A Novel Intrusion Tolerant System Based on Adaptive Recovery Scheme (ARS)
Nowadays, as many information systems are connected to Internet and provide useful services to people through Internet, this openness makes the systems as targets of attackers. Even though conventional security solutions such as intrusion detection system (IDS) or firewall were designed to protect such attacks, it is impossible to block all the attacks. The researches on intrusion tolerant system (ITS) have been conducted in order to keep the proper services in the threatening environments. In this paper, we propose a novel Adaptive Recovery Scheme (ARS) which can be applied to intrusion tolerant architecture. ARS has proactive recovery scheme and reactive recovery scheme including self-recovery and emergency recovery. ARS selects appropriate recovery scheme according to internal and external factors to maintain required security and performance level. Additionally, ARS protects an integrity of critical files through snapshot technology. The performance of ARS is compared with existing recovery-based intrusion tolerant system by CSIM 20.
KeywordsIntrusion tolerant system (ITS) Adaptive recovery scheme (ARS) Virtual machine (VM) Performance
This research was supported by the MKE (The Ministry of Knowledge Economy), Korea, under the CYBER SECURITY RESEARCH CENTER supervised by the NIPA (National IT Industry Promotion Agency), NIPA-H0701-12-1001.
- 1.Wang F, Gong F, Sargor C, Goseva K, Trivedi K, Jou F (2001) Scalable intrusion tolerance architecture for distributed server. In Proceedings of the second IEEE SMC information assurance workshop, 2001Google Scholar
- 2.Huang Y, Sood A (2002) Self-cleansing systems for intrusion containment. In: Proceedings of workshop on self-healing, adaptive, and self-managed systems (SHAMAN), 2002Google Scholar
- 3.Arsenault D, Sood A, Huang Y (2007) Secure, resilient computing clusters: self-cleansing intrusion tolerance with hardware enforced security (SCIT/HES). In: Proceedings of the second international conference on availability, reliability and security (ARES 2007), 2007Google Scholar
- 4.Sousa P, Bessani AN, Correia M, Neves NF, Ver′ıssimo P (2010) Highly available intrusion-tolerant services with proactive-reactive recovery. IEEE Trans Parallel Distrib Syst 21(4):452–465Google Scholar
- 5.Schwetman H (2001) CSIM19: a powerful tool for building system models. In Proceedings of the 2001 winter simulation conference, pp 250–255Google Scholar
- 6.Saidane A, Nicomette V, Deswarte Y (2008) The design of a generic intrusion tolerant architecture for internet servers. IEEE Trans Dependable Secure Comput, 2008Google Scholar
- 7.Just JE, Reynolds JC (2001) HACQIT (Hierarchical adaptive control of QoS for intrusion tolerance). In: Proceedings of the 17th annual computer security applications conference, 2001Google Scholar
- 8.Chong J, Pal P, Atighetchi M, Rubel P, Webber F (2005) Survivability architecture of a mission critical system: the DPASA example. In: Proceedings of the 21st annual computer security applications conference, pp 495–504Google Scholar