| Recently, network intrusion becomes more and more frequent with the wide application of computer network and distributed system, computer network security problem has become the focus of attention. Traditional security techniques such as intrusion prevention and detection couldn't implement any system that can resist all the faults and intrusions. Whereas these faults and intrusions are allowed in the intrusion tolerant technique, but tolerated: the system triggers tolerant mechanisms that can prevent the intrusions from generating security threats to the system. This new technique has got more and more attention.Intrusion tolerance is a novel network security technique which combines cryptology theory and fault-tolerant technique. It is the core of the 3rd generation information security technique "network survivability technique", which was presented by DARPA. Different from the traditional security techniques, intrusion tolerance is a proactive technique. It aims to design a system with the capacity to maintain the integrity, confidentiality and availability of the critical data and services even in the presence of the intrusion or partial compromising.Replication technique and voting mechanism are the two critical techniques for implementing the intrusion tolerant system and enhancing the reliability, dependability and availability of the whole system. After consulting massive related references, this thesis has conducted thorough research to these two kinds of techniques and made some improvements. Firstly, by conducting the research to the replication technique, a technique of semi-active replication based on service (SARBS) for realizing the service-level intrusion tolerance was presented, which based on the analysis of the active replication and passive replication and combining with the target of the intrusion tolerant system. Then the corresponding system model was given, the protocol of the technique above was implemented and then the qualitative analysis was stated. Secondly, the voting mechanism was studied. After analyzing the deficiencies of the common voting technique "formalized majority voting", the concept of the replica's reliable weight was presented. Then some improvements was made to the constraint conditions when the formalized majority voting algorithm output the results based on the concept above, the improved algorithm was more satisfied to the requirements of the intrusion tolerant system. Finally, the experiment was done for verifying the improved algorithm. The experimental results and performance analysis show that the improved algorithm reduces the waiting time for voting and raises the success ratio of the voting. |
PDF Full Text Request