| Intrusion-tolerance is the technique of using fault-tolerance to achieve securityproperties. It is an emerging approach to build survivable systems in recognizing that nosystem will be absolutely exempt from intrusions, and is considered as the ultimatedefense of the information systems. Instead of focusing on intrusion prevention, itassumes that system vulnerabilities cannot be totally eliminated, and that externalattackers or malicious insiders will identify and exploit these vulnerabilities and gainillicit access to the system. Its aim is to design systems with the capacity to fulfill itsprimary missions in the presence of intrusion or partial compromising. The toleranceparadigm in security has deserved great attention recently.This thesis is concerned with the design and construction of the intrusion-tolerantsystems. Some relevant models and systems design are presented in this thesis,including a services-oriented intrusion-tolerant model, a computationally secure andintrusion-tolerant Trusted-Third-Party system design, a protocols suite for distributeddata storage based on Tornado Codes tolerating Byzantine servers, and a novelapproach to adaptive secure communication on distributed environment. Besides, wefocused on the design of practical Secret Sharing scheme, one of the most importantbuilding blocks in the architecture of a range of different intrusion tolerant system.This thesis makes several contributions, including:1. Focusing on the effects of intrusion, which can be represented as the fails ofcomponents and function of the systems, a Services Oriented Intrusion-tolerant model ispresented, its framework and main building blocks are discussed, some fundamentalconcepts and principles of this model are introduced and summarized. Furthermore, afine-grained dynamical information security architecture through defense in depth withthree tier is proposed.2. We propose an efficient secret sharing scheme realizing generalized adversarystructure, and prove that the scheme satisfy both properties of the secret sharing scheme,i.e. the reconstruction property and the perfect property. The main features of thisscheme are that it performs modular additions and subtractions only, and that each shareappears in multiple share sets and is thus replicated. The former is an advantage in termsof computational complexity, and the latter is an advantage when recovery of somecorrupted participants is necessary. So our scheme can achieve lower computation costand higher availability. Some reduction on the scheme also is done in finally, based onan equivalence relation defined over adversary structure. Analysis shows that reducedscheme still preserves the properties of original one. Also, according to the designmethodology of above scheme, an improvement on some existing secret sharing schemerealizing graph-based prohibited structure is done.3. A method to realize practical proactive secret sharing in asynchronous networkswith unreliable links is proposed. The asynchronous PSS is obtained by introducing aconcept of time phase, which is defined not only in term of protocol events, but also intimings of all participants. Based on this concept, the states and their transitions ofasynchronous PSS is characterized. And, the reliable communications betweenparticipants is yields by the development of a reliable message transmit protocol, whichis designed by using the mechanisms of messages redundant transmission andauthenticated acknowledge. The results show that our schemes are correct and perfectwhile do not loss of communicating and computing performances.4. An original approach to establish a computationally secure and intrusion-tolerantTrusted-Third-Party system is presented, which is built on known verifiable secretsharing schemes knowledge proof techniques. Analysis shows that under theassumption of a Diffie-Hellman decisional problem, an adversary gets zero knowledgeabout the secret of the system, and in the random oracle model, an active adversarycannot impersonate successfully. By conducting a number of experiments in thefault-free case and various fault scenarios, we show that it has an acceptableperformance of practicability. Finally, with the use of Object Z, a formal language forsystem specification in an object-oriented style, we take this intrusion-tolerantTrusted-Third-Party system as an example to describe the components needed toformalize of an intrusion-tolerant system in the Object Z formalism, and illustrates howthese components can be combined via inheritance to produce complete model ofintrusion-tolerant system.5. A protocols suite for distributed data storage based on Tornado Codes toleratingByzantine servers is proposed, which is running on the client-server mode, andguarantee that the process of storing the information is correct even when some of theservers fail. We also consider some additional security requirement of the system, suchas integrity, privacy, and authentication. Among them, integrity is achieved by using thecryptographic tool called "distributed fingerprint", which is the concatenation of thehash values of all the data fragments encoded by the Tornado Codes;Privacy of the datais guaranteed by combination use of the symmetric cryptosystem and thresholdcryptosystem;authentication is obtained by using the intrusion-tolerantTrusted-Third-Party model to authorize the write/read handles to the user when he/sherequest an legal access to the system.6. A novel approach to adaptive secure communication on distributed environmentis proposed, in which the adaptive is driven by multi-sources, including threat,performance, etc. By using of redundancy and adaptation, the secure communicationsystem can dynamically reconfigure its security policy on per session basis, based onthe awareness of system's current security situation, resources available, configuration,and the user's preference, thereby achieve a better tradeoff in system's security andperformance. Also, the details of building blocks of adaptive secure communicationsystem are discussed, with the emphasis on the design of the system's security situationassessment framework by using Dempster-Shafer's (D-S) Evidential Reasoning Theory,and a security policy mechanism decision making model based on the AnalyticHierarchy Process.
|
PDF Full Text Request