| Intelligent Distributed Computing Department |
| Distributed Systems Technology Group Papers |
|
|
|
|
Probabilistic Validation of Intrusion Tolerance
Citation: W. H. Sanders, M. Cukier, F. Webber, P. Pal, and R. Watro. Digest of Fast Abstracts: The International Conference on Dependable Systems and Networks, Bethesda, Maryland, June 2002.
Formats: PDF
Abstract Intrusion tolerance is an emerging approach to security that aims to increase the likelihood that an application will be able to continue to operate correctly in spite of malicious attacks that may result in successful intrusions. Most traditional approaches to security validation have not been quantitative, instead focusing on specifying procedures that should be followed during the design of a system (e.g., the Security Evaluation Criteria [DOD85, ISO99]). When quantitative methods have been used, they have typically either been based on formal methods (e.g., [Lan81]), aiming to prove that certain security properties hold given a specified set of assumptions, or been quite informal, using a team of experts (often called a "red team," e.g. [Low01]) to try to compromise a system. An alternative approach has been to try to quantify, probabilistically, the behavior of an attacker and his impact on the ability of a system to provide certain security-related properties. In this extended abstract, we first (in Section 2) review existing probabilistic approaches. We then (in Section 3) describe work we are doing in this area, with the goal of creating a sound scientific basis for comparing alternative intrusion tolerance approaches quantitatively, and estimating the intrusion tolerance of particular approaches. Our main measure of security is application-level availability, which we define as a measure of correct delivery of service with respect to the alternation of correct and incorrect service [Lap91]. Realizing this goal will require work both in modeling and measurement, and the creation of guidelines for their application in intrusion tolerance approaches.
