Skip to main content
SpringerLink
Log in

Intrusion Tolerance in Distributed Middleware

  • Published:
Information Systems Frontiers Aims and scope Submit manuscript

Abstract

Many existing and new applications rely on several layers of middleware services that must be able to withstand intrusions and attacks from a very wide range of players. In this paper we discuss the concept of Intrusion Tolerance in distributed middleware. We start by presenting a threat analysis of the current commercial middleware technologies. We then discuss basic intrusion tolerance techniques such as Fragmentation-Redundancy-Scattering (FRS) and Threshold Cryptography. Then follows a description of a generic architecture that builds upon these techniques to compensate for intrusion vulnerabilities in commercial middleware, and finally we briefly describe how this architecture can be generalized.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  • Deswarte Y, Blain L, Fabre J. Intrusion tolerance in distributed systems. In: IEEE Symposium on Research in Security and Privacy 1991:110-121.

  • Deswarte Y, Fabre J, Fray J, Powell D, Ranea P. SATURNE: A distributed computing system which tolerates faults and intrusions. In: Workshop on Future Trends of Distributed Computing Systems in 1990's, 1988:329-338.

  • Fabre J, Perennou T. Processing of confidential information indistributed systems by fragmentation. Computer Communications 1997;20:177–188.

    Google Scholar 

  • Krsul I. Software Vulnerability Analysis. PhD Thesis. Purdue University, May 1998.

  • Lala J. Program Manager. Intrusion Tolerance Program. DARPA BAA 00-15, Dec. 1999.

  • Landwehr CE, Bull AR, McDermott JP, Choi WS. A taxonomy of computer program security flaws. ACM Computing Surveys Sept. 1994:26(3).

  • Longstaff T, et al. Are we forgetting the risks of information technology. IEEE Computer Dec. 2000:43-51.

  • Lough DL, “Lough, Daniel Lowry”. PhD Thesis. VirginaTech, March, 2001.

  • Randell B, Fabre J, Fault and intrusion tolerance in object-oriented systems. In: InternationalWorkshop on Object Orientation in Operating Systems 1991;180-184.

  • Russell D, Gangemi GT Sr. Computer Security Basics. Sebastopol, California: O'Reilly & Associates, Inc., Dec. 1991.

    Google Scholar 

  • Shamir A. How to share a secret. Communications of the ACM 1979;22(11):612–613.

    Google Scholar 

  • W3C, Web Service Definition Language. URL: http: www.w3.org/TR/wsdl

  • W3C, Simple Object Access Protocol 1.1. URL: http://www.w3. org/TR/SOAP/

Download references

Author information

Authors and Affiliations

  1. Telcordia Technologies, 1 Telcordia Drive, Piscataway, NJ, 08854, USA

    Rabih Zbib, Farooq Anjum & Abhrajit Ghosh

  2. Fordham Graduate School of Business, 130 W 60th Street, New York, USA

    Amjad Umar (Professor of Information and Communication Systems)

Authors
  1. Rabih Zbib
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Farooq Anjum
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Abhrajit Ghosh
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Amjad Umar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rabih Zbib.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Zbib, R., Anjum, F., Ghosh, A. et al. Intrusion Tolerance in Distributed Middleware. Information Systems Frontiers 6, 67–75 (2004). https://doi.org/10.1023/B:ISFI.0000015875.43144.05

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1023/B:ISFI.0000015875.43144.05

Search

Navigation