Title :
Intrusion tolerant software architectures
Author :
Stavridou, Victoria ; Dutertre, Bruno ; Riemenschneider, R.A. ; Saïdi, Hassen
Author_Institution :
Syst. Design Lab., SRI Int., Menlo Park, CA, USA
Abstract :
The complexity of the software systems built today virtually guarantees the existence of security vulnerabilities. When the existence of specific vulnerabilities becomes known - typically as a result of detecting a successful attack - intrusion prevention techniques such as firewalls and anti-virus software seek to prevent future attackers from exploiting these vulnerabilities. However, vulnerabilities cannot be totally eliminated, their existence is not always known and preventing mechanisms cannot always be built. Intrusion tolerance is a new concept, a new design paradigm, and potentially a new capability for dealing with residual security vulnerabilities. In this article, we describe our initial exploration of the hypothesis that intrusion tolerance is best designed and enforced at the software architecture level
Keywords :
security of data; software architecture; anti-virus software; design paradigm; firewalls; intrusion prevention techniques; intrusion-tolerant software architectures; residual security vulnerabilities; software system complexity; Buildings; Computer architecture; Contracts; Fault detection; Intrusion detection; Laboratories; National security; Protection; Software architecture; Software systems;
Conference_Titel :
DARPA Information Survivability Conference & Exposition II, 2001. DISCEX '01. Proceedings
Conference_Location :
Anaheim, CA
Print_ISBN :
0-7695-1212-7
DOI :
10.1109/DISCEX.2001.932175
