Towards Practical Intrusion Tolerant Systems
Information and Communications Technologies
In this paper, we present the blueprint of a novel middleware infrastructure that can be used to build mission-critical systems with increased resiliency against intrusion attacks. The infrastructure is designed to be practical and it imposes a well-defined structure on the application by adhering the principle of the separation of concerns: (1) the processing of each application request is carried out at a single execution node, and if the execution node becomes faulty, another node can take over immediately; (2) the state of the server is replicated transparently across a pool of state replicas, and a novel append-only strategy is used so that not only the state is protected against hardware failures, it is resilient to attacks aimed to cause state corruption and destruction; (3) the fault monitoring, execution and state integrity checking, and system configuration management are carried out by distinct components which by themselves are replicated.
Zhao, Wenbing, "Towards Practical Intrusion Tolerant Systems" (2013). Electrical Engineering & Computer Science Faculty Publications. 269.