Skip to main content

Analysis of a Redundant Architecture for Critical Infrastructure Protection

  • Chapter

Part of the Lecture Notes in Computer Science book series (LNPSE,volume 5135)


Critical infrastructures like the power grid are emerging as collection of existing separated systems of different nature which are interconnected together. Their criticality becomes more and more evident as the damage and the risks deriving from wrong behaviors (both accidental and intentionally caused) are increasing. It is becoming evident that existing (legacy) subsystem must be interconnected together following some disciplined and controlled way. This is one of the challenges taken by the European Project CRUTIAL, where an infrastructure architecture seen as a WAN of LANs is being proposed, where LANs confine existing sub-systems, protected by special interconnection and filtering devices (CIS - CRUTIAL Information Switches). Previous work led to the definition of the CIS internal and interconnection architecture, so that a set of CIS can collectively ensure that the computers controlling the physical process correctly exchange information despite accidents and malicious attacks. CIS resilience is achieved thanks to replication for intrusion tolerance and replica recovery for self-healing.

This chapter analyzes the redundant architecture of the CIS, with a set of objectives: identifying the relevant parameters of the architecture; evaluating how effective is the trade-off between proactive and reactive recoveries; and finding the best parameter setup. Two measures of interest were identified, a model of the recovery strategy was constructed and the quantitative behavior of the recovery strategy was analyzed. The impact of the detection coverage, of the intrusions and of the number of CIS replicas was analyzed and discussed. The directions for refining and improving the recovery strategy were proposed.


  • Critical Infrastructure
  • Recovery Strategy
  • Mission Time
  • Detection Coverage
  • System Failure Probability

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Buying options

USD   6.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Madani, V., Novosel, D.: Getting a grip on the grid. Spectrum, IEEE 42, 42–47 (2005)

    CrossRef  Google Scholar 

  2. Dawson, R., Boyd, C., Dawson, E., González Nieto, J.: SKMA: a key management architecture for SCADA systems. In: ACSW Frontiers 2006: Proceedings of the 2006 Australasian workshops on Grid computing and e-research, pp. 183–192. Australian Computer Society, Inc., Darlinghurst (2006)

    Google Scholar 

  3. Wilson, C.: Terrorist capabilities for cyber-attack. In: Dunn,, Mauer, V. (eds.) Int. CIIP Handbook, CSS, ETH Zurich, vol. II, pp. 69–88 (2006)

    Google Scholar 

  4. Gordon, L., Loeb, M., Lucyshyn, W., Richardson, R.: 2006 CSI/FBI computer crime and security survey (2006)

    Google Scholar 

  5. Veríssimo, P., Neves, N., Correia, M.: CRUTIAL: The blueprint of a reference critical information infrastructure architecture. In: 1st International Workshop on Critical Information Infrastructures @ ISC 2006 (2006)

    Google Scholar 

  6. Sousa, P., Neves, N., Lopes, A., Veríssimo, P.: On the resilience of intrusion-tolerant distributed systems. DI/FCUL TR 6–14, Department of Informatics, University of Lisbon (2006)

    Google Scholar 

  7. Sousa, P., Bessani, A., Correia, M., Neves, N., Veríssimo, P.: Resilient intrusion tolerance through proactive and reactive recovery. In: 13th IEEE Pacific Rim Dependable Computing conference (2007)

    Google Scholar 

  8. Veríssimo, P.: Travelling through wormholes: a new look at distributed systems models. SIGACT News 37, 66–81 (2006)

    CrossRef  Google Scholar 

  9. El Kalam, A.A., El Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miège, A., Saurel, C., Trouessin, G.: Organization based access control. In: 4th IEEE Int. Workshop on Policies for Distributed Systems and Networks (2003)

    Google Scholar 

  10. Obelheiro, R., Bessani, A., Lung, L., Correia, M.: How practical are intrusion-tolerant distributed systems? DI/FCUL TR 06–15, Department of Informatics, University of Lisbon (2006)

    Google Scholar 

  11. Mura, I., Bondavalli, A.: Markov regenerative stochastic Petri nets to model and evaluate the dependability of phased missions. IEEE Transactions on Computers 50, 1337–1351 (2001)

    CrossRef  Google Scholar 

  12. Bondavalli, A., Mura, I., Chiaradonna, S., Filippini, R., Poli, S., Sandrini, F.: DEEM: a tool for the dependability modeling and evaluation of multiple phased systems. In: DSN-2000 IEEE Int. Conference on Dependable Systems and Networks (FTCS-30 and DCCA-8), pp. 231–236 (2000)

    Google Scholar 

  13. Moretto, M.: Progettazione, realizzazione ed utilizzo di un generatore di simulatori per sistemi a fasi multiple. Master’s thesis, Università degli Studi di Pisa (2004)

    Google Scholar 

  14. Sanders, W., Meyer, J.: A unified approach for specifying measures of performance, dependability and performability. In: Avizienis, A., Laprie, J. (eds.) Dependable Computing for Critical Applications. Dependable Computing and Fault-Tolerant Systems, vol. 4, pp. 215–237. Springer, Heidelberg (1991)

    CrossRef  Google Scholar 

  15. Nitzberg, B., Lo, V.: Distributed shared memory: a survey of issues and algorithms. Computer 24, 52–60 (1991)

    CrossRef  Google Scholar 

  16. Morin, C., Puaut, I.: A survey of recoverable distributed shared virtual memory systems. IEEE Transactions on Parallel and Distributed Systems 8, 959–969 (1997)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations


Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Daidone, A., Chiaradonna, S., Bondavalli, A., Veríssimo, P. (2008). Analysis of a Redundant Architecture for Critical Infrastructure Protection. In: de Lemos, R., Di Giandomenico, F., Gacek, C., Muccini, H., Vieira, M. (eds) Architecting Dependable Systems V. Lecture Notes in Computer Science, vol 5135. Springer, Berlin, Heidelberg.

Download citation

  • DOI:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-85570-5

  • Online ISBN: 978-3-540-85571-2

  • eBook Packages: Computer ScienceComputer Science (R0)