Skip to main content
SpringerLink
Log in

An Architecture for an Adaptive Intrusion-Tolerant Server

  • Conference paper
Security Protocols (Security Protocols 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2845))

Included in the following conference series:

Abstract

We describe a general architecture for intrusion-tolerant enterprise systems and the implementation of an intrusion-tolerant Web server as a specific instance. The architecture comprises functionally redundant COTS servers running on diverse operating systems and platforms, hardened intrusion-tolerance proxies that mediate client requests and verify the behavior of servers and other proxies, and monitoring and alert management components based on the EMERALD intrusion-detection framework. Integrity and availability are maintained by dynamically adapting the system configuration in response to intrusions or other faults. The dynamic configuration specifies the servers assigned to each client request, the agreement protocol used to validate server replies, and the resources spent on monitoring and detection. Alerts trigger increasingly strict regimes to ensure continued service, with graceful degradation of performance, even if some servers or proxies are compromised or faulty. The system returns to less stringent regimes as threats diminish. Servers and proxies can be isolated, repaired, and reinserted without interrupting service.

This research is sponsored by DARPA under contract number N66001-00-C-8058. The views herein are those of the authors and do not necessarily reflect the views of the supporting agency. Approved for Public Release—Distribution Unlimited.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Almgren, M., Lindqvist, U.: Application-integrated data collection for security monitoring. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 22–36. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  2. Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q., Hinton, H.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Proc. 7th USENIX Security Conference, January 1998, pp. 63–78 (1998)

    Google Scholar 

  3. Cukier, M., Lyons, J., Pandey, P., Ramasamy, H.V., Sanders, W.H., Pal, P., Webber, F., Schantz, R., Loyall, J., Watro, R., Atighetchi, M., Gossett, J.: Intrusion tolerance approaches in ITUA. In: Fast Abstract Supplement of the 2001 Intl. Conf. on Dependable Systems and Networks, July 2001, pp. B–64, B–65 (2001)

    Google Scholar 

  4. Cukier, M., Ren, J., Sabnis, C., Henke, D., Pistole, J., Sanders, W.H., Bakken, D.E., Berman, M.E., Karr, D.A., Schantz, R.: AQuA: an adaptive architecture that provides dependable distributed objects. In: 17th IEEE Symposium on Reliable Distributed Systems (SDRS-17), October 1998, pp. 245–253. IEEE Computer Society Press, Los Alamitos (1998)

    Google Scholar 

  5. Curry, D., Debar, H.: Intrusion detection message exchange format: Data model and extensible markup language (XML) document type definition (November 2001) (work in progress)

    Google Scholar 

  6. Deswarte, Y., Blain, L., Fabre, J.-C.: Intrusion tolerance in distributed computing systems. In: Proc. Intl. Symposium on Security and Privacy, May 1991, pp. 110–121. IEEE press, Los Alamitos (1991)

    Google Scholar 

  7. Fabre, J.-C., Deswarte, Y., Laprie, J.-C., Powell, D.: Saturation: Reduced idleness for improved fault-tolerance. In: 18th International Symposium on Fault-Tolerant Computing (FTCS-18), pp. 200–205. IEEE Computer Society Press, Los Alamitos (1988)

    Google Scholar 

  8. Fabre, J.-C., Pérennou, T.: A metaobject architecture for fault-tolerant distributed systems: The FRIENDS approach. IEEE Transactions on Computers 47, 78–95 (1998)

    Article  Google Scholar 

  9. Gonzalez, O., Shrikumar, H., Stankovic, J., Ramamritham, K.: Adaptive fault tolerance and graceful degradation under dynamic hard real-time scheduling. In: 18th IEEE Real-Time Systems Symposium (RTSS 1997). IEEE Computer Society Press, Los Alamitos (December 1997)

    Google Scholar 

  10. Holzmann, G.J.: Design and Validation of Computer Protocols. Prentice Hall, Engelwood Cliffs (1991)

    Google Scholar 

  11. Huang, Y., Kintala, C., Kolettis, N., Fulton, N.: Software rejuvenation: Analysis, module and applications. In: 25th Symposium on Fault Tolerant Computing, June 1995, pp. 381–390. IEEE Computer Society Press, Los Alamitos (1995)

    Google Scholar 

  12. Real Secure server sensor policy guide version 6.0 (May 2001), http://www.iss.net

  13. Just, J.E., Reynolds, J.C.: HACQIT (Hierarchical Adaptive Control of QoS for Intrusion Tolerance). In: 17th Annual Computer Security Applications Conference (2001)

    Google Scholar 

  14. Lindqvist, U., Porras, P.: Detecting computer and network misuse through the production-based expert system toolset (P-BEST). In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, May 1999, pp. 146–161. IEEE press, Los Alamitos (1999)

    Google Scholar 

  15. Lindqvist, U., Porras, P.: eXpert-BSM: A host-based intrusion detection solution for Sun Solaris. In: Proc. of the 17th Annual Computer Security Applications Conference (December 2001)

    Google Scholar 

  16. Liu, P., Jajodia, S.: Multi-phase damage confinement in database systems for intrusion tolerance. In: Proc. 14th IEEE Computer Security Foundations Workshop, June 2001, pp. 191–205 (2001)

    Google Scholar 

  17. Permeh, R., Maiffret, M.: ida Code Red worm. Security Advisory AL20010717, eEye Digital Security (July 2001), http://www.eeye.com/html/Research/Advisories/AL20010717.html

  18. Porras, P.: Mission-based correlation. Personal communication, SRI International (2001), http://www.sdl.sri.com/projects/M-correlation

  19. Porras, P., Neumann, P.: EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In: National Information Security Conference (October 1997)

    Google Scholar 

  20. Porras, P., Valdes, A.: Live traffic analysis of TCP/IP gateways. In: Proc. Symposium on Network and Distributed System Security. Internet Society (March 1998)

    Google Scholar 

  21. Powell, D., Arlat, J., Beus-Dukic, L., Bondavalli, A., Coppola, P., Fantechi, A., Jenn, E., Rabéjac, C., Wellings, A.: GUARDS: A generic upgradable architecture for realtime dependable systems. IEEE Transactions on Parallel and Distributed Systems 10, 580–599 (1999)

    Article  Google Scholar 

  22. Powell, D., Bonn, G., Seaton, D., Veríssimo, P., Waeselynck, F.: The Delta-4 approach to dependability in open distributed computing systems. In: Proc. 18 Int. Symp. on Fault-Tolerant Computing Systems (FTCS-18), June 1988, pp. 246–251. IEEE Computer Society Press, Los Alamitos (1988)

    Google Scholar 

  23. Ranger, G.R., Khosla, P.K., Bakkaloglu, M., Bigrigg, M.W., Goodson, G.R., Oguz, S., Pandurangan, V., Soules, C.A.N., Strunk, J.D., Wylie, J.J.: Survivable storage systems. In: DARPA Information Survivability Conference and Exposition II, June 2001, pp. 184–195. IEEE Computer Society, Los Alamitos (2001)

    Google Scholar 

  24. Rivest, R.: The MD5 message digest algorithm. Internet Engineering Task Force, RFC1321 (April992)

    Google Scholar 

  25. Rodrigues, L., Verissimo, P.: xAMp: a multi-primitive group communications service. In: 11th Symposium on Reliable Distributed Systems, October 1992, pp. 112–121 (1992)

    Google Scholar 

  26. Roesch, M.: Snort: Lightweight intrusion detection for networks. In: USENIX LISA (1999) (November 1999), http://www.snort.org

  27. Schneider, F.B.: Enforceable security policies. Information and System Security 3(1), 30–50 (2000)

    Article  Google Scholar 

  28. Tripwire white papers (2001), http://www.tripwire.com

  29. Valdes, A., Skinner, K.: Adaptive, model-based monitoring for cyber attack detection. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 80–92. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  30. Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 54–68. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  31. Vigna, G., Eckmann, S., Kemmerer, R.: The STAT tool suite. In: DISCEX 2000. IEEE press, Los Alamitos (January 2000)

    Google Scholar 

  32. Wang, F., Gong, F., Sargor, C., Goseva-Popstojanova, K., Trivedi, K., Jou, F.: SITAR: a scalable intrusion tolerance architecture for distributed server. In: Second IEEE SMC Information Assurance Workshop (2001)

    Google Scholar 

  33. Wensley, J., Lamport, L., Goldberg, J., Green, M., Levitt, K., Melliar-Smith, P., Shostack, R., Weinstock, C.: SIFT: the design and analysis of a fault-tolerant computer for aircraft control. Proc. IEEE 66, 1240–1255 (1978)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. System Design Laboratory, SRI International, 333 Ravenswood Ave., Menlo Park, CA, 94025, USA

    Alfonso Valdes, Magnus Almgren, Steven Cheung, Yves Deswarte, Bruno Dutertre, Joshua Levy, Hassen Saïdi, Victoria Stavridou & Tomás E. Uribe

Authors
  1. Alfonso Valdes
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Magnus Almgren
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Steven Cheung
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yves Deswarte
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Bruno Dutertre
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Joshua Levy
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Hassen Saïdi
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Victoria Stavridou
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. Tomás E. Uribe
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, University of Hertfordshire,  

    Bruce Christianson

  2. Computer Systems Group, Vrije Universiteit, Amsterdam, The Netherlands

    Bruno Crispo

  3. Georgia Institute of Technology, Atlanta, GA

    James A. Malcolm

  4. Microsoft Research, Cambridge, UK

    Michael Roe

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Valdes, A. et al. (2004). An Architecture for an Adaptive Intrusion-Tolerant Server. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2002. Lecture Notes in Computer Science, vol 2845. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39871-4_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-39871-4_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-20830-3

  • Online ISBN: 978-3-540-39871-4

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation