Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Article type: Research Article
Authors: Yu, Menga | Liu, Pengb; * | Zang, Wanyub
Affiliations: [a] Department of Computer Science, Monmouth University, West Long branch, NJ 07764, USA | [b] School of Information Sciences and Technology, The Pennsylvania State University, University Park, PA 16802, USA
Correspondence: [*] Corresponding author. Tel.: +1 814 863 0641; Fax: +1 814 865 6426; E-mail: [email protected]
Abstract: It is important for critical applications to provide critical services without any integrity or availability degradation in the presence of intrusions. This requirement can be satisfied by intrusion masking techniques under some situations. Compared with intrusion tolerance techniques, where some integrity or availability degradations are usually caused, intrusion masking techniques use substantial replications to avoid such degradations. Existing intrusion masking techniques, such as the state machine approach, can effectively mask intrusions when processing requests from a client using a server replica group, but they are fairly limited in processing a (multi-stage) distributed operation across multiple server replica groups. As more and more applications (e.g., supply chain management, distributed banking) need to process distributed operations in an intrusion-masking fashion, it is in urgent need to overcome the limitations of existing intrusion masking techniques. In this paper, we specify and compose two intrusion-masking models for inter-replica-group distributed computing. Using these two models, a variety of applications can mask (numerous kinds of) intrusions. Our intrusion masking models overcome the limitations of existing intrusion masking techniques. The survivability of our intrusion-masking models is quantitatively analyzed. A simple yet practical implementation method of our intrusion-masking models is proposed and applied to build two intrusion-masking two-phase-commit (2PC) protocols, and the corresponding efficiency is analyzed. The two intrusion-masking 2PC protocols and the analysis results show that the proposed intrusion-masking models have good utility, practicality, and survivability. Finally, the composition methodology developed in this paper can also be used to develop other intrusion-masking distributed computing models.
Keywords: Intrusion masking, survivable systems, distributed systems, security
DOI: 10.3233/JCS-2005-13402
Journal: Journal of Computer Security, vol. 13, no. 4, pp. 623-658, 2005
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
[email protected]
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office [email protected]
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
如果您在出版方面需要帮助或有任何建, 件至: [email protected]