Specifying and using intrusion masking models to process distributed operations

Meng Yu, Peng Liu, Wanyu Zang

Research output: Contribution to journalArticle

Abstract

It is important for critical applications to provide critical services without any integrity or availability degradation in the presence of intrusions. This requirement can be satisfied by intrusion masking techniques under some situations. Compared with intrusion tolerance techniques, where some integrity or availability degradations are usually caused, intrusion masking techniques use substantial replications to avoid such degradations. Existing intrusion masking techniques, such as the state machine approach, can effectively mask intrusions when processing requests from a client using a server replica group, but they are fairly limited in processing a (multi-stage) distributed operation across multiple server replica groups. As more and more applications (e.g., supply chain management, distributed banking) need to process distributed operations in an intrusion-masking fashion, it is in urgent need to overcome the limitations of existing intrusion masking techniques. In this paper, we specify and compose two intrusion-masking models for inter-replica-group distributed computing. Using these two models, a variety of applications can mask (numerous kinds of) intrusions. Our intrusion masking models overcome the limitations of existing intrusion masking techniques. The survivability of our intrusion-masking models is quantitatively analyzed. A simple yet practical implementation method of our intrusion-masking models is proposed and applied to build two intrusion-masking two-phase-commit (2PC) protocols, and the corresponding efficiency is analyzed. The two intrusion-masking 2PC protocols and the analysis results show that the proposed intrusion-masking models have good utility, practicality, and survivability. Finally, the composition methodology developed in this paper can also be used to develop other intrusion-masking distributed computing models.

Original languageEnglish (US)
Pages (from-to)623-658
Number of pages36
JournalJournal of Computer Security
Volume13
Issue number4
DOIs
StatePublished - Jan 1 2005

Fingerprint

Distributed computer systems
Degradation
Masks
Servers
Availability
Network protocols
Supply chain management
Processing
Chemical analysis

All Science Journal Classification (ASJC) codes

  • Software
  • Safety, Risk, Reliability and Quality
  • Hardware and Architecture
  • Computer Networks and Communications

Cite this

@article{10cb47ce57c8440c8562c54893036538,
title = "Specifying and using intrusion masking models to process distributed operations",
abstract = "It is important for critical applications to provide critical services without any integrity or availability degradation in the presence of intrusions. This requirement can be satisfied by intrusion masking techniques under some situations. Compared with intrusion tolerance techniques, where some integrity or availability degradations are usually caused, intrusion masking techniques use substantial replications to avoid such degradations. Existing intrusion masking techniques, such as the state machine approach, can effectively mask intrusions when processing requests from a client using a server replica group, but they are fairly limited in processing a (multi-stage) distributed operation across multiple server replica groups. As more and more applications (e.g., supply chain management, distributed banking) need to process distributed operations in an intrusion-masking fashion, it is in urgent need to overcome the limitations of existing intrusion masking techniques. In this paper, we specify and compose two intrusion-masking models for inter-replica-group distributed computing. Using these two models, a variety of applications can mask (numerous kinds of) intrusions. Our intrusion masking models overcome the limitations of existing intrusion masking techniques. The survivability of our intrusion-masking models is quantitatively analyzed. A simple yet practical implementation method of our intrusion-masking models is proposed and applied to build two intrusion-masking two-phase-commit (2PC) protocols, and the corresponding efficiency is analyzed. The two intrusion-masking 2PC protocols and the analysis results show that the proposed intrusion-masking models have good utility, practicality, and survivability. Finally, the composition methodology developed in this paper can also be used to develop other intrusion-masking distributed computing models.",
author = "Meng Yu and Peng Liu and Wanyu Zang",
year = "2005",
month = "1",
day = "1",
doi = "10.3233/JCS-2005-13402",
language = "English (US)",
volume = "13",
pages = "623--658",
journal = "Journal of Computer Security",
issn = "0926-227X",
publisher = "IOS Press",
number = "4",

}

Specifying and using intrusion masking models to process distributed operations. / Yu, Meng; Liu, Peng; Zang, Wanyu.

In: Journal of Computer Security, Vol. 13, No. 4, 01.01.2005, p. 623-658.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Specifying and using intrusion masking models to process distributed operations

AU - Yu, Meng

AU - Liu, Peng

AU - Zang, Wanyu

PY - 2005/1/1

Y1 - 2005/1/1

N2 - It is important for critical applications to provide critical services without any integrity or availability degradation in the presence of intrusions. This requirement can be satisfied by intrusion masking techniques under some situations. Compared with intrusion tolerance techniques, where some integrity or availability degradations are usually caused, intrusion masking techniques use substantial replications to avoid such degradations. Existing intrusion masking techniques, such as the state machine approach, can effectively mask intrusions when processing requests from a client using a server replica group, but they are fairly limited in processing a (multi-stage) distributed operation across multiple server replica groups. As more and more applications (e.g., supply chain management, distributed banking) need to process distributed operations in an intrusion-masking fashion, it is in urgent need to overcome the limitations of existing intrusion masking techniques. In this paper, we specify and compose two intrusion-masking models for inter-replica-group distributed computing. Using these two models, a variety of applications can mask (numerous kinds of) intrusions. Our intrusion masking models overcome the limitations of existing intrusion masking techniques. The survivability of our intrusion-masking models is quantitatively analyzed. A simple yet practical implementation method of our intrusion-masking models is proposed and applied to build two intrusion-masking two-phase-commit (2PC) protocols, and the corresponding efficiency is analyzed. The two intrusion-masking 2PC protocols and the analysis results show that the proposed intrusion-masking models have good utility, practicality, and survivability. Finally, the composition methodology developed in this paper can also be used to develop other intrusion-masking distributed computing models.

AB - It is important for critical applications to provide critical services without any integrity or availability degradation in the presence of intrusions. This requirement can be satisfied by intrusion masking techniques under some situations. Compared with intrusion tolerance techniques, where some integrity or availability degradations are usually caused, intrusion masking techniques use substantial replications to avoid such degradations. Existing intrusion masking techniques, such as the state machine approach, can effectively mask intrusions when processing requests from a client using a server replica group, but they are fairly limited in processing a (multi-stage) distributed operation across multiple server replica groups. As more and more applications (e.g., supply chain management, distributed banking) need to process distributed operations in an intrusion-masking fashion, it is in urgent need to overcome the limitations of existing intrusion masking techniques. In this paper, we specify and compose two intrusion-masking models for inter-replica-group distributed computing. Using these two models, a variety of applications can mask (numerous kinds of) intrusions. Our intrusion masking models overcome the limitations of existing intrusion masking techniques. The survivability of our intrusion-masking models is quantitatively analyzed. A simple yet practical implementation method of our intrusion-masking models is proposed and applied to build two intrusion-masking two-phase-commit (2PC) protocols, and the corresponding efficiency is analyzed. The two intrusion-masking 2PC protocols and the analysis results show that the proposed intrusion-masking models have good utility, practicality, and survivability. Finally, the composition methodology developed in this paper can also be used to develop other intrusion-masking distributed computing models.

UR - http://www.scopus.com/inward/record.url?scp=27144542727&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=27144542727&partnerID=8YFLogxK

U2 - 10.3233/JCS-2005-13402

DO - 10.3233/JCS-2005-13402

M3 - Article

AN - SCOPUS:27144542727

VL - 13

SP - 623

EP - 658

JO - Journal of Computer Security

JF - Journal of Computer Security

SN - 0926-227X

IS - 4

ER -