The IRMA Community
Newsletters
Research IRM
Click a keyword to search titles using our InfoSci-OnDemand powered search:
|
Intrusion Tolerance in Information Systems
Abstract
Today’s information systems are expected to be highly available and trustworthy — that is, they are accessible at any time a user wants to, they always provide correct services, and they never reveal confidential information to an unauthorized party. To meet such high expectations, the system must be carefully designed and implemented, and rigorously tested (for intrusion prevention). However, considering the intense pressure for short development cycles and the widespread use of commercial off-the-shelf software components, it is not surprising that software systems are notoriously imperfect. The vulnerabilities due to insufficient design and poor implementation are often exploited by adversaries to cause a variety of damages, for example, crashing of the system, leaking of confidential information, modifying or deleting of critical data, or injecting of erroneous information into a system. This observation prompted the research on intrusion tolerance techniques (Castro & Liskov, 2002; Deswarte, Blain, & Fabre, 1991; Verissimo, Neves, & Correia, 2003; Yin, Martin, Venkataramani, Alvisi, & Dahlin, 2003). Such techniques can tolerate intrusion attacks in two respects: (1) a system continues providing correct services (may be with reduced performance), and (2) no confidential information is revealed to an adversary. The former can be achieved by using the replication techniques, as long as the adversary can only compromise a small number of replicas. The latter is often built on top of secrete sharing and threshold cryptography techniques. Plain replication is often perceived to reduce the confidentiality of a system, because there are more identical copies available for penetration. However, if replication is integrated properly with secrete sharing and threshold cryptography, both availability and confidentiality can be enhanced.
Related Content
|
Socio-Cognitive Model of Trust
Rino Falcone and Cristiano Castelfranchi
(2005).
Encyclopedia of Information Science and Technology
(pp. 2534-2538).
View Details
View Sample PDF
|
|
The Social Context of Knowledge
Daniel Memmi
(2009).
Selected Readings on Information Technology Management: Contemporary Issues
(pp. 21-39).
View Details
View Sample PDF
|
|
Autopoietic Approach for Information System Development
El-Sayed Abou-Zeid
(2005).
Encyclopedia of Information Science and Technology
(pp. 200-204).
View Details
View Sample PDF
|
|
Change and Closeout Management
Daniel M. Brandon
(2006).
Project Management for Modern Information Systems
(pp. 234-247).
View Details
View Sample PDF
|
|
Complex Adaptive Enterprises
Anet Potgieter, Kurt April and Judith Bishop
(2005).
Encyclopedia of Information Science and Technology
(pp. 475-480).
View Details
View Sample PDF
|
|
|