This Article 
 Bibliographic References 
 Add to: 
The Design of a Generic Intrusion-Tolerant Architecture for Web Servers
January-March 2009 (vol. 6 no. 1)
pp. 45-58
Ayda Saidane, University of Trento, Trento
Vincent Nicomette, Université de Toulouse, Toulouse
Yves Deswarte, Université de Toulouse, Toulouse
Nowadays, more and more information systems are connected to the Internet and offer Web interfaces to the general public or to a restricted set of users. Such openness makes them likely targets for intruders, and conventional protection techniques have been shown insufficient to prevent all intrusions in such open systems. This paper proposes a generic architecture to implement intrusion-tolerant Web servers. This architecture is based on redundancy and diversification principles, in order to increase the system resilience to attacks: usually, an attack targets a particular software, running on a particular platform, and fails on others. The architecture is composed of redundant proxies that mediate client requests to a redundant bank of diversified COTS\footnote{Commercial Off The Shelf.} application servers. The redundancy is deployed here to increase system availability and integrity. To improve performance, adaptive redundancy is applied: the redundancy level is selected according to the current alert level. The architecture can be used for static servers, i.e., for Web distribution of stable information (updated off-line), as well as for fully dynamic systems where information updates are executed immediately on an on-line database. The feasibility of this architecture has been demonstrated by implementing an example of a travel agency Web server.

[1] A. Avizienis, J.-C. Laprie, B. Randell, and C. Landwehr, “Basic Concepts and Taxonomy of Dependable and Secure Computing,” IEEE Trans. Dependable and Secure Computing, vol. 1, no. 1, pp. 11-33, Jan.-Mar. 2004.
[2] M. Cukier, T. Courtney, J. Lyons, H.V. Ramasamy, W.H. Sanders, M. Seri, M. Atighetchi, P. Rubel, C. Jones, F. Webber, P. Pal, R. Watro, and J. Gossett, “Providing Intrusion Tolerance with ITUA,” Proc. Int'l Conf. Dependable Systems and Networks (DSN '02), June 2002.
[3] CERT Advisory ca-2003-04, , 2008.
[4] C. Cowen, “Software Security for Open Source Systems,” IEEE Security and Privacy, pp. 38-45, Jan./Feb. 2003.
[5] Y. Deswarte, L. Blain, and J.-C. Fabre, “Intrusion Tolerance in Distributed Computing Systems,” Proc. Int'l Symp. Security and Privacy (S&P '91), pp. 110-121, May 1991.
[6] Y. Deswarte, J.-J. Quisquater, and A. Saidane, “Remote Integrity Checking,” Proc. Sixth IFIP TC-11 WG 11.5 Working Conf. Integrity and Internal Control in Information Systems (IICIS), 2003.
[7] R. Chinchani et al., “A Tamper-Resistant Framework for Unambiguous Detection of Attacks in User Space Using Process Monitors,” Proc. Second IEEE Int'l Workshop Information Assurance (IWIA), 2003.
[8] Example of Typical Scenario, , 2008.
[9] B. Hardekopf, K. Kwiat, and S. Upadhyaya, “Secure and Fault Tolerant Voting in Distributed Systems,” Proc. IEEE Aerospace Conf. '01, vol. 3, pp. 1117-1126, Mar. 2001.
[10] C. Knight, D. Heimbigner, A.L. Wolf, A. Carzaniga, J.C. Hill, P. Devanbu, and M. Gertz, “The Willow Survivability Architecture,” Proc. Fourth Information Survivability Workshop (ISW '01), Oct. 2001.
[11] Z. Kalbarczyk, R.K. Iyer, S. Bagchi, and K. Whisnant, “Chameleon: A Software Infrastructure for Adaptive Fault Tolerance,” IEEE Trans. Parallel and Distributed Systems, vol. 10, no. 6, pp. 560-579, June 1999.
[12] J.H. Lala, “Introduction,” Proc. Foundations of Intrusion Tolerant Systems: Organically Assured and Survivable Information Systems (OASIS '03), pp. x-xix, 2003.
[13] P. Luenam and P. Liu, “The Design of an Adaptive Intrusion Tolerant Database System,” Proc. Foundations of Intrusion Tolerant Systems: Organically Assured and Survivable Information Systems (OASIS), 2003.
[14] J. Levy, H. Saidi, and T.E. Uribe, “Combining Monitors for Run-time System Verification,” Elsevier Science Electronic Notes in Theoretical Computer Science, vol. 70, no. 4, Dec. 2002.
[15] F. Majorczyk, E. Totel, and L. Mé, “COTS Diversity Based Intrusion Detection and Application to Web Servers,” Proc. Eighth Int'l Symp. Recent Advances in Intrusion Detection (RAID'05), Sept. 2005.
[16] P. Neumann and P. Porras, “Experience with EMERALD to Date,” Proc. First Usenix Workshop Intrusion Detection and Network Monitoring, 1999.
[17] Pax, http:/, 2008.
[18] D. Powell, G. Bonn, D. Seaton, P. Veríssimo, and F. Waeselynck, “The Delta-4 Approach to Dependability in Open Distributed Computing Systems,” Proc. 18th IEEE Int'l Symp. Fault-Tolerant Computing Systems (FTCS '88), pp. 46-51, 1988.
[19] “Malicious-and Accidental-Fault Tolerance for Internet Applications:Conceptual Model and Architecture,” Technical Report03011, Project IST-1999-11583 MAFTIA, Deliverable D21, D. Powell and R. Stroud, eds., LAAS-CNRS, Jan. 2003.
[20] Snort, http:/, 2008.
[21] SQL Injection: Are Your Web Applications Vulnerable? SPI Laboratories, , 2008.
[22] Swig, http:/, 2008.
[23] T.E. Uribe et al., “Intrusion Tolerance and Worm Spread,” Proc. Int'l Conf. Dependable Systems and Networks (DSN '03), pp. B16-B17, June 2003.
[24] A. Valdes, M. Almgren, S. Cheung, Y. Deswarte, B. Dutertre, J. Levy, H. Saïdi, V. Stavridou, and T. Uribe, “An Adaptative Intrusion-Tolerant Server Architecture,” Proc. 10th Int'l Workshop Security Protocols, pp. 158-178, 2003.
[25] A. Valdes and K. Skinner, “Adaptative Model-Based Monitoring for Cyber Attack Detection,” Proc. Sixth Int'l Symp. Recent Advances in Intrusion Detection (RAID '03), pp. 54-69, 2003.
[26] J.J. Wylie, M.W. Bigrigg, J.D. Strunk, G.R. Ganger, H. Kiliccote, and P.K. Khosla, “Survivable Information Storage Systems,” Computer, vol. 33, no. 8, pp. 61-68, Aug. 2000.
[27] F. Wang, F. Gong, C. Sargor, K. Goseva, K. Trivedi, and F. Jou, “Scalable Intrusion Tolerance Architecture for Distributed Server,” Proc. Second IEEE SMC Information Assurance Workshop, 2001.

Index Terms:
Security, integrity, and protection, Web servers
Ayda Saidane, Vincent Nicomette, Yves Deswarte, "The Design of a Generic Intrusion-Tolerant Architecture for Web Servers," IEEE Transactions on Dependable and Secure Computing, vol. 6, no. 1, pp. 45-58, Jan.-March 2009, doi:10.1109/TDSC.2008.1
Usage of this product signifies your acceptance of the Terms of Use.