Security modeling and analysis of a self-cleansing intrusion tolerance technique

Since security is increasingly the principal concern in the conception and implementation of software systems, it is very important that the security mechanisms are designed so as to protect the computer systems against cyber attacks. An Intrusion Tolerance Systems play a crucial role in maintaining the service continuity and enhancing the security compared with the traditional security. In this paper, we propose to combine a preventive maintenance with existing intrusion tolerance system to improve the system security. We use a semi-Markov process to model the system behavior. We quantitatively analyze the system security using the measures such as system availability, Mean Time To Security Failure and cost. The numerical analysis is presented to show the feasibility of the proposed approach.

[1]  Arun K. Sood,et al.  Incorruptible Self-Cleansing Intrusion Tolerance and Its Application to DNS Security , 2006, J. Networks.

[2]  Arun K. Sood,et al.  Designing SCIT architecture pattern in a Cloud-based environment , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W).

[3]  Arun Sood,et al.  Comparative Analysis of Intrusion-Tolerant System Architectures , 2010 .

[4]  Arun K. Sood,et al.  Quantitative Approach to Tuning of a Time-Based Intrusion-Tolerant System Architecture , 2009 .

[5]  Paulo Veríssimo,et al.  Intrusion-tolerant middleware: the road to automatic security , 2006, IEEE Security & Privacy.

[6]  Vincent Nicomette,et al.  The Design of a Generic Intrusion-Tolerant Architecture for Web Servers , 2009, IEEE Transactions on Dependable and Secure Computing.

[7]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[8]  Arun K. Sood,et al.  A Comparison of Intrusion-Tolerant System Architectures , 2011, IEEE Security & Privacy.

[9]  Y. Huang Self-Cleansing Systems for Intrusion Containment , 2006 .

[10]  George Mason,et al.  Building a Resilient Service-Oriented Architecture Environment , 2013 .

[11]  Hyunsoo Yoon,et al.  The Design of a New Virtualization-Based Server Cluster System Targeting for Ubiquitous IT Systems , 2015 .

[12]  Kishor S. Trivedi,et al.  State space approach to security quantification , 2005, 29th Annual International Computer Software and Applications Conference (COMPSAC'05).

[13]  Arun K. Sood,et al.  Improving resilience of SOA services along space-time dimensions , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN 2012).

[14]  Feiyi Wang,et al.  SITAR: a scalable intrusion-tolerant architecture for distributed services , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[15]  Fazirulhisyam Hashim,et al.  Towards a Secure and Available Smart Grid Using Intrusion Tolerance , 2012, IDCS.

[16]  Hyunsoo Yoon,et al.  A Survey on Intrusion-Tolerant System , 2013, J. Comput. Sci. Eng..

[17]  David Powell,et al.  A fault- and intrusion- tolerant file system , 1985 .

[18]  Peng Liu,et al.  A Semi-Markov Survivability Evaluation Model for Intrusion Tolerant Database Systems , 2010, 2010 International Conference on Availability, Reliability and Security.

[19]  J. H. Lala Intrusion tolerant systems , 2000, Proceedings. 2000 Pacific Rim International Symposium on Dependable Computing.

[20]  Bharat B. Madan,et al.  A method for modeling and quantifying the security attributes of intrusion tolerant systems , 2004, Perform. Evaluation.