Intrusion Tolerant Systems Characterization and Acceptance Monitor Design

No Thumbnail Available

Date

2001-06-27

Journal Title

Series/Report No.

Journal ISSN

Volume Title

Publisher

Abstract

Intrusion detection research has been so far mostly concentrated on techniques that effectively identify the malicious behaviors. No assurance can be assumed once a system is compromised. Intrusion tolerance, on the other hand, focuses on providing the desired services even when some components have been compromised. A DARPA-funded research project named SITAR (A Scalable Intrusion-Tolerant Architecture for Distributed Services) investigates the intrusion tolerance further in distributed systems to provide reliable services. Two specific challenges are addressed in this project: the first is how to take advantage of fault tolerant techniques in intrusion tolerant systems; the second is how to deal with possible attacks and compromised components so as to continue providing the service. This thesis represents part of the on-going development of the SITAR project. First, a state transition model is developed to describe the dynamic behavior of an intrusion tolerant system. Second, the Acceptance Monitor is designed to detect the system compromises from the request-response stream. Third, various kinds of vulnerabilities on Web-based COTS services are investigated and one specific design of the Acceptance Monitor is proposed and implemented for a Web-based COTS service to show the effectiveness of the proposed approach. We hope by utilizing the fault tolerance methodologies on the intrusion tolerance system we can solve the problem of providing reliable distributed services that are invulnerable to both known and unknown intrusions.

Description

Keywords

Citation

Degree

MS

Discipline

Computer Engineering

Collections