一种基于入侵容忍的可生存系统设计方案

AN INTRUSION-TOLERANT BASED SCHEME FOR SURVIVABLE SYSTEM DESIGN

与传统的防火墙和入侵检测技术不同,入侵容忍考虑的是在入侵不可避免的情况下系统的生存能力,因此更符合可生存系统的设计要求。提出一种基于入侵容忍技术的系统设计方案,利用容错技术保证系统关键服务的连续性。采用主动秘密共享技术取得了系统中关键数据的机密性和可用性的折衷,使得系统在攻击和故障已发生的情况下,具有较强的可生存性。

Different from the traditional firewall and intrusion detection techniques,intrusion tolerance focuses on the survivability of system on condition that intrusion is somehow inevitable, thus preferably meeting the design requirements of the survivable system. A scheme based on intrusion tolerance for system design is proposed, which guarantees the continuity of key services by fault-tolerant techniques, and meanwhile, obtains the tradeoff between confidentiality and availability of key data by proactive secret sharing, so that the system can process high surviva- bility under attacks and faults.