On Optimizing Service Availability of an Internet Based Architecture for Infrastructure Protection

Modern Infrastructure Protection Systems (IPSs) tend to be geographically distributed as well as Internet based. Geographic distribution has the goal of increasing fault tolerance as well survivability (e.g. against attacks of various kinds). Usage of a public communication infrastructure like Internet has the goal of decreasing costs as well as easying system deployment. During an emergency, computational as well as communication resources tend to be scarce. When there are no resources available a request is not admitted into the systems. As a result emergency requests may get blocked. More specifically, two service classes must be served, a low priority class for maintenance and monitoring and a high priority class for emergency related interventions. A suitable service policy is necessary to guarantee system responsiveness when emergency events occur while keeping the Quality of Service (QoS) of low priority requests at an acceptable level. Unfortunately the above are conflicting requirements since to guarantee system responsiveness upon an emergency (high priority) event we should always have free resources to use in such a situation. In this paper we show how the above admission control policy problem can be modeled as a Semi Markov Decision Process (SMDP). By solving such SMDP we compute a policy that finds a tradeoff solution between minimizing the probability that a critical service request is blocked due to resource unavailability and reserving too much resources to critical events resulting in unacceptable performance of low priority requests. For computational and robustness reasons we also propose some heuristics. Finally, we compare the performance of the computed optimal policy and heuristics by means of simulation and probabilistic model checking.