SITAR: A scalable intrusion-tolerant architecture for distributed services

This paper presents a intrusion tolerant architecture for distributed services, especially COTS servers. An intrusion tolerant system assumes that attacks will happen, and some will be successful. However, a wide range of mission critical applications need to provide continuous service despite active attacks or partial compromise. The proposed architecture emphasizes on continuity of operation. It strives to mitigate the effects of both known and unknown attack. We make use techniques of fault tolerant computing, specifically redundancy, diversity, acceptance test, textitvoting - , as well as adaptive reconfiguration. Our architecture consists of five functional components that work together to extend the fault tolerance capability of COTS servers. In addition, the architecture provides mechanisms to audit the COTS servers and internal components for signs of compromise. The auditing as well as adaptive reconfiguration components evaluate the environment threats, identify potential sources of compromise and adaptively generate new configurations for the system.