Abstract
Recently, the building of strong intrusion tolerant systems is in great demand since the openness and the distributed nature of information systems are easily used to compromise the systems by intentional attacks. To achieve intrusion tolerance by enabling the systems to survive various types of intrusions, we suggest a novel approach, Adaptive Cluster Transformation (ACT), in this paper. Instead of using a fixed cluster size as in conventional approaches, ACT adapts a variable cluster size depending on the system status. This is proved to maintain good quality of service (QoS). In addition, the early prediction of incoming massive packets makes ACT possible to replace any damaged clusters with new ones consisting of pristine virtual machines (VMs). This also contributes to defend the system against a Denial of Service (DoS). The performance of ACT is compared with other fixed sizes of VM cluster architectures by CSIM 20. And it is verified that the proposed method is more effective in maintaining the specific level of QoS as well as providing strong security to the targeted system.
Similar content being viewed by others
References
Smith M, Schridde C, Freisleben B (2008) Securing stateful grid servers through virtual server rotation. In: Proc of the 17th intl symp on high performance distributed computing (HPDC ’08), pp 11–22
Saidane A, Nicomette V, Deswarte Y (2009) The design of a generic intrusion-tolerant architecture for web servers. In: IEEE trans dependable and secure computing, vol 6, Jan-Mar 2009. No (1)
Huang Y, Arsenault D, Sood A (2006) Closing cluster attack windows through server redundancy and rotations. In: Proc of the sixth intl symp on Cluster Computing and the Grid Workshops (CCGRIDW ’06)
Sousa P, Neves NF, Verissimo P (2006) Proactive resilience through architectural hybridization. In: Proc ACM Symp Applied Computing (SAC ’06), Apr 2006, pp 686–690
Huang Y, Sood A (2002) Self-cleansing systems for intrusion containment. In: Proc of workshop on Self-Healing, Adaptive, and Self-Managed Systems (SHAMAN), New York City, Jun 2002
Nguyen Q, Sood A (2010) Realizing S-reliability for services via recovery-driven intrusion tolerance mechanism. In: 2010 intl conf on Dependable Systems and Networks Workshops (DSN-W)
Sousa P, Neves A, Correia M, Neves NF, Verissimo P (2010) Highly available intrusion-tolerant services with proactive-reactive recovery. In: IEEE trans on parallel and distributed systems, vol 21, Apr 2010. No 4
Huang Y, Arsenault D, Sood A (2006) Incorruptible system self-cleansing intrusion tolerance and its application to DNS security. J Netw 1(5):21–30. 2006
Schwetman H (2001) CSIM19: a powerful tool for building system models. In: Proc of the 2001 winter simulation conference, pp 250–255
Verissimo PE, Neves NF, Correia MP (2003) Intrusion-Tolerant Architectures: Concepts and Design. http://www.navigators.di.fc.ul.pt
Nguyen Q, Sood A (2009) Quantitative approach to tuning of a time-based intrusion-tolerant system architecture. In: 3rd workshop on recent advances in intrusion tolerant systems, Jun 2009
Stankovic V, Bessani A, Daidone A, Gashi I, Olbelheiro RR, Sousa P (2009) Enhancing Fault/Intrusion tolerance through design and configuration diversity. In: 3rd Workshop on Recent Advances on Intrusion-Tolerant Systems (WRAITS 2009), Jun 2009
Nguyen Q, Sood A (2010) Comparative analysis of intrusion-tolerant system architectures. In: IEEE security and privacy, vol 30, Aug 2010
Wang X, Sang Y, Liu Y, Luo Y (2011) Considerations on security and trust measurement for virtualized environment. J Converg 2(2):19–24
Silas S, Ezra K, Rajsingh EB (2012) A novel fault tolerant service selection framework for pervasive computing. Hum-Cent Comput Inf Sci 2:5
Acknowledgements
This work was supported by Agency for Defense Development (UD110053ED).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Lim, J., Kim, Y., Koo, D. et al. A novel Adaptive Cluster Transformation (ACT)-based intrusion tolerant architecture for hybrid information technology. J Supercomput 66, 918–935 (2013). https://doi.org/10.1007/s11227-013-0928-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-013-0928-5