Abstract
We describe a general architecture for intrusion-tolerant enterprise systems and the implementation of an intrusion-tolerant Web server as a specific instance. The architecture comprises functionally redundant COTS servers running on diverse operating systems and platforms, hardened intrusion-tolerance proxies that mediate client requests and verify the behavior of servers and other proxies, and monitoring and alert management components based on the EMERALD intrusion-detection framework. Integrity and availability are maintained by dynamically adapting the system configuration in response to intrusions or other faults. The dynamic configuration specifies the servers assigned to each client request, the agreement protocol used to validate server replies, and the resources spent on monitoring and detection. Alerts trigger increasingly strict regimes to ensure continued service, with graceful degradation of performance, even if some servers or proxies are compromised or faulty. The system returns to less stringent regimes as threats diminish. Servers and proxies can be isolated, repaired, and reinserted without interrupting service.
This research is sponsored by DARPA under contract number N66001-00-C-8058. The views herein are those of the authors and do not necessarily reflect the views of the supporting agency. Approved for Public Release—Distribution Unlimited.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Almgren, M., Lindqvist, U.: Application-integrated data collection for security monitoring. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 22–36. Springer, Heidelberg (2001)
Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q., Hinton, H.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Proc. 7th USENIX Security Conference, January 1998, pp. 63–78 (1998)
Cukier, M., Lyons, J., Pandey, P., Ramasamy, H.V., Sanders, W.H., Pal, P., Webber, F., Schantz, R., Loyall, J., Watro, R., Atighetchi, M., Gossett, J.: Intrusion tolerance approaches in ITUA. In: Fast Abstract Supplement of the 2001 Intl. Conf. on Dependable Systems and Networks, July 2001, pp. B–64, B–65 (2001)
Cukier, M., Ren, J., Sabnis, C., Henke, D., Pistole, J., Sanders, W.H., Bakken, D.E., Berman, M.E., Karr, D.A., Schantz, R.: AQuA: an adaptive architecture that provides dependable distributed objects. In: 17th IEEE Symposium on Reliable Distributed Systems (SDRS-17), October 1998, pp. 245–253. IEEE Computer Society Press, Los Alamitos (1998)
Curry, D., Debar, H.: Intrusion detection message exchange format: Data model and extensible markup language (XML) document type definition (November 2001) (work in progress)
Deswarte, Y., Blain, L., Fabre, J.-C.: Intrusion tolerance in distributed computing systems. In: Proc. Intl. Symposium on Security and Privacy, May 1991, pp. 110–121. IEEE press, Los Alamitos (1991)
Fabre, J.-C., Deswarte, Y., Laprie, J.-C., Powell, D.: Saturation: Reduced idleness for improved fault-tolerance. In: 18th International Symposium on Fault-Tolerant Computing (FTCS-18), pp. 200–205. IEEE Computer Society Press, Los Alamitos (1988)
Fabre, J.-C., Pérennou, T.: A metaobject architecture for fault-tolerant distributed systems: The FRIENDS approach. IEEE Transactions on Computers 47, 78–95 (1998)
Gonzalez, O., Shrikumar, H., Stankovic, J., Ramamritham, K.: Adaptive fault tolerance and graceful degradation under dynamic hard real-time scheduling. In: 18th IEEE Real-Time Systems Symposium (RTSS 1997). IEEE Computer Society Press, Los Alamitos (December 1997)
Holzmann, G.J.: Design and Validation of Computer Protocols. Prentice Hall, Engelwood Cliffs (1991)
Huang, Y., Kintala, C., Kolettis, N., Fulton, N.: Software rejuvenation: Analysis, module and applications. In: 25th Symposium on Fault Tolerant Computing, June 1995, pp. 381–390. IEEE Computer Society Press, Los Alamitos (1995)
Real Secure server sensor policy guide version 6.0 (May 2001), http://www.iss.net
Just, J.E., Reynolds, J.C.: HACQIT (Hierarchical Adaptive Control of QoS for Intrusion Tolerance). In: 17th Annual Computer Security Applications Conference (2001)
Lindqvist, U., Porras, P.: Detecting computer and network misuse through the production-based expert system toolset (P-BEST). In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, May 1999, pp. 146–161. IEEE press, Los Alamitos (1999)
Lindqvist, U., Porras, P.: eXpert-BSM: A host-based intrusion detection solution for Sun Solaris. In: Proc. of the 17th Annual Computer Security Applications Conference (December 2001)
Liu, P., Jajodia, S.: Multi-phase damage confinement in database systems for intrusion tolerance. In: Proc. 14th IEEE Computer Security Foundations Workshop, June 2001, pp. 191–205 (2001)
Permeh, R., Maiffret, M.: ida Code Red worm. Security Advisory AL20010717, eEye Digital Security (July 2001), http://www.eeye.com/html/Research/Advisories/AL20010717.html
Porras, P.: Mission-based correlation. Personal communication, SRI International (2001), http://www.sdl.sri.com/projects/M-correlation
Porras, P., Neumann, P.: EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In: National Information Security Conference (October 1997)
Porras, P., Valdes, A.: Live traffic analysis of TCP/IP gateways. In: Proc. Symposium on Network and Distributed System Security. Internet Society (March 1998)
Powell, D., Arlat, J., Beus-Dukic, L., Bondavalli, A., Coppola, P., Fantechi, A., Jenn, E., Rabéjac, C., Wellings, A.: GUARDS: A generic upgradable architecture for realtime dependable systems. IEEE Transactions on Parallel and Distributed Systems 10, 580–599 (1999)
Powell, D., Bonn, G., Seaton, D., Veríssimo, P., Waeselynck, F.: The Delta-4 approach to dependability in open distributed computing systems. In: Proc. 18 Int. Symp. on Fault-Tolerant Computing Systems (FTCS-18), June 1988, pp. 246–251. IEEE Computer Society Press, Los Alamitos (1988)
Ranger, G.R., Khosla, P.K., Bakkaloglu, M., Bigrigg, M.W., Goodson, G.R., Oguz, S., Pandurangan, V., Soules, C.A.N., Strunk, J.D., Wylie, J.J.: Survivable storage systems. In: DARPA Information Survivability Conference and Exposition II, June 2001, pp. 184–195. IEEE Computer Society, Los Alamitos (2001)
Rivest, R.: The MD5 message digest algorithm. Internet Engineering Task Force, RFC1321 (April992)
Rodrigues, L., Verissimo, P.: xAMp: a multi-primitive group communications service. In: 11th Symposium on Reliable Distributed Systems, October 1992, pp. 112–121 (1992)
Roesch, M.: Snort: Lightweight intrusion detection for networks. In: USENIX LISA (1999) (November 1999), http://www.snort.org
Schneider, F.B.: Enforceable security policies. Information and System Security 3(1), 30–50 (2000)
Tripwire white papers (2001), http://www.tripwire.com
Valdes, A., Skinner, K.: Adaptive, model-based monitoring for cyber attack detection. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 80–92. Springer, Heidelberg (2000)
Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 54–68. Springer, Heidelberg (2001)
Vigna, G., Eckmann, S., Kemmerer, R.: The STAT tool suite. In: DISCEX 2000. IEEE press, Los Alamitos (January 2000)
Wang, F., Gong, F., Sargor, C., Goseva-Popstojanova, K., Trivedi, K., Jou, F.: SITAR: a scalable intrusion tolerance architecture for distributed server. In: Second IEEE SMC Information Assurance Workshop (2001)
Wensley, J., Lamport, L., Goldberg, J., Green, M., Levitt, K., Melliar-Smith, P., Shostack, R., Weinstock, C.: SIFT: the design and analysis of a fault-tolerant computer for aircraft control. Proc. IEEE 66, 1240–1255 (1978)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Valdes, A. et al. (2004). An Architecture for an Adaptive Intrusion-Tolerant Server. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2002. Lecture Notes in Computer Science, vol 2845. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39871-4_14
Download citation
DOI: https://doi.org/10.1007/978-3-540-39871-4_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20830-3
Online ISBN: 978-3-540-39871-4
eBook Packages: Springer Book Archive