Abstract
In this paper, we show that the use of diversified COTS servers allows to detect intrusions corresponding to unknown attacks. We present an architecture that ensures both confidentiality and integrity at the COTS server level and we extend it to enhance availability. Replication techniques implemented on top of agreement services are used to avoid any single point of failure. On the one hand we assume that COTS servers are complex softwares that contain some vulnerabilities and thus may exhibit arbitrary behaviors. While on the other hand other basic components of the proposed architecture are simple enough to be exhaustively verified. That’s why we assume that they can only suffer from crash failures. The whole system is assumed to be asynchronous and furthermore messages can be lost. In the particular case of Web servers connected to databases, we identify the properties that have to be maintained and the alarms that have to be raised. We describe in details how the different replicated levels interact together and, for each level, we precise the reasons that have led us to use a particular agreement service. Performance evaluations are conducted to measure the quality of service of the Intrusion Detection System (quantity of false positives and lack of false negatives) and the additional cost induced by the mechanisms used to ensure the availability of this secure architecture.
This work is supported by the ACI-SI DADDi Project funded by the French ministry of research.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Totel, E., Majorczyk, F., Mé, L.: COTS diversity based intrusion detection and application to web servers. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 43–62. Springer, Heidelberg (2006)
Tronel, F.: Applications des problèmes d’accord à la tolérance aux défaillances dans les systèmes distribués asynchrones. PhD thesis, Université de Rennes (2003)
Greve, F.G.P.: Réponses efficaces au besoin d’accord dans un groupe. PhD thesis, Université de Rennes I (2002)
Powell, D.: Group communication. Communications of the ACM 39(4), 50–53 (1996)
Lamport, L., Shostak, R., Pease, M.: The byzantine generals problem. ACM Transactions on Programming Languages Systems 4(3), 382–401 (1982)
Castro, M., Liskov, B.: Practical byzantine fault tolerance. In: OSDI: Symposium on Operating Systems Design and Implementation, USENIX Association, Co-sponsored by IEEE TCOS and ACM SIGOPS (1999)
Reiter, M.K.: The Rampart toolkit for building high-integrity services. In: Selected Papers from the International Workshop on Theory and Practice in Distributed Systems, pp. 99–110. Springer, London (1995)
Gashi, I., Popov, P., Stankovic, V., Strigini, L.: On Designing Dependable Services with Diverse Off-The-Shelf SQL Servers. Springer, Heidelberg (2004)
Wang, R., Wang, F., Byrd, G.: Design and implementation of acceptance monitor for building scalable intrusion tolerant system. In: Proceedings of the 10th International Conference on Computer Communications and Networks (2001)
Chandra, T., Toueg, S.: Unreliable failure detectors for reliable distributed systems. Journal of ACM 43(2), 225–267 (1996)
Powell, D.: Delta-4: A Generic Architecture for Dependable Distributed Computing. Springer, Heidelberg (1992)
Speirs, N., Barrett, P.: Using passive replicates in delta-4 to provide dependable distributed computing. In: Proceedings of the Nineteenth International Symposium on Fault-Tolerant Computing. IEEE, Los Alamitos (1989)
Powell, D., Bonn, G., Seaton, D., Verissimo, P., Waeselynck, F.: The delta-4 approach to dependability in open distributed computing systems. In: Proceedings of Twenty-Fifth International Symposium on Fault-Tolerant Computing, p. 56. IEEE, Los Alamitos (1995)
Deswarte, Y., Blain, L., Fabre, J.C.: Intrusion tolerance in distributed computing systems. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 110–122 (1991)
Saidane, A., Deswarte, Y., Nicomette, V.: An intrusion tolerant architecture for dynamic content internet servers. In: Liu, P., Pal, P. (eds.) Proceedings of the 2003 ACM Workshop on Survivable and Self-Regenerative Systems (SSRS 2003), Fairfax, VA, pp. 110–114. ACM Press, New York (2003)
Valdes, A., Almgren, M., Cheung, S., Deswarte, Y., Dutertre, B., Levy, J., Saidi, H., Stavridou, V., Uribe, T.: An adaptative intrusion-tolerant server architecture. In: Proceedings of the 10th International Workshop on Security Protocols, pp. 158–178. Springer, Heidelberg (2003)
Yin, J., Martin, J.P., Venkataramani, A., Alvisi, L., Dahlin, M.: Separating agreement from execution for byzantine fault tolerant services. In: Proceedings of the 19th ACM Symp. on Operating Systems Principles (SOSP 2003) (2003)
Hurfin, M., Macêdo, R., Raynal, M., Tronel, F.: A generic framework to solve agreement problems. In: Proc. of the 19th IEEE Symposium on Reliable Distributed Systems (SRDS 1999), Lausanne, Switzerland, pp. 56–65 (1999)
Hurfin, M., Mostéfaoui, A., Raynal, M., Macêdo, R.A.: A consensus protocol based on a weak failure detector and a sliding round window. In: 20th Symposium on Reliable Distributed Systems (SRDS 2001), pp. 120–129 (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hurfin, M. et al. (2006). A Dependable Intrusion Detection Architecture Based on Agreement Services. In: Datta, A.K., Gradinariu, M. (eds) Stabilization, Safety, and Security of Distributed Systems. SSS 2006. Lecture Notes in Computer Science, vol 4280. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-49823-0_27
Download citation
DOI: https://doi.org/10.1007/978-3-540-49823-0_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-49018-0
Online ISBN: 978-3-540-49823-0
eBook Packages: Computer ScienceComputer Science (R0)