DHR Architecture

Abstract

As we have learned from Chap. 6, DRS has an inherent anti-attack attribute (i.e., intrusion-tolerant attribute) in addition to the conventional robust control attribute, where the “one-way transparent attack from within and without” based on the backdoor of static target vulnerabilities under a single-space shared resource mechanism can be upgraded in respect of complexity to the cooperative attack stage based on the backdoor of static multi-target vulnerabilities. Thus, deterministic attacks targeted at each executor, in a given multimodal OV space, will be forced by the MV mechanism into a probability event strongly correlated with the redundancy size, executor heterogeneity, and OV complexity. However, the attack resistance of DRS is affected by the following conditions and factors: ① Suppose that the heterogeneity of the DHR redundant executors is infinite in size, that is, there are no existing dark function intersections; ② the number of executors in the abnormal state within the architecture must meet the condition of f ≤ (N−1)/2; ③ external and internal coordinated attacks aiming at backdoors or malicious codes within the architecture are not taken into account; ④ majority selection ruling algorithms have judgement-blind areas against the multiple or concerted attacks and escapes; ⑤ there are no post-processing mechanisms against the executors with abnormal output vectors except hang-up/cleaning. What is worse is that the operation environment of all the executors in the DRS structure and the exploitable conditions of vulnerabilities and backdoor are statically determined and the parallel deployment of the executors usually does not change the accessibility of attack surface. Therefore, theoretically speaking, attackers can reach two aims through an unrestricted trial-and-error approach: the first aim is to break through the executors with exploitable vulnerabilities and backdoors continuously or one by one so that the number of abnormal executors which happen concurrently in the architecture is larger than f = (N−1)/2; the second aim is that the attacker may use the dark functions existing in the executors to launch standby coordinated attacks or tunnel breakthrough (please refer to Sect. 6.5.3) so as to use the judgement-blind areas of the majority selection ruling mechanisms for attack and escape. And the attack experience can be inherited. Attack methods can be copied, and the attack effects have afterward-exploitability value. That is, DRS staticity, certainty, and similarity have serious genetic defects in the security area. As a result, it lacks the capability of maintaining nondecreasing information entropy against general uncertain disturbances and therefore does not possess such features as stable robust control and quality robust control against cyber attacks. This chapter focuses on how to use the general robust control technology to change the DRS “structural genes.” Dynamic convergent and iterative diversified defense scenarios will be used to replace excessively rigid and costly heterogeneous designing to obtain the effects with the measurable designing and verifiable structure so that it is possible to stably suppress general uncertain disturbances including attacks aiming at unknown vulnerabilities and backdoors.