基于执行体划分的防御增强型动态异构冗余架构

针对DHR系统服务体在面临共同漏洞时的系统脆弱性问题,提出了一种改进的DHR架构——IDHR。该架构在DHR的基础上,首先引入根据执行体间的异构性对执行体集进行划分的执行体划分模块,以极大增强各执行体池之间的异构性。在此基础上,改进调度模块中的动态选择算法,即采用先随机选择执行体池,再从执行体池中随机选择执行体的方式,以提高在共同漏洞下DHR系统的安全性。最后,通过随机模拟执行体和仿真Web服务器2种实验方案,从攻击成功率和被控制率2个方面对所提IDHR架构进行安全性评估。实验结果表明,IDHR架构的安全性,尤其是在共同漏洞未知情况下,明显优于传统DHR架构。

Defense-enhanced dynamic heterogeneous redundancy architecture based on executor partition

Aiming at the security problem when servants are faced with common vulnerabilities,an improved DHR architecture called IDHR was proposed.On the basis of DHR,an executor-partition module that divided the executor-set to several executor pools by the heterogeneity among the executors was introduced to improve the heterogeneity among the executor pools.Moreover,the scheduling algorithm was improved by choosing executor pools randomly at first,and then choosing the executors from these pools randomly.Finally,through two experimental schemes of random simulation and Web server emulation,the security evaluation of the proposed IDHR architecture was carried out from two aspects of attack success rate and control rate.Experimental results show that the security of the IDHR architecture,especially when the common vulnerability is unknown,is significantly better than the traditional DHR architecture.