This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
A Comparison of Intrusion-Tolerant System Architectures
July-Aug. 2011 (vol. 9 no. 4)
pp. 24-31
Quyen L. Nguyen, US National Archives and Records Administration
Arun Sood, George Mason University and SCIT Labs
With the advancing sophistication of security attacks, protecting open systems is increasingly challenging. Intrusion tolerance should be part of overall in-depth security. This article compares three types of intrusion-tolerant system architectures.

1. J.H. Lala ed., Proc. Foundations of Intrusion Tolerant Systems (Oasis 03), IEEE CS Press, 2003.
2. P. Pal, F. Webber, and R. Schantz, "The DPASA Survivable JBI—a High-Water Mark in Intrusion-Tolerant Systems," Proc. 2007 Workshop Recent Advances in Intrusion Tolerant Systems (Wraits 07), 2007; http://wraits07.di.fc.ul.pt4.pdf.
3. J. Knight, D. Heimbigner, and A. Wolf, "The Willow Architecture: Comprehensive Survivability for Large-Scale Distributed Applications," Proc. Intrusion Tolerance System Workshop, Supplemental Vol. of the 2002 Int'l Conf. Dependable Systems and Networks, IEEE Press, 2002, pp. C.7.1–C.7.8.
4. A. Valdes et al., "An Architecture for an Adaptive Intrusion-Tolerant Server," Security Protocols, LNCS 2845, Springer, 2003, pp. 569–574.
5. J.C. Reynolds et al., "On-Line Intrusion Detection and Attack Prevention Using Diversity, Generate-and-Test, and Generalization," Proc. 36th Hawaii Int'l Conf. System Sciences (Hiccs 03), IEEE CS Press, 2003, p. 335.2.
6. D. O'Brien et al., "Intrusion Tolerance via Network Layer Controls," Proc. DARPA Information Survivability Conf. and Exposition (Discex), vol. 1, IEEE CS Press, 2003, p. 90.
7. P.E. Veríssimo et al., "Intrusion-Tolerant Middleware: The Road to Automatic Security," IEEE Security & Privacy, vol. 4, no. 4, 2006, pp. 54–62.
8. P. Pal et al., "An Architecture for Adaptive Intrusion-Tolerant Applications," Software: Practice and Experience, vol. 36, nos. 11–12, 2006, pp. 1331–1354.
9. M. Sliti et al., "Intrusion-Tolerant Framework for Heterogeneous Wireless Sensor Networks," Proc. 2009 IEEE/ACS Int'l Conf. Computer Systems and Applications (Aiccsa 09), IEEE CS Press, 2009, pp. 633–636.
10. T. Zhang et al., "Building Intrusion-Tolerant Secure Software," Proc. 2005 Int'l Symp. Code Generation and Optimization (CGO 05), IEEE CS Press, 2005, pp. 255–266.
11. K.M.M. Aung, K. Park, and J.S. Park, "A Rejuvenation Methodology of Cluster Recovery," Proc. 5th IEEE Int'l Symp. Cluster Computing and the Grid (CCGRID 05), vol. 1, IEEE CS Press, 2005, pp. 90–95.
12. Y. Huang, D. Arsenault, and A. Sood, "Secure, Resilient Computing Clusters: Self-Cleansing Intrusion Tolerance with Hardware Enforced Security (SCIT/HES)," Proc. 2nd Int'l Conf. Availability, Reliability, and Security (ARES 07), IEEE CS Press, 2007, pp. 343–350.
13. P. Sousa et al., "The Forever Service for Fault/Intrusion Removal," Proc. 2nd Workshop Recent Advances Intrusion-Tolerant Systems (Wraits 08), ACM Press, 2008, article 5.
14. H.P. Reiser and R. Kapitza, "Hypervisor-Based Efficient Proactive Recovery," Proc. 26th IEEE Int'l Symp. Reliable Distributed Systems (SRDS 07), IEEE CS Press, 2007, pp. 83–92.
15. P. Sousa et al., "Resilient Intrusion Tolerance through Proactive and Reactive Recovery," Proc. 13th Pacific Rim Int'l Symp. Dependable Computing, IEEE CS Press, 2007, pp. 373–380.
16. A.K. Bangalore and A.K. Sood, "Securing Web Servers Using Self Cleansing Intrusion Tolerance (SCIT)," Proc. 2nd Int'l Conf. Dependability (Depend 09), IEEE CS Press, 2009, pp. 60–65.
17. Q. Nguyen and A. Sood, "Quantitative Approach to Tuning of a Time-Based Intrusion-Tolerant System Architecture," Proc. 3rd Workshop Recent Advances on Intrusion-Tolerant Systems, 2009; http://wraits09.di.fc.ul.ptwraits09paper2.pdf .
18. Y. Huang, D. Arsenault, and A. Sood, "Securing DNS Services through System Self Cleansing and Hardware Enhancements," Proc. 1st Int'l Conf. Availability, Relia-bility, and Security (ARES 06), IEEE CS Press, 2006, pp. 132–139.

Index Terms:
intrusion tolerance, detection-based, recovery-based, Open Archival Information System, Internet, Web, open systems, security and privacy
Citation:
Quyen L. Nguyen, Arun Sood, "A Comparison of Intrusion-Tolerant System Architectures," IEEE Security & Privacy, vol. 9, no. 4, pp. 24-31, July-Aug. 2011, doi:10.1109/MSP.2010.145
Usage of this product signifies your acceptance of the Terms of Use.