An approach to intrusion tolerance for mission-critical services using adaptability and diverse replication

In many mission-critical applications, important services should be maintained properly under any circumstances including the presence of compromised components incurred by outside intentional attacks. In the paper, a two-level approach for the intrusion tolerance is presented. At the node level, by means of dynamic resource reallocation within a computing node, the critical services previously selected are to survive even after the occurrence of an attack. If it becomes impossible to find enough resources for the critical services within the node in spite of the adaptive actions taken at the node level, it moves to the system level. The system level mechanism is to deliver the intended services transparently to the clients even when a node fails. An architecture adopting diverse redundant computing nodes is proposed for that purpose. Through the experiments on a test-bed, especially, for web services, the approach turned out very effective to cope with not only denial of service attacks but also confidentiality and integrity attacks. Although the measurement of the timing overhead incurred by the approach represents 50% loss in performance, it seem possible to decrease the cost by optimizing the implementation. © 2003 Elsevier B.V. All rights reserved.