Building and Validating Intrusion-Tolerant Distributed Systems
This talk provides an infrastructure for building intrusion-tolerant and dependable distributed systems and a methodology for validating the survivability of the infrastructure using probabilistic modeling. The architecture described provides intrusion-tolerant and dependable services through security domains, replication, and diversity, where the type and degree of replication is managed dynamically, depending on the needs of applications. The architecture uses middleware to provide fault- and intrusion-tolerance mechanisms and group communication services to distributed applications transparently as directed by an application. The architecture thus raises the level of abstraction at which a programmer thinks about impairments to service higher, allowing an application programmer high-level control over the type of attacks and faults that should be tolerated and the level of survivability desired from a remote object or processes. The validation is done using a set of stochastic activity network models and the Mobius Modeling tool. The talk argues that intrusion tolerance is an effective way to build survivable and secure systems, and that probabilistic modeling is an effective means to quantifying their survivability.