By Topic

The design and implementation of an intrusion tolerant system

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

6 Author(s)

We describe the implementation of an intrusion tolerant system for providing Internet services to known users through secure connections. Network attacks are treated as maliciously devised conditions to exploit design, implementation, or configuration faults, intrusions (successful attacks) are treated as failures, and their effects are mitigated by using the three pillars of fault tolerance: detection, isolation, and recovery. Fundamental to our approach is the use of diverse process pairs, which provides partial solutions to detection and isolation problems. The architecture uses the comparison of outputs from diverse applications to provide a significant and novel intrusion detection capability. The diverse applications also strengthen isolation by forcing attacks to exploit independent vulnerabilities. The isolation of intrusions is mainly achieved with an out-of-band control system. The control system not only provides separation between the primary and backup system, it also initiates attack diagnosis, attack blocking, and recovery, which is accelerated by on-line repair.

Published in:

Dependable Systems and Networks, 2002. DSN 2002. Proceedings. International Conference on

Date of Conference: