| Intrusion tolerance acknowledges that the occurrence of attacks can't be avoided, and a system's security can't depend on the Firewalls and Intrusion Detection Systems completely. The emphasis of Intrusion tolerance is on the continuity of operation. In this context, effects are more important than causes because a system will have to deal with and survive an adverse effect long before a determination is made as to whether the cause was an malicious attack, or a accidental failure. Intrusion tolerance makes system more dependable. Even under any attack, the system may provide continuous service. If some parts of the system have been corrupted, it still provides degraded service.This paper designs a Intrusion Tolerant model for Distributed Web Servers (ITDW). This model provides COTS Web servers with intrusion tolerance ability. Its object is to assure the correct service of any correct request from logical consumers, even under some corrupting. It may be recovered or reconfigured from the corrupt part by intrusion responding and intrusion hiding. This design analyzes the proxy servers, Web servers and the security manager in detail. The emphasis includes the state change and validity checker of the proxy servers, the load balancer and the group agreement protocol of the Web servers. The communication between redundant and diversified Web severs make the ITDW system load balanced, and service agreed with each other. This design excludes the suspected parts as soon as possible, do some help to systems' dependability, continuity and recovery. |
PDF Full Text Request