Intrusion
Tolerance

 

 

There is a significant body of research on distributed computing architectures, methodologies and algorithms, both in the fields of fault tolerance and security.
Whilst they have taken separate paths until recently, the problems to be solved are of similar nature. In classical dependability, fault tolerance has been the workhorse of many solutions. Classical security-related work has on the other hand privileged, with few exceptions, intrusion prevention.
Intrusion tolerance is a new approach that has slowly emerged during the past decade, and gained impressive momentum recently. Instead of trying to prevent every single intrusion, these are allowed, but tolerated: the system triggers mechanisms that prevent the intrusion from generating a system security failure.

The tolerance paradigm in security has deserved great attention recently. Namely: in Europe, the MAFTIA project  (Malicious- and Accidental-Fault Tolerance for Internet Applications), which developed concepts and prototyped architectures; in the US, the OASIS program, which implemented several intrusion-tolerant systems.

With the aim of disseminating intrusion tolerance concepts and techniques to a wide audience, we have prepared a tutorial, and a companion text, available from the University of Lisboa Technical Reports web site. The tutorial has been presented at several conferences and universities.

Tutorial

VerĂ­ssimo, Paulo: Intrusion Tolerance: Concepts and Design Principles. A Tutorial. Technical Report DI/FCUL TR02-6, Department of Informatics, University of Lisboa (2002). abstract - pdf

Text

An extended version of the paper: VerĂ­ssimo, P. E., and Neves, N. F., and Correia, M. P.: Intrusion-Tolerant Architectures: Concepts and Design. In: Architecting Dependable Systems. Springer-Verlag LNCS 2677 (2003).  Technical Report DI/FCUL TR03-5, Department of Informatics, University of Lisboa (2003). abstract - pdf


                  Navigators: http://www.navigators.di.fc.ul.pt