Research And Design Of Web Server Intrusion-Tolerant System

Recently, network intrusion becames more and more frequent with the wide application of distributed networks.Since web services have become an important and essential business tool recently, web service disruptions can cause serious damage such as business loss due to reduced access, restoration costs, and degradation of company credibility.Intrusion detection mechanisms have been proposed to protect critical web services.However, it is almost impossible to eliminate all the vulnerabilities of web services and computer networks because of rapid advances in attack technologies.According to CSI/FBI reports, 95 percent of organizations have firewalls, 61 percent of them have Intrusion Detection System(IDS), and 90 percent of them use access control, but still attacks could penetrate the systems.This indicates the at both intrusion detection mechanisms and intrusion blocking mechanisms apparently have limited capabilities.To overcome the limitation of intrusion tolerant systems(ITS), another mechanisms may be needed.Intrusion tolerance is one of the new techniques of using fault tolerance to achieve security properties. It is an emerging approach to build survivable systems in recognizing that no system will be absolutely exempt from intrusions, and is considered as the ultimate defence of the information system.Instead of focusing on intrusion prevention, it assumes that system vulnerabilities cannot be totally eliminated, and that external attackers or malicious insiders will identify and exploit these vulnerabilities and make illicit access to the system. Its aim is to design systems with the capacity to fulfil tis primary missions in the presence of intrusion or partial compromising.A recent survey of the ITS and intrusion tolerance technology is given firstly in the dissertation, then problems of ITS are studied and systemic conclusions are achieved.This thesis is concerned with the design and construction of the intrusion-tolerant systems.Some relevant models and systems design are presented in this thesis, intrusion tolerating Byzantine servers, and a novel approach to adaptive secure communication on distributed environment. Besides, we focused on the design of technique, one of the most important building blocks in the architecture of a range of different intrusion tolerant system.This thesis makes several contributions, including:1) SITAR (Salable Intrusion-tolerant Architecture for Distributed Services) is our proposed architecture which aim to overcome above problems and provide a framework to build intrusion tolerant system for distributed services. It has the following novel aspects: (a) We focus on one generic class of services (network-distributed services built from COTS components) as target of protection. Specially, we discuss the framework under web service context to make our presentation tangible. (b) Two specific challenges are addressed in this architecture. The first one is how some of the very basic techniques of fault tolerance (e. g. , redundancy and diversity) apply to our target. The second is how we deal with the external attacks and compromised components , which exhibit very unpredictable behavior compared to accidental or planted faults. (c) Our dynamic reconfiguration strategies will be based on intrusion tolerant model built within the architecture.2) This paper design an intrusion-tolerant web server, which is also introduced. The objective of this architecture is to support fault- and intrusion-tolerant services based on the state machine approach. This system uses a set of intrusion tolerant protocols based on the TTCB(Trusted Timely Computing Base ), a secure and synchronous distributed component. By using of redundancy and adaptation, the secure communication system can dynamically reconfigure its security policy on per session basis, based on the awareness of system's current security situation, resources available, configuration, and the user's preference, thereby achieve a better tradeoff in system's security and performance. Also, the details of building blocks of adaptive secure communication system are discussed, with the emphasis on the design of the system's security situation assessment framework by test TTCB safety and functional。This system design refer to SITAR, especially COTS servers. An intrusion tolerant system assumes that attacks will happen, and some will be successful. However, a wide range of mission critical applications need to provide continuous service despite active attacks or partial compromise. This design emphasizes on continuity of operation. It strives to mitigate the effects of both known and unknown attack.We make use techniques of fault tolerant computing, specifically redundancy , diversity , acceptance test , as well as adaptive reconfiguration. Our architecture consists of any components that work together to extend the fault tolerance capability of COTS servers. In addition, the architecture provides mechanisms to audit the COTS servers and internal components for signs of compromise. The auditing as well as adaptive reconfiguration components evaluate the environment threats, identify potential sources of compromise and adaptively generate new configurations for the system.This system reports on the first implementation of an intrusion-tolerant replicated service based on the TTCB. The solution proposed requires no modifications either on the clients or the servers, which are respectively web browsers and standard web servers. An evaluation of the performance of the replicated web server is provided.3) The adaptation module and its algorithms are core parts of an intrusion tolerant system。In this paper research on adaptation techniques for ITS。In the next sections, we explain adaptation mechanisms and policies, and then compare our proposed techniques against other is approaches。So it can be realized simply, and has higher efficiency. At the same time, in order to improve the survive of intrusion tolerant system, the system also uses reconfiguration strategies to better adaptability and resilienceIn the aspect of self regeneration technology , we thinks this technology will extend the existed intrusion tolerance technologies based on graceful degradation and overcoming its disadvantages of being failed with ceaselessly degrading.4) A method to realize practical proactive secret sharing in asynchronous networks with unreliable links is proposed. Introduction of TTCB that assured on the safe side communication. And, the reliable communications between participants is yields by the development of a reliable message transmit protocol, which is designed by using the mechanisms of messages redundant transmission and authenticated acknowledge. The results show that our schemes are correct and perfect while do not loss of communicating and computing performances.