This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Self-Protection in a Clustered Distributed System
February 2012 (vol. 23 no. 2)
pp. 330-336
Noel De Palma, INRIA - SARDES Research Group University of Grenoble, Grenoble
Daniel Hagimont, IRIT/ENSEEIHT, University of Toulouse, Toulouse
Fabienne Boyer, INRIA - SARDES Research Group University of Grenoble, Grenoble
Laurent Broto, IRIT/ENSEEIHT, University of Toulouse, Toulouse
Self-protection refers to the ability for a system to detect illegal behaviors and to fight-back intrusions with counter-measures. This article presents the design, the implementation, and the evaluation of a self-protected system which targets clustered distributed applications. Our approach is based on the structural knowledge of the cluster and of the distributed applications. This knowledge allows to detect known and unknown attacks if an illegal communication channel is used. The current prototype is a self-protected JEE infrastructure (Java 2 Enterprise Edition) with firewall-based intrusion detection. Our prototype induces low-performance penalty for applications.

[1] Y. Al-Nashif, A.A. Kumar, S. Hariri, Q. Guangzhi, L. Yi, and F. Szidarovsky, "Multi-Level Intrusion Detection System (ML-IDS)," Proc. Int'l Conf. Autonomic Computing, pp. 131-140, 2008.
[2] G.S. Blair, N. Bencomo, and R.B. France, "Models@ run.time," Computer, vol. 42, no. 10, pp. 22-27, Oct. 2009.
[3] E. Bruneton, T. Coupaye, M. Leclercq, V. Quema, and J.-B. Stefani, "The Fractal Component Model and Its Support in Java," Software—Practice and Experience, vol. 36, nos. 11/12, pp. 1257-1284, 2006.
[4] B.H.C. Cheng, P. Sawyer, N. Bencomo, and J. Whittle, "A Goal-Based Modeling Approach to Develop Requirements of an Adaptive System with Environmental Uncertainty," Proc. ACM/IEEE Int'l Conf. Model Driven Eng. Languages and Systems, 2009.
[5] L. Ertoz, E. Eilertson, A. Lazarevic, P. Tan, J. Srivastava, V. Kumar, and P. Dokas, The MINDS-Minnesota Intrusion Detection System Next Generation Data Mining. MIT Press, 2004.
[6] S. Forrest, S.A. Hofmeyr, A. Somayaji, and T.A. Longstaff, "A Sense of Self for Unix Processes," Proc. IEEE Symp. Research in Security and Privacy, 1996.
[7] S. Forrest, S.A. Hofmeyr, and A. Somayaji, "Computer Immunology," Comm. the ACM, vol. 40, no. 10, pp. 88-96, 1997.
[8] D. Gao, M.K. Reiter, and D. Song, "Behavioral Distance for Intrusion Detection," Proc. Eighth Int'l Symp. Recent Advances in Intrusion Detection (RAID '05), Sept. 2006.
[9] J.T. Giffin, D. Dagon, S. Jha, W. Lee, and B.P. Miller, "Environment-Sensitive Intrusion Detection," Proc. Int'l Symp. Recent Advances in Intrusion Detection, Sept. 2005.
[10] A. Goel, K. Po, K. Farhadi, Z. Li, and E. De Lara, "The Taser Intrusion Recovery System," Proc. 20th ACM Symp. Operating Systems Principles, 2005.
[11] Y. Huang and A. Sood, "Self-Cleansing Systems for Intrusion Containment," Proc. Workshop Self-Healing, Adaptive and Self-MANaged Systems, 2002.
[12] Sun Microsystems, Java 2 Platform Enterprise Ed. (J2EE), http://java.sun.comj2ee/, 2011.
[13] J. Kephart, An Architectural Blueprint for Autonomic Computing. IBM White Paper, 2003.
[14] S.T. King and P.M. Chen, "Backtracking Intrusions," ACM Trans. Computer Systems, vol. 23, no. 1, pp. 51-76, 2005.
[15] R. Koller, R. Rangaswami, J. Marrero, I. Hernandez, G. Smith, M. Barsilai, S. Necula, and S. Masoud, "Anatomy of a Real-Time Intrusion Prevention System," Proc. Int'l Conf. Autonomic Computing, pp. 151-160, 2008.
[16] B. Morin, O. Barais, G. Nain, and J.-M. Jezequel, "Taming Dynamically Adaptive Systems Using Models and Aspects," Proc. IEEE Int'l Conf. Software Eng., 2009.
[17] D. Mutz, F. Valeur, C. Kruegel, and G. Vigna, "Anomalous System Call Detection," ACM Trans. Information and System Security, vol. 9, no. 1, pp. 61-93, Feb. 2006.
[18] S. Sicard, F. Boyer, and N. De Palma, "Using Components for Architecture-Based Management: The Self-Repair Case," Proc. Int'l Conf. Software Eng., 2008.
[19] M. Roesch, "Snort—Lightweight Intrusion Detection for Networks," Proc. Large Systems Administration Conf., Nov. 1999.
[20] A. Sundaram, "An Introduction to Intrusion Detection," ACM Crossroads Student Magazine, vol. 2, no. 4, pp. 3-7, 1996.

Index Terms:
Middleware, clustered systems, self-protection.
Citation:
Noel De Palma, Daniel Hagimont, Fabienne Boyer, Laurent Broto, "Self-Protection in a Clustered Distributed System," IEEE Transactions on Parallel and Distributed Systems, vol. 23, no. 2, pp. 330-336, Feb. 2012, doi:10.1109/TPDS.2011.161
Usage of this product signifies your acceptance of the Terms of Use.