Intrusion Tolerance for Unclassified Networked Systems

Abstract : Information such as security advisories, emergency recommendations, e-government information, etc., is unclassified, but its availability and integrity may be vital. Such data are intended to be made widely available and thus need to be accessible through open networks such as the Internet. The systems distributing this kind of information are usually built from COTS hardware and software, since their functions do not require specific software or hardware development. Openness and use of COTS make these systems very vulnerable, and traditional security means are insufficient to achieve the required availability and integrity. In that case, fault tolerance can be viewed as a complementary, valuable technique to cope with possible intrusions, as well as accidental failures of system components. This paper presents the techniques of intrusion tolerance, and describe some recent experimental architectures, developed by the European project MAFTIA and the DARPA project DIT.

[1]  Hervé Debar,et al.  Aggregation and Correlation of Intrusion-Detection Alerts , 2001, Recent Advances in Intrusion Detection.

[2]  Miguel Correia,et al.  The Design of a COTSReal-Time Distributed Security Kernel , 2002, EDCC.

[3]  Michael Backes,et al.  Reliable broadcast in a computational hybrid model with Byzantine faults, crashes, and recoveries , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[4]  Magnus Almgren,et al.  An Adaptive Intrusion-Tolerant Server Architecture , 2004 .

[5]  Yves Deswarte,et al.  Intrusion tolerance in distributed computing systems , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[6]  Marc Dacier,et al.  MAFTIA (Malicious− and Accidental− Fault Tolerance for Internet Applications , 2001 .

[7]  Miguel Correia,et al.  Efficient Byzantine-resilient reliable multicast on a hybrid failure model , 2002, 21st IEEE Symposium on Reliable Distributed Systems, 2002. Proceedings..

[8]  Jean Arlat,et al.  Fault Tolerant Computing , 1999 .

[9]  Jean-Claude Laprie,et al.  Diversity against accidental and deliberate faults , 1998, Proceedings Computer Security, Dependability, and Assurance: From Needs to Solutions (Cat. No.98EX358).

[10]  I. Bey,et al.  Delta-4: A Generic Architecture for Dependable Distributed Computing , 1991, Research Reports ESPRIT.

[11]  Brian Randell,et al.  Fundamental Concepts of Dependability , 2000 .

[12]  Christian Cachin,et al.  Distributing trust on the Internet , 2001, 2001 International Conference on Dependable Systems and Networks.