Design of Intrusion Tolerance System based on Service Redundancy Level

The Internet is an open space where a great number of computer systems are connected. Since many services are provided through the Internet, malicious users can easily intrude on any of those systems by using the vulnerabilities of the Internet. Although Intrusion Detection and Prevention System (IDPS) can be used to defend against such malicious activities, it is not always possible to completely protect a targeted system against the attacks. For this reason, Intrusion Tolerance Systems (ITS) has been proposed to maintain services even in threatening environments, where some malicious attacks have intruded into a system successfully. In this paper, we propose a new ITS based upon maintaining a service redundancy level to ensure that all services are properly provided to users even if a malicious intrusions such as VM (virtual machine) escape attack exists. The simulation results show that the proposed scheme can guarantee the operation of every ongoing service by maintaining the service redundancy level of all services.