The Design of a Generic Intrusion-Tolerant Architecture for Web Servers

Nowadays, more and more information systems are connected to the Internet and offer Web interfaces to the general public or to a restricted set of users. Such openness makes them likely targets for intruders, and conventional protection techniques have been shown insufficient to prevent all intrusions in such open systems. This paper proposes a generic architecture to implement intrusion-tolerant Web servers. This architecture is based on redundancy and diversification principles in order to increase the system resilience to attacks: usually, an attack targets a particular software, running on a particular platform, and fails on others. The architecture is composed of redundant proxies that mediate client requests to a redundant bank of diversified application servers. The redundancy is deployed here to increase system availability and integrity. To improve performance, adaptive redundancy is applied: the redundancy level is selected according to the current alert level. The architecture can be used for static servers, that is, for Web distribution of stable information (updated offline) and for fully dynamic systems where information updates are executed immediately on an online database. The feasibility of this architecture has been demonstrated by implementing an example of a travel agency Web server, and the first performance tests are satisfactory, both for request execution times and recovery after incidents.

[1]  Peng Liu,et al.  The design of an adaptive intrusion tolerant database system , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[2]  CRISPIN COWAN,et al.  Software Security for Open-Source Systems , 2003, IEEE Secur. Priv..

[3]  Magnus Almgren,et al.  An Adaptive Intrusion-Tolerant Server Architecture , 2004 .

[4]  Kevin A. Kwiat,et al.  A tamper-resistant framework for unambiguous detection of attacks in user space using process monitors , 2003, First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings..

[5]  Alfonso Valdes,et al.  Intrusion Tolerance and Worm Spread , 2003 .

[6]  Paulo Veríssimo,et al.  The Delta-4 approach to dependability in open distributed computing systems , 1988, [1988] The Eighteenth International Symposium on Fault-Tolerant Computing. Digest of Papers.

[7]  Michael Steiner,et al.  Malicious- and Accidental-Fault Tolerance for Internet Applications , 2002 .

[8]  Yves Deswarte,et al.  Intrusion tolerance in distributed computing systems , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[9]  Alfonso Valdes,et al.  Adaptive, Model-Based Monitoring for Cyber Attack Detection , 2000, Recent Advances in Intrusion Detection.

[10]  Shambhu Upadhyaya,et al.  Secure and fault-tolerant voting in distributed systems , 2001, 2001 IEEE Aerospace Conference Proceedings (Cat. No.01TH8542).

[11]  Pradeep K. Khosla,et al.  Survivable Information Storage Systems , 2000, Computer.

[12]  Tomás E. Uribe,et al.  Combining Monitors for Runtime System Verification , 2002, Electron. Notes Theor. Comput. Sci..

[13]  Eric Totel,et al.  COTS Diversity Based Intrusion Detection and Application to Web Servers , 2005, RAID.

[14]  H. Ramasamy,et al.  Providing Intrusion Tolerance With ITUA , 2002 .

[15]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[16]  Joel Waldfogel,et al.  Introduction , 2010, Inf. Econ. Policy.

[17]  Ravishankar K. Iyer,et al.  Chameleon: A Software Infrastructure for Adaptive Fault Tolerance , 1999, IEEE Trans. Parallel Distributed Syst..

[18]  Peter G. Neumann,et al.  Experience with EMERALD to Date , 1999, Workshop on Intrusion Detection and Network Monitoring.

[19]  Michael Gertz,et al.  THE WILLOW SURVIVABILITY ARCHITECTURE , 2001 .