Abstract
A secure system architecture using a two-level approach is presented in this paper. At the node level, by means of dynamic resource reallocation within a computing node, the critical services previously selected are to survive even after the occurrence of an attack. If it becomes impossible to find enough resources for the services within the node in spite of the adaptive actions taken at the node level, it moves to the system level. The system level mechanism is to deliver the intended services transparently to the clients even when a node fails by means of inter-node resource reallocation. An architecture adopting diverse redundant computing nodes is proposed for that purpose. Through the experiments on a test-bed, especially, for web services, the approach turned out very effective to cope with not only denial of service attacks but also confidentiality and integrity attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Hiltunen, M.A., et al.: Survivability through Customization and Adaptability: The Cactus Approach. In: DARPA Information Survivability Conference & EXposition, pp. 294–306 (1999) 0-7695-0490-6/99
Moore, A.P.: Attack Modeling for Information Security and Survivability, Technical Node, CMU/SEI-2001-TN-001, CMU (2001)
National Security Agency, Defence Advanced Research Projects Agency, Office of the Assistant Secretary of Defence, Securing the U.S Defence Information Infrastructures: A Proposed Approach, Technical Report (1998)
Pease, M., Shostak, R., Lamport, L.: Reaching Agreement in the Presence of Faults. Journal of the ACM 27/2, 228–234 (1980)
Randell, B.: Dependability - Unifying Concept. Computer Security, Dependability & Assurance: From Needs to Solutions (1998) ISBN 0-7695-0337-3/99
Reynolds, J., et al.: The Design and Implementation of an Intrusion Tolerant System. In: Proc. of Int’l Conference on Dependable Systems and Networks, Washington D.C., pp. 258–290 (June 2002)
Stavridou, V., et al.: Intrusion Tolerant Software Architectures. In: DARPA Information Survivability Conference & EXposition, Anaheim (June 2001) ISBN 0-7695-1212-7/01
Wang, F., et al.: SITAR: A Scalable Intrusion-Tolerant Architecture for Distributed Services. In: Proc. of 2001 IEEE Workshop on Information Assurance and Security US Military Academy, pp. 38–45, West Point, NY (June 2001)
Wilikens, M., et al.: Defining the European Dependability Initiative. Dependability & Assurance: From Needs to Solutions, Report of the Workshop on Dependability of Critical Systems and Services in the Information Society, Italy (December 1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Min, B.J., Kim, S.K., Choi, J.S. (2004). Secure System Architecture Based on Dynamic Resource Reallocation. In: Chae, KJ., Yung, M. (eds) Information Security Applications. WISA 2003. Lecture Notes in Computer Science, vol 2908. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24591-9_14
Download citation
DOI: https://doi.org/10.1007/978-3-540-24591-9_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20827-3
Online ISBN: 978-3-540-24591-9
eBook Packages: Springer Book Archive