A. ; Griswold, Richard L. ; Beech, Zachary W.

Author_Institution

Pacific Northwest Nat. Lab., Richland, WA, USA

fYear

2014

fDate

19-21 Aug. 2014

Firstpage

1

Lastpage

8

Abstract

Resilience in the information sciences is notoriously difficult to define much less to measure. But in mechanical engineering, the resilience of a substance is mathematically well-defined as an area under the stress-strain curve. We combined inspiration from mechanics of materials and axioms from queuing theory in an attempt to define resilience precisely for information systems. We first examine the meaning of resilience in linguistic and engineering terms and then translate these definitions to information sciences. As a general assessment of our approach´s fitness, we quantify how resilience may be measured in a simple queuing system. By using a very simple model we allow clear application of established theory while being flexible enough to apply to many other engineering contexts in information science and cyber security. We tested our definitions of resilience via simulation and analysis of networked queuing systems. We conclude with a discussion of the results and make recommendations for future work.

Keywords

queueing theory; security of data; cyber security; cyber-resilience quantification; engineering terms; information sciences; linguistic terms; mechanical engineering; networked queuing systems; queuing theory; resource-exhaustion attacks; simple queuing system; stress-strain curve; Information systems; Queueing analysis; Resilience; Servers; Strain; Stress; Resilience; cyber systems; information science; material science; strain; stress;

fLanguage

English

Publisher

ieee

Conference_Titel

Resilient Control Systems (ISRCS), 2014 7th International Symposium on

Conference_Location

Denver, CO

Type

conf

DOI

10.1109/ISRCS.2014.6900093

Filename

6900093