15-03-2017, 11:44 AM
Intrusion tolerance is a fault tolerant design approach to defending information systems against malicious attacks. Abandoning the conventional goal of preventing all intrusions, tolerance to intrusion instead calls for activating mechanisms that prevent intrusions from leading to a system security breach.
The notion of handling-reacting, countering, recovering, masking-a wide set of faults that encompass malicious and intentional failures (intrusions), which can lead to a failure of the system's security properties if nothing is done to counteract its Effect on the state of the system.
• Instead of trying to avoid each intrusion, they are allowed, but tolerated.
• The system has the means to activate mechanisms that prevent the intrusion from generating a system failure.
• A new approach has emerged slowly over the last decade, and has gained impressive momentum recently: tolerance to intrusion.
That is, the notion of tolerance to a wide set of faults that encompass intentional and malicious failures (we can collectively call them intrusions), which can lead to failure of the system's security properties if nothing is done to react, counteract, Etc, the effect of intrusions on the state of the system. In short, instead of trying to avoid each intrusion, it is allowed, but tolerated: the system has the means to trigger mechanisms that prevent the intrusion from generating a system failure.
Security has traditionally involved:
- Trust that certain attacks will not occur
- Elimination of initially fragile software vulnerabilities
- Prevent attacks from leading to intrusions
In contrast, the tolerance paradigm in security:
- It assumes that the systems remain to some extent vulnerable
- Assume that attacks on components or subsystems can occur and some will succeed
- Ensures that the global system remains secure and operational.