Availability Analysis of an IMS-Based VoIP Network System

In multimedia wireless networks, VoIP (voice over internet protocol) technology is commonly used to compress the voice information based on a various type of coding techniques, transform it to the packet data, and transmit with real time on IP network. Since the VoIP network is often faced by external threats, a number of security failures may occur at each level of end-user, server and service provider. In this paper we focus on an intrusion tolerant architecture combined an IMS (IP multimedia subsystem), which is a information management middleware developed by IBM Inc., with the VoIP network system. More specifically, we describe the stochastic behavior of the IMS-based VoIP network systems with/without intrusion tolerant mechanism by semi-Markov processes, and evaluate quantitatively their security effects and robustness in terms of both service availability and mean time to security failure.

[1]  Yi Mu,et al.  Emerging Directions in Embedded and Ubiquitous Computing , 2006 .

[2]  William H. Sanders,et al.  Probabilistic validation of an intrusion-tolerant replication system , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[3]  Bharat B. Madan,et al.  Modeling and quantification of security attributes of software systems , 2002, Proceedings International Conference on Dependable Systems and Networks.

[4]  David Wright,et al.  Towards Operational Measures of Computer Security , 1993, J. Comput. Secur..

[5]  Tadashi Dohi,et al.  Optimizing Security Measures in an Intrusion Tolerant Database System , 2008, ISAS.

[6]  Ying Wang,et al.  The Design and Implementation of a Self-Healing Database System , 2004, Journal of Intelligent Information Systems.

[7]  Yan Bai,et al.  A survey of VoIP intrusions and intrusion detection systems , 2004, The 6th International Conference on Advanced Communication Technology, 2004..

[8]  Yves Deswarte,et al.  Internet Security: An Intrusion-Tolerance Approach , 2006, Proceedings of the IEEE.

[9]  Dieter Gollmann,et al.  Computer Security - ESORICS 2006, 11th European Symposium on Research in Computer Security, Hamburg, Germany, September 18-20, 2006, Proceedings , 2006, ESORICS.

[10]  Yves Deswarte,et al.  Intrusion tolerance in distributed computing systems , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[11]  Peter Y. A. Ryan,et al.  A qualitative analysis of the intrusion-tolerance capabilities of the MAFTIA architecture , 2004, International Conference on Dependable Systems and Networks, 2004.

[12]  Rogério de Lemos,et al.  Architecting dependable systems , 2003, J. Syst. Softw..

[13]  Himanshu Pant,et al.  Reliability and security modeling in upgrading wireless backbone networks , 2004, Bell Labs Technical Journal.

[14]  Kishor S. Trivedi,et al.  Characterizing intrusion tolerant systems using a state transition model , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[15]  Tadashi Dohi,et al.  Quantitative Evaluation of Intrusion Tolerant Systems Subject to DoS Attacks Via Semi-Markov Cost Models , 2007, EUC Workshops.

[16]  Saurabh Bagchi,et al.  SCIDIVE: a stateful and cross protocol intrusion detection architecture for voice-over-IP environments , 2004, International Conference on Dependable Systems and Networks, 2004.

[17]  Paulo Veríssimo Intrusion-tolerant middleware , 2006, S&P 2006.

[18]  Bharat B. Madan,et al.  A method for modeling and quantifying the security attributes of intrusion tolerant systems , 2004, Perform. Evaluation.

[19]  Peng Liu,et al.  Modeling and Evaluating the Survivability of an Intrusion Tolerant Database System , 2006, ESORICS.

[20]  William H. Sanders,et al.  Dependability and Performance Evaluation of Intrusion-Tolerant Server Architectures , 2003, LADC.

[21]  Tomas Olovsson,et al.  A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior , 1997, IEEE Trans. Software Eng..

[22]  Miguel Correia,et al.  Intrusion-Tolerant Architectures: Concepts and Design , 2002, WADS.

[23]  Peng Liu,et al.  Self-healing workflow systems under attacks , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..

[24]  Rodolphe Ortalo,et al.  Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security , 1999, IEEE Trans. Software Eng..

[25]  Peng Liu Architectures for intrusion tolerant database systems , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[26]  Tadashi Dohi,et al.  Optimal Security Patch Management Policies Maximizing System Availability , 2010, J. Commun..

[27]  Feiyi Wang,et al.  SITAR: a scalable intrusion-tolerant architecture for distributed services , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[28]  Sushil Jajodia,et al.  VoIP Intrusion Detection Through Interacting Protocol State Machines , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[29]  Andrew R. McGee,et al.  Optimal availability and security for IMS-based VoIP networks , 2006, Bell Labs Technical Journal.

[30]  Paulo Veríssimo,et al.  Intrusion-tolerant middleware: the road to automatic security , 2006, IEEE Security & Privacy.

[31]  William H. Sanders,et al.  Model-based validation of an intrusion-tolerant information system , 2004, Proceedings of the 23rd IEEE International Symposium on Reliable Distributed Systems, 2004..