Abstract
In order to identify and reduce the chance of vulnerability, a novel policy-based intrusion tolerant system (ITS) is studied in this paper. The suggested scheme quantifies the vulnerability level first, and then applies it to decide the candidate of the next rotation based on a policy. Experiments using CSIM 20 proved that it has enough capability to hide the VM rotation pattern which attackers are generally interested in and reduces the data leakage of the system greatly in spite of increasing the number of exposures.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Miguel C, Paulo V, Nuno FN (2004) The architecture of a secure group communication system based on intrusion tolerance. In: Proceedings of the 2001 international conference on distributed computing systems workshop (ICDCS 2001), Arizona, USA, April 2001
Lala JH (2003) Organically assured & survivable information systems (OASIS): foundations of intrusion tolerant systems. IEEE Computer Society Press, http://computer.org/cspres, ISBN 0-7695-2057-X2003
Quyen N, Arun S (2010) Comparative analysis of intrusion-tolerant system architectures. In: IEEE security and privacy. Preprint. Accepted for publication, Aug
Quyen N (2010) Realizing S-reliability for services via recovery-driven intrusion tolerance mechanism. In: International conference on dependable systems and networks workshops (DSN-W)
http://www.programmingunlimited.net/siteexec/content.cgi?page=fv
http://www.ahnlab.com/kr/site/securitycenter/asec/asecReportView.do
Schwetman H (2001) CSIM19: a powerful tool for building system models. In: Proceedings of the 2001 winter simulation conference, pp 250–255
David P, Arun KS (2010) An intrusion tolerance approach to enhance single sign on server protection. In: Proceedings of the third international conference on dependability (DEPEND 2010) Venice/Mestre, 18–25 July
Yih H, David A, Arun S (2006) Closing cluster attack windows through server redundancy and rotations. In: Proceedings of the second international workshop on cluster security (Cluster-Sec06), Singapore, May
Acknowledgments
This work was supported by the National Research Foundation of Korea (NRF) grant funded by the Korea Government (MEST) (No. 2012-0005390).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer Science+Business Media Dordrecht
About this paper
Cite this paper
Lim, J., Shin, Y., Doo, S., Yoon, H. (2013). The Design of a Policy-based Attack-Resilient Intrusion Tolerant System. In: Park, J., Barolli, L., Xhafa, F., Jeong, HY. (eds) Information Technology Convergence. Lecture Notes in Electrical Engineering, vol 253. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-6996-0_45
Download citation
DOI: https://doi.org/10.1007/978-94-007-6996-0_45
Published:
Publisher Name: Springer, Dordrecht
Print ISBN: 978-94-007-6995-3
Online ISBN: 978-94-007-6996-0
eBook Packages: EngineeringEngineering (R0)