Abstract | ||
---|---|---|
We describe a general architecture for intrusion-tolerant en- terprise systems and the implementation of an intrusion-tolerant Web server as a specic instance. The architecture comprises functionally re- dundant COTS servers running on diverse operating systems and plat- forms, hardened intrusion-tolerance proxies that mediate client requests and verify the behavior of servers and other proxies, and monitoring and alert management components based on the EMERALD intrusion- detection framework. Integrity and availability are maintained by dy- namically adapting the system conguration in response to intrusions or other faults. The dynamic conguration species the servers assigned to each client request, the agreement protocol used to validate server replies, and the resources spent on monitoring and detection. Alerts trig- ger increasingly strict regimes to ensure continued service, with graceful degradation of performance, even if some servers or proxies are compro- mised or faulty. The system returns to less stringent regimes as threats diminish. Servers and proxies can be isolated, repaired, and reinserted without interrupting service. |
Year | DOI | Venue |
---|---|---|
2002 | 10.1007/978-3-540-39871-4_14 | Security Protocols Workshop |
Keywords | Field | DocType |
graceful degradation,intrusion tolerance,intrusion detection,operating system | Enterprise system,Architecture,Computer security,Computer science,Server,Software rejuvenation,Fault tolerance,Intrusion detection system,Web server,Application server | Conference |
Citations | PageRank | References |
23 | 2.18 | 21 |
Authors | ||
10 |
Name | Order | Citations | PageRank |
---|---|---|---|
Alfonso Valdes | 1 | 607 | 89.00 |
Magnus Almgren | 2 | 270 | 39.17 |
Steven Cheung | 3 | 155 | 9.73 |
Yves Deswarte | 4 | 1142 | 156.24 |
yves deswarte | 5 | 23 | 2.18 |
Bruno Dutertre | 6 | 704 | 47.66 |
Joshua Levy | 7 | 44 | 5.68 |
h sadi | 8 | 23 | 2.18 |
Victoria Stavridou | 9 | 336 | 40.73 |
Tomás E. Uribe | 10 | 567 | 49.66 |