<p> Intrusion detection research has been so far mostly concentrated on techniques that effectively identify the malicious behaviors. No assurance can be assumed once a system is compromised. Intrusion tolerance, on the other hand, focuses on providing the desired services even when some components have been compromised. A DARPA-funded research project named SITAR (A Scalable Intrusion-Tolerant Architecture for Distributed Services) investigates the intrusion tolerance further in distributed systems to provide reliable services. Two specific challenges are addressed in this project: the first is how to take advantage of fault tolerant techniques in intrusion tolerant systems; the second is how to deal with possible attacks and compromised components so as to continue providing the service. This thesis represents part of the on-going development of the SITAR project. First, a state transition model is developed to describe the dynamic behavior of an intrusion tolerant system. Second, the Acceptance Monitor is designed to detect the system compromises from the request-response stream. Third, various kinds of vulnerabilities on Web-based COTS services are investigated and one specific design of the Acceptance Monitor is proposed and implemented for a Web-based COTS service to show the effectiveness of the proposed approach. We hope by utilizing the fault tolerance methodologies on the intrusion tolerance system we can solve the problem of providing reliable distributed services that are invulnerable to both known and unknown intrusions. <P>
Identifer | oai:union.ndltd.org:NCSU/oai:NCSU:etd-20010625-213410 |
Date | 27 June 2001 |
Creators | Wang, Rong |
Contributors | Dr. Gregory T. Byrd, Dr. Y. Frank Jou, Dr. Douglas S. Reeves |
Publisher | NCSU |
Source Sets | North Carolina State University |
Language | English |
Detected Language | English |
Type | text |
Format | application/pdf |
Source | http://www.lib.ncsu.edu/theses/available/etd-20010625-213410 |
Rights | unrestricted, I hereby certify that, if appropriate, I have obtained and attached hereto a written permission statement from the owner(s) of each third party copyrighted matter to be included in my thesis, dissertation, or project report, allowing distribution as specified below. I certify that the version I submitted is the same as that approved by my advisory committee. I hereby grant to NC State University or its agents the non-exclusive license to archive and make accessible, under the conditions specified below, my thesis, dissertation, or project report in whole or in part in all forms of media, now or hereafter known. I retain all other ownership rights to the copyright of the thesis, dissertation or project report. I also retain the right to use in future works (such as articles or books) all or part of this thesis, dissertation, or project report. |
Page generated in 0.0011 seconds