论文信息 - Model-Based Attack Tolerance

Model-Based Attack Tolerance

Software-based systems are nowadays complex and highly distributed. In contrast, existing intrusion detection mechanisms are not always suitable for protecting these systems against new and sophisticated attacks that increasingly appear. In this paper, we present a new generic approach that combines monitoring and formal methods in order to ensure attack-tolerance at a high level of abstraction. Our experiments on an authentication Web application show that this method is effective and realistic to tolerate a variety of attacks.

Ana R. Cavalli | Fatiha Zaïdi | Georges Ouffoue | Mounir Lallali

[1] Ana R. Cavalli,et al. Modeling, Validation, and Verification of PCEP Using the IF Language , 2009, FMOODS/FORTE.

[2] Wissam Mallouli,et al. Online Network Traffic Security Inspection Using MMT Tool , 2012 .

[3] Marius Bozga,et al. IF-2.0: A Validation Environment for Component-Based Real-Time Systems , 2002, CAV.

[4] Alwyn Roshan Pais,et al. A Framework for Intrusion Tolerance in Cloud Computing , 2011, ACC.

[5] Mark Bickford,et al. Investigating correct-by-construction attack-tolerant systems , 2011 .

[6] Marko Vukolic,et al. The byzantine empire in the intercloud , 2010, SIGA.

[7] Feiyi Wang,et al. Analysis of techniques for building intrusion tolerant server systems , 2003, IEEE Military Communications Conference, 2003. MILCOM 2003..

[8] Parisa Ghodous,et al. Adaptive Security Policy Model to Deploy Business Process in Cloud Infrastructure , 2012, CLOSER.

[9] Kishor S. Trivedi,et al. Security modeling and quantification of intrusion tolerant systems using attack-response graph , 2004, J. High Speed Networks.

[10] Navneet Gupta. Privacy and Security in the Cloud , 2014 .

[11] Peter Y. A. Ryan,et al. A qualitative analysis of the intrusion-tolerance capabilities of the MAFTIA architecture , 2004, International Conference on Dependable Systems and Networks, 2004.

[12] Hovav Shacham,et al. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.