Abstract
We have built a system for protecting web servers to securely connected, known users that includes an innovative use of diversity for on-line attack identification. We are able to use attack identification to immediately protect the system without debilitating waits for anti-virus updates or software patches by positively verifying attacks with a sandbox. Unique to our approach is the use of diverse process pairs not only for isolation benefits but also for detection. The architecture uses the comparison of outputs from diverse applications to provide a significant and novel intrusion detection capability. With this technique, we gain the benefits of n-version programming without its controversial disadvantages. Diversity of applications also contributes to the isolation of intrusions by software, which is further improved by random rejuvenation.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35697-6_26
Chapter PDF
Similar content being viewed by others
References
H. Abdel-Shafi, E. Speight and J. Bennet, Efficient user-level thread migration and checkpointing on Windows NT clusters, Proceedings of the Third USENIX NT Symposium, Seattle, Washington, 1999.
A. Avizienis, The n-version approach to fault-tolerant software, IEEE Transactions on Software Engineering, vol. SE-22(12), pp. 1491–1501, 1985.
R. Balzer and N. Goldman, Mediating connectors, Proceedings of the Nineteenth IEEE International Conference on Distributed Computing Systems, Austin, Texas, pp. 73–77, 1999.
T. Barclay, J. Gray and D. Slutz, Microsoft terraserver: A spatial data warehouse, MS-TR-99–29, Microsoft Research, Advanced Technology Division, Redmond, Washington, 1999.
S. Brilliant, J. Knight and N. Leveson, Analysis of faults in an n-version software experiment, IEEE Transactions on Software Engineering,vol. SE-16(2), 1990.
M. Castro and B. Liskov, Practical Byzantine fault tolerance, Proceedings of the Third Symposium on Operating System Design and Implementation, New Orleans, Louisiana, 1999.
T. Dahbura, System-level diagnosis: A perspective for the third decade, in Concurrent Computations: Algorithms, Architecture and Technology, Tewksbury, Dickson and Schwartz (eds.), Plenum, pp. 411–434, 1988.
J. Gray and A. Reuter, Transaction Processing: Concepts and Techniques, Morgan-Kaufmann, 1993.
Y. Huang, P.E. Chung, C. Kintala, C.Y. Wang and D.R. Liang, NT-SwiFT: Software implemented fault tolerance on Windows NT, Proceedings of the Second USENIX NT Symposium, Seattle, Washington, pp. 47–54, 1998.
Hypertext Transfer Protocol-HTTP/1.1 (www.w3.org/Protocols/rfc2616/ rfc2616.html).
L. Lamport, R. Shostak and M. Pease, The Byzantine generals problem, ACM Transactions on Programming Languages and Systems, vol. 4 (3), pp. 382–401, 1982.
J. Plank, M. Beck, G. Kingsley and K. Li, Libckpt: Transparent check-pointing under Unix, Proceedings of the USENIX Winter Technical Conference, New Orleans, Louisiana, pp. 213–223, 1995.
F. Preparata, G. Metze and R.T. Chien, On the connection assignment problem of diagnosable systems, IEEE Transactions on Electronic Computers, vol. EC-16, pp. 848–854, 1967.
L. Spainhower and T. Gregg, IBM S/390 parallel enterprise server G5 fault tolerance: A historical perspective, IBM reprint 0018–8646 /99, 1999.
J. Strouji, P. Schuster, M. Bach and Y. Kuzmin, A transparent checkpoint facility on NT, Proceedings of the Second USENIX NT Symposium, Seattle, Washington, pp. 77–85, 1998.
L. Welch, B. Ravindran, B. Shirazi and C. Bruggeman, Specification and analysis of dynamic, distributed real-time systems, Proceedings of the Nineteenth IEEE Real-Time Systems Symposium, pp. 72–81, 1998.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Reynolds, J., Just, J., Lawson, E., Clough, L., Maglich, R. (2003). On-Line Intrusion Protection by Detecting Attacks with Diversity. In: Gudes, E., Shenoi, S. (eds) Research Directions in Data and Applications Security. IFIP — The International Federation for Information Processing, vol 128. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35697-6_19
Download citation
DOI: https://doi.org/10.1007/978-0-387-35697-6_19
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-6413-0
Online ISBN: 978-0-387-35697-6
eBook Packages: Springer Book Archive