Specifying and using intrusion masking models to process distributed operations
نویسندگان
چکیده
It is important for critical applications to provide critical services without any integrity or availability degradation in the presence of intrusions. This requirement can be satisfied by intrusion masking techniques under some situations. Compared with intrusion tolerance techniques, where some integrity or availability degradations are usually caused, intrusion masking techniques use substantial replications to avoid such degradations. Existing intrusion masking techniques, such as the state machine approach, can effectively mask intrusions when processing requests from a client using a server replica group, but they are fairly limited in processing a (multi-stage) distributed operation across multiple server replica groups. As more and more applications (e.g., supply chain management, distributed banking) need to process distributed operations in an intrusion-masking fashion, it is in urgent need to overcome the limitations of existing intrusion masking techniques. In this paper, we specify and compose two intrusion-masking models for inter-replica-group distributed computing. Using these two models, a variety of applications can mask (numerous kinds of) intrusions. Our intrusion masking models overcome the limitations of existing intrusion masking techniques. The survivability of our intrusion-masking models is quantitatively analyzed. A simple yet practical implementation method of our intrusion-masking models is proposed and applied to build two intrusion-masking two-phase-commit (2PC) protocols, and the corresponding efficiency is analyzed. The two intrusion-masking 2PC protocols and the analysis results show that the proposed intrusion-masking models have good utility, practicality, and survivability. Finally, the composition methodology developed in this paper can also be used to develop other intrusion-masking distributed computing models.
منابع مشابه
Execution Monitoring of Security-Critical Programs in Distributed Systems: A Specification-Based Approach
This paper describes a specification-based approach to detect exploitations of vulnerabdities in securitycritical programs. The approach utilizes security specifications that describe the intended behavior of programs and scans audit trails for operations that are in violation of the specifications. We developed a formal framework for specifying the security-relevant behavior of programs, on wh...
متن کاملOperational Specification of Distributed Memory Models
Memory models have been described using many techniques. In this paper we describe a framework for specifying memory models using both axiomatic and operational approaches. We show how, to be equivalent, axiomatic definitions must be prefix-closed.
متن کاملProposing A Distributed Model For Intrusion Detection In Mobile Ad-Hoc Network Using Neural Fuzzy Interface
Security term in mobile ad hoc networks has several aspects because of the special specification of these networks. In this paper a distributed architecture was proposed in which each node performed intrusion detection based on its own and its neighbors’ data. Fuzzy-neural interface was used that is the composition of learning ability of neural network and fuzzy Ratiocination of fuzzy system as...
متن کاملProposing A Distributed Model For Intrusion Detection In Mobile Ad-Hoc Network Using Neural Fuzzy Interface
Security term in mobile ad hoc networks has several aspects because of the special specification of these networks. In this paper a distributed architecture was proposed in which each node performed intrusion detection based on its own and its neighbors’ data. Fuzzy-neural interface was used that is the composition of learning ability of neural network and fuzzy Ratiocination of fuzzy system as...
متن کاملOutlier Detection in Wireless Sensor Networks Using Distributed Principal Component Analysis
Detecting anomalies is an important challenge for intrusion detection and fault diagnosis in wireless sensor networks (WSNs). To address the problem of outlier detection in wireless sensor networks, in this paper we present a PCA-based centralized approach and a DPCA-based distributed energy-efficient approach for detecting outliers in sensed data in a WSN. The outliers in sensed data can be ca...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Journal of Computer Security
دوره 13 شماره
صفحات -
تاریخ انتشار 2005