Design and implementation of Acceptance Monitor for building intrusion tolerant systems

Intrusion detection research has so far concentrated on techniques that effectively identify the malicious behaviors. No assurance can be assumed once the system is compromised. Intrusion tolerance, however, focuses on providing minimal level of services, even when some components have been partially compromised. The challenges here are how to take advantage of fault tolerant techniques in the intrusion tolerant system context and how to deal with possible unknown attacks and compromised components so as to continue providing the service. This paper presents our work on applying one important fault tolerance technique, acceptance testing, for building scalable intrusion tolerant systems. First, we propose a general methodology for designing acceptance testing. An Acceptance Monitor architecture is proposed to apply various tests for detecting the compromises based on the impact of the attacks. Second, we make a comprehensive vulnerability analysis on typical commercial‐off‐the‐shelf (COTS) Web servers. Various acceptance testing modules are implemented to show the effectiveness of the proposed approach. By utilizing the fault tolerance techniques on intrusion tolerance system, we provide a mechanism for building reliable distributed services that are more resistant to both known and unknown attacks. Copyright © 2003 John Wiley & Sons, Ltd.