The design of a generic intrusion-tolerant architecture for web servers

IEEE Transactions on Dependable and Secure Computing

Volumn 6, Issue 1, 2009, Pages 45-58

  Saidane, Ayda ^a   Nicomette, Vincent ^b   Deswarte, Yves ^b  

^a UNIVERSITY OF TRENTO   (Italy)

^b UNIVERSITÉ DE TOULOUSE   (France)

Author keywords

COTS (commercial off the shelf); Dependability; Distributed systems; Intrusion tolerance; Security; Survivability; Web servers

Indexed keywords

NETWORK SECURITY; OPEN SYSTEMS; REDUNDANCY; WEB SERVICES;

DEPENDABILITY; DISTRIBUTED SYSTEMS; INTRUSION TOLERANCE; SECURITY; SURVIVABILITY; WEB SERVERS;

COMMERCIAL OFF-THE-SHELF;

EID: 60449100156     PISSN: 15455971     EISSN: None     Source Type: Journal    
DOI: 10.1109/TDSC.2008.1     Document Type: Article

References (27)

1. A. Avizienis, J.-C. Laprie, B. Randell, and C. Landwehr, "Basic Concepts and Taxonomy of Dependable and Secure Computing," IEEE Trans. Dependable and Secure Computing, vol. 1, no. 1, pp. 11-33, Jan.-Mar. 2004.
2. M. Cukier, T. Courtney, J. Lyons, H.V. Ramasamy, W.H. Sanders, M. Seri, M. Atighetchi, P. Rubel, C. Jones, F. Webber, P. Pal, R. Watro, and J. Gossett, "Providing Intrusion Tolerance with ITUA," Proc. Int'l Conf. Dependable Systems and Networks (DSN '02), June 2002.
3. CERT Advisory ca-2003-04, http://cert.org/advisories/CA-2003-04. html, 2008.
4. C. Cowen, "Software Security for Open Source Systems," /EEE Security and Privacy, pp. 38-45, Jan./Feb. 2003.
5. Y. Deswarte, L. Blain, and J.-C. Fabre, "Intrusion Tolerance in Distributed Computing Systems," Proc. Int'l Symp. Security and Privacy (S&P '91), pp. 110-121, May 1991.
6. Y. Deswarte, J.-J. Quisquater, and A. Saidane, "Remote Integrity Checking," Proc. Sixth IFIP TC-11 WG 11.5 Working Conf Integrity and Internal Control in Information Systems (IICIS) 2003.
7. R. Chinchani et al., "A Tamper-Resistant Framework for Unambiguous Detection of Attacks in User Space Using Process Monitors," Proc. Second IEEE Int'l Workshop Information Assurance (IWIA), 2003.
8. Example of Typical Scenario, http://www.laas.fr/~nicomett/TDSC/ dit-example.pdf, 2008.
9. B. Hardekopf, K. Kwiat, and S. Upadhyaya, "Secure and Fault Tolerant Voting in Distributed Systems," Proc. IEEE Aerospace Conf. '01, vol. 3, pp. 1117-1126, Mar. 2001.
10. C. Knight, D. Heimbigner, A.L. Wolf, A. Carzaniga, J.C. Hill, P. Devanbu, and M. Gertz, "The Willow Survivability Architecture," Proc. Fourth Information Survivability Workshop (ISW '01), Oct. 2001.
11. Z. Kalbarczyk, R. K. Iyer, S. Bagchi, and K. Whisnant, "Chameleon: A Software Infrastructure for Adaptive Fault Tolerance," IEEE Trans. Parallel and Distributed Systems, vol. 10, no. 6, pp. 560-579, June 1999.
12. J.H. Lala, "Introduction," Proc. Foundations of Intrusion Tolerant Systems: Organically Assured and Survivable Information Systems (OASIS '03), pp. x-xix, 2003.
13. P. Luenam and P. Liu, "The Design of an Adaptive Intrusion Tolerant Database System," Proc. Foundations of Intrusion Tolerant Systems: Organically Assured and Survivable Information Systems (OASIS), 2003.
14. J. Levy, H. Saidi, and T.E. Uribe, "Combining Monitors for Runtime System Verification," Elsevier Science Electronic Notes in Theoretical Computer Science, vol. 70, no. 4, Dec. 2002.
15. F. Majorczyk, E. Totel, and L. Me, "COTS Diversity Based Intrusion Detection and Application to Web Servers," Proc. Eighth Int'l Symp. Recent Advances in Intrusion Detection (RAID '05), Sept. 2005.
16. P. Neumann and P. Porras, "Experience with EMERALD to Date," Proc. First Usenix Workshop Intrusion Detection and Network Monitoring, 1999.
17. Pax, http://pax.grsecurity.org, 2008.
18. D. Powell, G. Bonn, D. Seaton, P. Veríssimo, and F. Waeselynck, "The Delta-4 Approach to Dependability in Open Distributed Computing Systems," Proc. 18th IEEE Int'l Symp. Fault-Tolerant Computing Systems (FTCS '88), pp. 46-51, 1988.
19. "Malicious-and Accidental-Fault Tolerance for Internet Applications: Conceptual Model and Architecture," Technical Report 03011, Project IST-1999-11583 MAFTIA, Deliverable D21, D. Powell and R. Stroud, eds., LAAS-CNRS, Jan. 2003.
20. Snort, http://www.snort.org, 2008.
21. SQL Injection: Are Your Web Applications Vulnerable? SPI Laboratories, http://www.spidynamics.com/whitepapers/WhitepaperSQLInjection.pdf, 2008.
22. Swig, http://www.swig.org, 2008.
23. T.E. Uribe et al., "Intrusion Tolerance and Worm Spread," Proc. Int'l Conf. Dependable Systems and Networks (DSN '03), pp. B16-B17, June 2003.
24. A. Valdes, M. Almgren, S. Cheung, Y. Deswarte, B. Dutertre, J. Levy, H. Saldi, V. Stavridou, and T. Uribe, "An Adaptative Intrusion-Tolerant Server Architecture," Proc. 10th Int'l Workshop Security Protocols, pp. 158-178, 2003.
25. A. Valdes and K. Skinner, "Adaptative Model-Based Monitoring for Cyber Attack Detection," Proc. Sixth Int'l Symp. Recent Advances in Intrusion Detection (RAID '03), pp. 54-69, 2003.
26. J.J. Wylie, M.W. Bigrigg, J.D. Strunk, G.R. Ganger, H. Kiliccote, and P.K. Khosla, "Survivable Information Storage Systems," Computer, vol. 33, no. 8, pp. 61-68, Aug. 2000.
27. F. Wang, F. Gong, C. Sargor, K. Goseva, K. Trivedi, and F. Jou, "Scalable Intrusion Tolerance Architecture for Distributed Server," Proc. Second IEEE SMC Information Assurance Workshop, 2001.