Towards Practical Intrusion Tolerant Systems

Wenbing Zhao

doi:10.1049/cp.2013.0063

Towards Practical Intrusion Tolerant Systems

Research output: Contribution to journal › Article › peer-review

Abstract

In this paper, we present the blueprint of a novel middleware infrastructure that can be used to build mission-critical systems with increased resiliency against intrusion attacks. The infrastructure is designed to be practical and it imposes a well-defined structure on the application by adhering the principle of the separation of concerns: (1) the processing of each application request is carried out at a single execution node, and if the execution node becomes faulty, another node can take over immediately; (2) the state of the server is replicated transparently across a pool of state replicas, and a novel append-only strategy is used so that not only the state is protected against hardware failures, it is resilient to attacks aimed to cause state corruption and destruction; (3) the fault monitoring, execution and state integrity checking, and system configuration management are carried out by distinct components which by themselves are replicated.

Original language	American English
Journal	Information and Communications Technologies
DOIs	https://doi.org/10.1049/cp.2013.0063
State	Published - Jan 1 2013

Disciplines

Electrical and Computer Engineering

Access to Document

10.1049/cp.2013.0063License: CC BY

Cite this

@article{57d9db216c584a36a42c6e396db7ebfe,

title = "Towards Practical Intrusion Tolerant Systems",

abstract = " In this paper, we present the blueprint of a novel middleware infrastructure that can be used to build mission-critical systems with increased resiliency against intrusion attacks. The infrastructure is designed to be practical and it imposes a well-defined structure on the application by adhering the principle of the separation of concerns: (1) the processing of each application request is carried out at a single execution node, and if the execution node becomes faulty, another node can take over immediately; (2) the state of the server is replicated transparently across a pool of state replicas, and a novel append-only strategy is used so that not only the state is protected against hardware failures, it is resilient to attacks aimed to cause state corruption and destruction; (3) the fault monitoring, execution and state integrity checking, and system configuration management are carried out by distinct components which by themselves are replicated.",

author = "Wenbing Zhao",

year = "2013",

month = jan,

day = "1",

doi = "10.1049/cp.2013.0063",

language = "American English",

journal = "Information and Communications Technologies",

}

TY - JOUR

T1 - Towards Practical Intrusion Tolerant Systems

AU - Zhao, Wenbing

PY - 2013/1/1

Y1 - 2013/1/1

N2 - In this paper, we present the blueprint of a novel middleware infrastructure that can be used to build mission-critical systems with increased resiliency against intrusion attacks. The infrastructure is designed to be practical and it imposes a well-defined structure on the application by adhering the principle of the separation of concerns: (1) the processing of each application request is carried out at a single execution node, and if the execution node becomes faulty, another node can take over immediately; (2) the state of the server is replicated transparently across a pool of state replicas, and a novel append-only strategy is used so that not only the state is protected against hardware failures, it is resilient to attacks aimed to cause state corruption and destruction; (3) the fault monitoring, execution and state integrity checking, and system configuration management are carried out by distinct components which by themselves are replicated.

AB - In this paper, we present the blueprint of a novel middleware infrastructure that can be used to build mission-critical systems with increased resiliency against intrusion attacks. The infrastructure is designed to be practical and it imposes a well-defined structure on the application by adhering the principle of the separation of concerns: (1) the processing of each application request is carried out at a single execution node, and if the execution node becomes faulty, another node can take over immediately; (2) the state of the server is replicated transparently across a pool of state replicas, and a novel append-only strategy is used so that not only the state is protected against hardware failures, it is resilient to attacks aimed to cause state corruption and destruction; (3) the fault monitoring, execution and state integrity checking, and system configuration management are carried out by distinct components which by themselves are replicated.

UR - https://engagedscholarship.csuohio.edu/enece_facpub/269

UR - http://ieeexplore.ieee.org/Xplore/defdeny.jsp?url=http%3A%2F%2Fieeexplore.ieee.org%2Fstamp%2Fstamp.jsp%3Ftp%3D%26arnumber%3D6617506%26userType%3DinstdenyReason=-134arnumber=6617506productsMatched=nulluserType=inst

U2 - 10.1049/cp.2013.0063

DO - 10.1049/cp.2013.0063

M3 - Article

JO - Information and Communications Technologies

JF - Information and Communications Technologies

ER -

Towards Practical Intrusion Tolerant Systems

Abstract

Disciplines

Access to Document

Other files and links

Cite this