We define the notion of tamper-evident stabilization and compare it with the other types of stabilization.
•
We define flexible tamper-evident stabilizing systems.
•
We present some theorems and their proofs for composing tamper-evident stabilizing systems.
•
We discuss whether the same theorems hold for flexible tamper-evident stabilization.
•
We discuss how the methods for designing stabilizing programs can be reused for the new systems.
Abstract
We propose the notions of tamper-evident stabilization and flexible tamper-evident stabilization – that combine stabilization with the concept of tamper evidence – for computing systems. On the first glance, these notions are contradictory; stabilization requires that eventually the system functionality is fully restored whereas tamper evidence requires that the system functionality is permanently degraded in the event of tampering. Tamper-evident stabilization and flexible tamper-evident stabilization capture the intuition that the system will tolerate perturbations upto a limit. In the event that it is perturbed beyond that limit, it will exhibit permanent evidence of tampering, where it may provide reduced (possibly none) functionality. We compare tamper-evident stabilization with (conventional) stabilization and with active stabilization and propose two approaches to verify tamper-evident and flexible tamper-evident stabilizing programs in polynomial time in the size of state space. We demonstrate tamper-evident stabilization with two examples and point out some of its potential applications. We also demonstrate how approaches for designing stabilization can be used to design tamper-evident and flexible tamper-evident stabilizations. Finally, we study issues of composition in tamper-evident and flexible tamper-evident stabilizations and discuss how tamper-evident stabilization can effectively be used to provide tradeoff between fault-prevention and fault tolerance.