Intrusion-Tolerant Architectures: Concepts and Design

Paulo VerĂ­ssimo, Nuno F. Neves, Miguel Correia

Keywords: Intrusion Tolerance, Fault-Tolerant Protocols, Secure Systems, Distributed Fault-Tolerance, Byzantine Protocols, Security, Dependability


There is a significant body of research on distributed computing architectures, methodologies and algorithms, both in the fields of fault tolerance and security. Whilst they have taken separate paths until recently, the problems to be solved are of similar nature. In classical dependability, fault tolerance has been the workhorse of many solutions. Classical security-related work has on the other hand privileged, with few exceptions, intrusion prevention. Intrusion tolerance (IT) is a new approach that has slowly emerged during the past decade, and gained impressive momentum recently. Instead of trying to prevent every single intrusion, these are allowed, but tolerated: the system triggers mechanisms that prevent the intrusion from generating a system security failure. The paper describes the fundamental concepts behind IT, tracing their connection with classical fault tolerance and security. We discuss the main strategies and mechanisms for architecting IT systems, and report on recent advances on distributed IT system architectures.


author = "P. E. Ver\'{\i}ssimo and N. F. Neves and M. P. Correia",
title = "Intrusion-Tolerant Architectures: Concepts and Design",
year = "2003",
publisher = spring,
volume = "2677",
series = lncs,
booktitle = "Architecting Dependable Systems",
editor = "R. Lemos and C. Gacek and A. Romanovsky",
notes= "Extended version in"

Extended report

Download the pdf version.