摘要
分析了入侵与故障的区别,指出在安全领域直接使用容错方法将存在模型上的不可行性.提出了一种面向特定服务的容忍入侵方法,这种方法关注的是入侵的结果而不是入侵本身,即在保证系统功能连续的情况下,利用门限密码以及大数表决等技术检测入侵的存在,然后用容错技术重构和恢复受攻击的系统.详细介绍了这种面向特定服务的容忍入侵方法的信任模型、系统架构及设计,讨论了有关的几个研究方向.
It is infeasible to apply fault-tolerant directly in the security paradigm. A novel method of intrusion tolerant-specific services-oriented method is presented. It can integrate the fault tolerant into security paradigm. The traditional fault tolerant method focuses on the causes and existence of fault, and so can deal with unknown intrusion. In this method, both verifiable secret sharing and major voting are used to detect the effects of intrusion and fault-tolerant approaches. Its model and architecture are presented and some further research directions are introduced.
出处
《郑州大学学报(理学版)》
CAS
2004年第2期62-66,共5页
Journal of Zhengzhou University:Natural Science Edition
基金
国家自然科学重大计划资划项目
编号 90204012
国家863计划资助项目
编号 2002AA143021