Many information systems that provide useful services to people are connected to the Internet for convenience and efficiency. However, improper accessibility might make the systems susceptible to a variety of attacks. Although existing security solutions such as an intrusion detection system, intrusion prevention system, and firewalls have been designed to protect against such attacks, it is impossible to block all kinds of attacks. Furthermore, most of the proposed solutions require information about attacks for efficient prevention. Research on intrusion-tolerant systems (ITSs) have been conducted in order to continue providing proper services in threatening environments. The purpose of an ITS is to survive against every intrusion, rather than to prevent them. In this paper, previous studies on ITS are introduced and classified according to the centric scheme as middleware-based ITS, hardware-based ITS, and recovery-based ITS. Recent research focusing on adaptive transformation schemes is also introduced.Jungmin Lim received a master degree in electronic engineering and engineering from Seoul National University, Korea, in 2005. He is currently working toward Ph.D. degree in computer science from Korea Advanced Institute of Science and Technology, Korea. His main researches include the system security, especially intrusion tolerant system based on adaptive cluster transformation and historical data.
Dongyoung KooDongyoung Koo received the B.S. degree in computer science from Yonsei University in 2009, and the M.S. degree in computer science from KAIST in 2012. His research interests include information security, secure cloud computing, and cryptography.
Improvements in networking technologies have provided users with useful information services. Such information services may bring convenience and efficiency, but might be accompanied by vulnerabilities to a variety of attacks. Therefore, a variety of research to enhance the security of the systems and get the services at the same time has been carried out. Especially, research on intrusion-tolerant systems (ITSs) has been conducted in order to survive against every intrusion, rather than to detect and prevent them. In this paper, an ITS based on effective resource conversion (ERC) is presented to achieve the goal of intrusion-tolerance. Instead of using the fixed number of virtual machines (VMs) to process requests and recover as in conventional approaches, the ITS based on ERC can transform the assigned resources depending on the system status. This scheme is proved to maintain a certain level of quality of service (QoS) and quality of security service (QoSS) in threatening environments. The performance of ERC is compared with previous studies on ITS by CSIM 20, and it is verified that the proposed scheme is more effective in retaining a specific level of QoS and QoSS.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.