In this paper, we describe and analyze the hypothesis about intrusiontolerance software system, so that it can provide an intended server capability and deal with theimpacts caused by the intruder exploiting the inher...In this paper, we describe and analyze the hypothesis about intrusiontolerance software system, so that it can provide an intended server capability and deal with theimpacts caused by the intruder exploiting the inherent security vulnerabilities. Wepresent someintrusion tolerance technology by exploiting N-version module threshold method in constructingmultilevel secure software architecture, by detecting with hash value, by placing an 'antigen' wordnext to the return address on the stack thatis similar to human immune system, and by adding 'Honeycode' nonfunctional code to disturb intruder, so that the security and the availability of thesoftware system are ensured.展开更多
ISDTM, based on an augmented Allen's interval temporal logic (ITL) and first-order predicate calculus, is a formal temporal model for representing intrusion signatures. It is augmented with some real time extensio...ISDTM, based on an augmented Allen's interval temporal logic (ITL) and first-order predicate calculus, is a formal temporal model for representing intrusion signatures. It is augmented with some real time extensions which enhance the expressivity. Intrusion scenarios usually are the set of events and system states, where- the temporal sequence is their basic relation. Intrusion signatures description, therefore , is to represent such temporal relations in a sense. While representing these signatures, ISDTM decomposes the intrusion process into the sequence of events according to their relevant intervals, and then specifies network states in these Intervals. The uncertain intrusion signatures as well as basic temporal modes of events, which consist of the parallel mode, the sequential mode and the hybrid mode, can be succinctly and naturally represented in ISDTM. Mode chart is the visualization of intrusion signatures in ISDTM, which makes the formulas more readable. The intrusion signatures descriptions in ISDTM have advantages of compact construct, concise syntax, scalability and easy implementation.展开更多
基金Supported by the National Natural Science Foun dation of China (90104005,60373087, 60473023),the Ph. D Pro grams Foundation of Ministry of Education of China(20020486046)
文摘In this paper, we describe and analyze the hypothesis about intrusiontolerance software system, so that it can provide an intended server capability and deal with theimpacts caused by the intruder exploiting the inherent security vulnerabilities. Wepresent someintrusion tolerance technology by exploiting N-version module threshold method in constructingmultilevel secure software architecture, by detecting with hash value, by placing an 'antigen' wordnext to the return address on the stack thatis similar to human immune system, and by adding 'Honeycode' nonfunctional code to disturb intruder, so that the security and the availability of thesoftware system are ensured.
基金the National Natural Science Foundation of China(60073074)
文摘ISDTM, based on an augmented Allen's interval temporal logic (ITL) and first-order predicate calculus, is a formal temporal model for representing intrusion signatures. It is augmented with some real time extensions which enhance the expressivity. Intrusion scenarios usually are the set of events and system states, where- the temporal sequence is their basic relation. Intrusion signatures description, therefore , is to represent such temporal relations in a sense. While representing these signatures, ISDTM decomposes the intrusion process into the sequence of events according to their relevant intervals, and then specifies network states in these Intervals. The uncertain intrusion signatures as well as basic temporal modes of events, which consist of the parallel mode, the sequential mode and the hybrid mode, can be succinctly and naturally represented in ISDTM. Mode chart is the visualization of intrusion signatures in ISDTM, which makes the formulas more readable. The intrusion signatures descriptions in ISDTM have advantages of compact construct, concise syntax, scalability and easy implementation.
