Bridging Fault Tolerance and Game Theory for Assuring Cyberspace


Posted: March 8, 2016 | By: Dr. Kevin A. Kwiat, Charles A. Kamhoua

We saw a close similarity between the fight through problem and the OODA loop that allowed us to create a fight-through OODA loop. The fight-through OODA loop [6] shown in Figure 2 is aimed at outperforming the adversary’s OODA loop. It absorbs the damage inflicted by the attacker to ultimately prevail. The mainstay for our fight-though OODA loop is fault tolerance. Invariably, fault tolerance calls upon some form of redundancy. Spatial, temporal, and information redundancy [5] are stood-up concurrently so that the loss of resources in one dimension is withstood by the other dimensions. These dimensions of redundancy supply the reinforcing resources for a fightthrough capability. FTFT spans multiple dimensions of redundancy to form an OODA loop for fighting-through. Redundancy, as the underpinning of fault tolerance, is not placed haphazardly; instead, redundancy is strategically placed to counter the attacker. When computer replication is employed as a form of redundancy it is infused with diversity so that the replicas would be functionally-equivalent but present the attacker with different targets. Virtual machines in a cloud computing environment are a contemporary source of viable spatial replication. Such replication can overwhelm an attacker with too many targets; however, replication is more than merely providing sacrificial targets. By being able to observe an attacker’s actions aimed at depleting the number of replicas, the fight-through OODA loop can: orient the other replicas; decide on their deployment; and then act against the attack. The fight through OODA loop in Figure 2 depicts such a scenario. It shows concentric loops. The attacker’s outer loop strives to compromise those replicas that comprise a critical application by monitoring the replicas’ communications. Similarly, the defender’s inner loop has the replicas monitoring their own communications. However, the inner loop decides when the information divulged by the replicas’ communications is approaching a critical level. Before the critical level is reached, the communicating replicas agree to change roles. This disrupts the previous communication pattern such that the knowledge that the attacker had derived from it is now seriously diminished. The tighter diameter of the defender’s OODA Loop illustrates the defender’s more timely completion of the cycle. FTFT’s multi-dimensional redundancy permits the defender to “get inside the enemy’s decision cycle.”

In a larger sense, our transformation of fault-tolerant computing concepts into a fight through capability is a blending of the reactive and the proactive: our proposed fight through OODA Loop is reactive to faults yet strives to proactively anticipate the attacker’s next action.


Want to find out more about this topic?

Request a FREE Technical Inquiry!