Research On Key Technology For Proactive Intrusion Tolerance System

Intrusion tolerance technology, as the typical representation of the third generation network security technology, gradually becomes the research hotspot of information security domain. The core idea of intrusion tolerance is that the system can avoid entirety invalidation by spring some intrusion tolerance mechanisms and still provide natural or degrade service to legal user requests at the same time of protect data's secrecy and authenticity when the system is attacked and attacker is destroyed or controlled part of components. Compare to the first the third generation network security technology (Intrusion Defense) and the second generation network security technology (Intrusion Detection), intrusion tolerance technology better meets the demands of high reliability and high security of the some importance systems or key systems.Intrusion tolerance system is a software system which is build by using of various intrusion tolerance technology and hold self-detection, self-recovery and reconstruction in case of the intrusions or the failures occur. According reaction mode for intrusion attack, the intrusion tolerance system can be divided into proactive intrusion tolerance system (PITS) and reactive intrusion tolerance system (RITS). The PITS adopt beforehand response mode to intrusion attack. The PITS shield disadvantage affect of attack through intrusion tolerance and make the user of system don't feeling exist of attack when attack occur.The PITS generally is based on redundancy technology, fault-tolerance technology, threshold cryptography technology and voting technology. The PITS demand redesign the system and manufacture enough redundancy components for meeting natural function of the system when it is suffered attack and part components failure. The RITS adopt behind response mode to attack and is the prolongation of intrusion detection technology. The RITS assure the system to persistently provide service at case of attack occurring by improving detection methods and expediting attack response time and using inherent information protection technology and failure shield technology. The RITS is generally based on intrusion detection, pattern recognition, operation isolation and son on, which don't demand redesign the system and implement function by composition mode on inherent system.Due to the localization of existing intrusion detection technology (subsist upper distort, missing report and detection invalidation to undiscovered style attack), the PITS have better intrusion tolerance ability and performance to compare with the RITS based on intrusion detection. The PITS is more suited to constructing continuous service and high assurance application system. While, because the proactive intrusion tolerance technology must be based on the redundant structures, two problems about high building cost and high software complex degrees have been appeared. This paper studies above two problems, thought over the system's whole structure, the failure detection technology is applied to design the intrusion tolerance system architecture, and proposed the new proactive intrusion tolerance system architecture. And based on that, adaptive failure detection method, voting method, secret sharing method and node level intrusion tolerance model are designed. The primary research works of this paper incarnate several aspects as follows.Firstly, aiming at the high building cost and high software complexity problems of intrusion tolerance system, failure detection technology is applied to the architecture design of intrusion tolerance system and the new proactive intrusion tolerance system architecture based on failure detection (PITSA-FD) is proposed. PITSA-FD makes active detection to redundant parts comparing with passivity detection of traditional intrusion tolerance system. And it solved the time interval between under attack to entire failure. Failure redundant nodes can be discovered in time by seasonal failure detection, which spring reconfiguration and recovery operation. Redundant parts'availability is improved, and redundant parts'quantity and the complexity of system are reduced. Further more, integral intrusion tolerance function and capability of the system are promoted too. Experiment validates that intrusion tolerance failure detection algorithm (ITFDA) could resolve miscarriage of justice problems because of network delay and information lose and have higher detection veracity. The intrusion tolerance system based on ITFDA could detect attack action and segregate intrusion, which could continually provide natural or degrade service. And the same time, the system building cost is greatly reduced and the complexity of system software is depressed because periodical failure detection improve utilization rate of redundancy nodes. Secondly, according to the PITSA-FD's structural characteristics, the new adaptive probability voting algorithm (APVA) is designed. Based on voting history of server copy, APVA account reliability probability of redundant nodes in each voting course. Right output is selected and failure server nodes are identified by setting up two vote thresholds. Comparing with traditional voting algorithm, experiment validate that APVA have higher reliability and security comparing with traditional majority voting algorithm, and at the same time, time overhead of voting account is less and APVA have the ability of shielding and identifying hostility data function.Thirdly, in allusion to secure access of key data in intrusion tolerance system, a Verifiable Secret Sharing scheme and a dynamic threshold Secret Sharing scheme are brought. Two schemes can choose secret share and validate honesty of sharing member. The latter yet sustain dynamic variety of secret sharing structure. Scheme analysis show that two schemes all could obtain the demand of security sharing of secret data in intrusion tolerance system and have favorable resistance offensive ability and prevention of frauds, furthermore, traffic and account are lesser.Lastly, paper analysis security and reliability of redundancy application server nodes bring on the effects of the PITS's integer intrusion tolerance function and capability, and expatiated building demands of node level intrusion tolerance policy. Based on Role Based Access Control (RBAC) model, system resources temper scheme based on task is adopted. By reconfiguration of system resources, natural service's performance is assured, and intrusion tolerance ability and service capability of redundant application server nodes are improved.