The notion of handling— react, counteract, recover, mask— a wide set of faults encompassing intentional and malicious faults (intrusions), which may lead to failure of the system security properties if nothing is done to counter their effect on the system state.
• Instead of trying to prevent every single intrusion, these are allowed, but tolerated.
• The system has the means to trigger mechanisms that prevent the intrusion from generating a system failure.
• A new approach has slowly emerged during the past decade, and gained impressive momentum recently: intrusion tolerance.
That is, the notion of tolerance to a wide set of faults encompassing intentional and malicious faults (we may collectively call them intrusions), which may lead to failure of the system security properties if nothing is done to react, counteract, recover, mask, etc., the effect of intrusions on the system state. In short, instead of trying to prevent every single intrusion, the latter are allowed, but tolerated: the system has the means to trigger mechanisms that prevent the intrusion
from generating a system failure.
Traditionally, security has involved either:
– Trusting that certain attacks will not occur
– Removing vulnerabilities from initially fragile software
– Preventing attacks from leading to intrusions
In contrast, the tolerance paradigm in security:
– Assumes that systems remain to a certain extent vulnerable
– Assumes that attacks on components or sub-systems can happen and some will be successful
– Ensures that the overall system nevertheless remains secure and Operational
In the process of intrusion tolerance we come across many stages that directly or indirectly do help in making the process Efficient and Effective.
1. Fault Models.
2. Classic Methodology.
3. Error Processing.
4. Fault Treatment.
Attacks, Vulnerabilities, Intrusions
– An externally induced, intentionally malicious, operational fault, causing an erroneous state in the system.
• An intrusion has two underlying causes:
– Malicious or non-malicious weakness in a computing or communication system that can be exploited with malicious intention
– Malicious intentional fault introduced in a computing or comm’s system, with the intent of exploiting vulnerability in that system
– Without attacks, vulnerabilities are harmless
– Without vulnerabilities, there cannot be successful attacks
Attack + vulnerability intrusion error failure
– A specialization of the generic “fault, error, failure” sequence
Faults in Cascade:
• b is outsider with respect to D:
– Not authorized to perform any object operations
• a is insider with respect to D:
– His privilege (A) intersects D
– authorized to perform some specified
• b performs outsider intrusion on D
– Privilege theft
• a performs insider intrusion on D
– Privilege abuse
– Maybe combined with privilege theft
• b usurps identity of a
– Privilege usurpation
Intrusion tolerance is one of the effective approaches to handle the intrusion and punish the intruder under the law. Using the Intrusion tolerant measures and protocols, though intrusion takes place it can certainly be tolerated
1) Aducent Inc