A Novel Intrusion Tolerant System Based on Adaptive Recovery Scheme (ARS)

Nowadays, as many information systems are connected to Internet and provide useful services to people through Internet, this openness makes the systems as targets of attackers. Even though conventional security solutions such as intrusion detection system (IDS) or firewall were designed to protect such attacks, it is impossible to block all the attacks. The researches on intrusion tolerant system (ITS) have been conducted in order to keep the proper services in the threatening environments. In this paper, we propose a novel Adaptive Recovery Scheme (ARS) which can be applied to intrusion tolerant architecture. ARS has proactive recovery scheme and reactive recovery scheme including self-recovery and emergency recovery. ARS selects appropriate recovery scheme according to internal and external factors to maintain required security and performance level. Additionally, ARS protects an integrity of critical files through snapshot technology. The performance of ARS is compared with existing recovery-based intrusion tolerant system by CSIM 20.

[1]  Miguel Correia,et al.  Highly Available Intrusion-Tolerant Services with Proactive-Reactive Recovery , 2010, IEEE Transactions on Parallel and Distributed Systems.

[2]  Arun K. Sood,et al.  Secure, Resilient Computing Clusters: Self-Cleansing Intrusion Tolerance with Hardware Enforced Security (SCIT/HES) , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[3]  Herb Schwetman,et al.  CSIM19: a powerful tool for building system models , 2001, Proceeding of the 2001 Winter Simulation Conference (Cat. No.01CH37304).

[4]  Vincent Nicomette,et al.  The Design of a Generic Intrusion-Tolerant Architecture for Web Servers , 2009, IEEE Transactions on Dependable and Secure Computing.

[5]  Michael Atighetchi,et al.  Survivability architecture of a mission critical system: the DPASA example , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).