Intrusion Tolerance Article
An Overview of Intrusion Tolerance Techniques
Introduction: Intrusion means an act of compromising a system. Intrusion prevention protects the system from compromising. Intrusion detection detects either failed attempts to compromise the system or successful attempts. Intrusion recovery is the steps need to be taken to recover the system (such as restoring from backups) after a system has been compromised in a security incident [1]. Intrusion tolerance include reacting, counteracting, recovering, masking a wide set of faults encompassing intentional and malicious faults (intrusions), which may lead to failure of the system security properties if nothing is done to counter their effect on the system state. Instead of trying to prevent every single intrusion, these are allowed and tolerated. The intrusion tolerant system will trigger mechanisms that prevent the intrusion from generating a system failure The common approach taken today for securing our critical systems is to build a layers of defenses around them using security technologies, such as firewalls and access control mechanisms. The machines inside the security layer are assumed (trusted) to be correct. The goal is also to protect the machines inside from attackers on the outside. While critical systems may have operated exclusively on private networks in the past, thus affording them some degree of protection from external attackers. Many of them are now connected to the Internet and are vulnerable to a wide range of threats that may not have been considered threats when the systems were originally designed. Given that thousands of machines are compromised on the Internet each day, it seems likely that some of the attacks will be able to breach the security walls of even those critical systems specifically designed with security in mind. In addition, insider attacks, such as from disgruntled employees, who take advantage of existing security vulnerabilities, are becoming more and more common and
Introduction: Intrusion means an act of compromising a system. Intrusion prevention protects the system from compromising. Intrusion detection detects either failed attempts to compromise the system or successful attempts. Intrusion recovery is the steps need to be taken to recover the system (such as restoring from backups) after a system has been compromised in a security incident [1]. Intrusion tolerance include reacting, counteracting, recovering, masking a wide set of faults encompassing intentional and malicious faults (intrusions), which may lead to failure of the system security properties if nothing is done to counter their effect on the system state. Instead of trying to prevent every single intrusion, these are allowed and tolerated. The intrusion tolerant system will trigger mechanisms that prevent the intrusion from generating a system failure The common approach taken today for securing our critical systems is to build a layers of defenses around them using security technologies, such as firewalls and access control mechanisms. The machines inside the security layer are assumed (trusted) to be correct. The goal is also to protect the machines inside from attackers on the outside. While critical systems may have operated exclusively on private networks in the past, thus affording them some degree of protection from external attackers. Many of them are now connected to the Internet and are vulnerable to a wide range of threats that may not have been considered threats when the systems were originally designed. Given that thousands of machines are compromised on the Internet each day, it seems likely that some of the attacks will be able to breach the security walls of even those critical systems specifically designed with security in mind. In addition, insider attacks, such as from disgruntled employees, who take advantage of existing security vulnerabilities, are becoming more and more common and
References: 1) Intrusion Tolerance Via Network Layer Controls, Dick O’Brien, Rick Smith, Tammy Kappel and Clint Bitzer, Secure Computing Corp. 2) P. E. Verissimo, N. F. Neves, and M. P. Correia. Intrusion-tolerant architectures: Concepts and design. In R. Lemos, C. Gacek, and A. Romanovsky, editors, Architecting Dependable Systems, volume 2677. 2003 3) Fault tolerant computing system, James A Katzman 4) Byzantine Fault Tolerance, from Theory to Reality by Kevin Driscoll1, Brendan Hall1, Håkan Sivencrona2, Phil Zumsteg. 5) Highly Available Intrusion-Tolerant Services with Proactive-Reactive Recovery by Paulo Sousa, Member, IEEE, Alysson Neves Bessani, Miguel Correia, Member, IEEE, Nuno Ferreira Neves, Member, IEEE, Paulo Verissimo, Fellow, IEEE. 6) Analysis of operating system diversity for intrusion tolerance Miguel Garcia1,*,†, Alysson Bessani1, Ilir Gashi2, Nuno Neves1 and Rafael Obelheiro3 7) A Detailed Review of Fault-Tolerance Techniques in Distributed System by Sanjeev Sharma, Sanjey Bansal, Ishita Tiwari 8) OS Diversity for Intrusion Tolerance: Myth or Reality? By Miguel Garcia∗, Alysson Bessani∗, Ilir Gashi†, Nuno Neves∗ and Rafael Obelheiro‡ ∗LaSIGE, University of Lisbon, Faculty of Sciences – Lisbon, Portugal †Center for Software Reliability.