research-article

The Design of a Generic Intrusion-Tolerant Architecture for Web Servers

Authors:

Ayda Saidane,

Vincent Nicomette,

Yves DeswarteAuthors Info & Claims

IEEE Transactions on Dependable and Secure Computing, Volume 6, Issue 1

Pages 45 - 58

https://doi.org/10.1109/TDSC.2008.1

Published: 01 January 2009 Publication History

Publisher Site

Abstract

Nowadays, more and more information systems are connected to the Internet and offer Web interfaces to the general public or to a restricted set of users. Such openness makes them likely targets for intruders, and conventional protection techniques have been shown insufficient to prevent all intrusions in such open systems. This paper proposes a generic architecture to implement intrusion-tolerant Web servers. This architecture is based on redundancy and diversification principles, in order to increase the system resilience to attacks: usually, an attack targets a particular software, running on a particular platform, and fails on others. The architecture is composed of redundant proxies that mediate client requests to a redundant bank of diversified COTS\footnote{Commercial Off The Shelf.} application servers. The redundancy is deployed here to increase system availability and integrity. To improve performance, adaptive redundancy is applied: the redundancy level is selected according to the current alert level. The architecture can be used for static servers, i.e., for Web distribution of stable information (updated off-line), as well as for fully dynamic systems where information updates are executed immediately on an on-line database. The feasibility of this architecture has been demonstrated by implementing an example of a travel agency Web server.

Cited By

View all

Mani GHaliem MBhargava BManickam IKochpatcharin KKim MVugrin EWang WJenkins CAngin PYu M(2023)Machine Learning Based Resilience Testing of an Address Randomization Cyber DefenseIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.323456120:6(4853-4867)Online publication date: 1-Nov-2023
https://dl.acm.org/doi/10.1109/TDSC.2023.3234561
Di Giandomenico FMasetti GChiaradonna S(2022)Redundancy–Based Intrusion Tolerance Approaches Moving from Classical Fault Tolerance MethodsInternational Journal of Applied Mathematics and Computer Science10.34768/amcs-2022-004832:4(701-719)Online publication date: 1-Dec-2022
https://dl.acm.org/doi/10.34768/amcs-2022-0048
Wang LZhang MJajodia SSinghal AAlbanese M(2022)Modeling Network Diversity for Evaluating the Robustness of Networks against Zero-Day AttacksComputer Security - ESORICS 201410.1007/978-3-319-11212-1_28(494-511)Online publication date: 10-Mar-2022
https://dl.acm.org/doi/10.1007/978-3-319-11212-1_28
Show More Cited By

Index Terms

The Design of a Generic Intrusion-Tolerant Architecture for Web Servers

Recommendations

Mitigating application-level denial of service attacks on Web servers: A client-transparent approach

Recently, we have seen increasing numbers of denial of service (DoS) attacks against online services and Web applications either for extortion reasons or for impairing and even disabling the competition. These DoS attacks have increasingly targeted the ...
On scalable and locality-aware web document sharing
Scalable web services and architecture

We propose a scalable Web document sharing infrastructure model called Browsers-Aware Proxy Server. In this design, a proxy server connecting to a group of networked clients maintains an index file of data objects of all clients' browser caches. If a ...
A Stateful Intrusion Detection System for World-Wide Web Servers
ACSAC '03: Proceedings of the 19th Annual Computer Security Applications Conference

Web servers are ubiquitous, remotely accessible, and oftenmisconfigured. In addition, custom web-based applicationsmay introduce vulnerabilities that are overlookedeven by the most security-conscious server administrators.Consequently, web servers are a ...

Comments

Information & Contributors

Information

Published In

cover image IEEE Transactions on Dependable and Secure Computing

IEEE Transactions on Dependable and Secure Computing Volume 6, Issue 1

January 2009

80 pages

ISSN:1545-5971

Issue’s Table of Contents

Publisher

IEEE Computer Society Press

Washington, DC, United States

Publication History

Published: 01 January 2009

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 26 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Mani GHaliem MBhargava BManickam IKochpatcharin KKim MVugrin EWang WJenkins CAngin PYu M(2023)Machine Learning Based Resilience Testing of an Address Randomization Cyber DefenseIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.323456120:6(4853-4867)Online publication date: 1-Nov-2023
https://dl.acm.org/doi/10.1109/TDSC.2023.3234561
Di Giandomenico FMasetti GChiaradonna S(2022)Redundancy–Based Intrusion Tolerance Approaches Moving from Classical Fault Tolerance MethodsInternational Journal of Applied Mathematics and Computer Science10.34768/amcs-2022-004832:4(701-719)Online publication date: 1-Dec-2022
https://dl.acm.org/doi/10.34768/amcs-2022-0048
Wang LZhang MJajodia SSinghal AAlbanese M(2022)Modeling Network Diversity for Evaluating the Robustness of Networks against Zero-Day AttacksComputer Security - ESORICS 201410.1007/978-3-319-11212-1_28(494-511)Online publication date: 10-Mar-2022
https://dl.acm.org/doi/10.1007/978-3-319-11212-1_28
Felemban MFelemban EKobes JGhafoor A(2019)Threat Management in Data-centric IoT-Based Collaborative SystemsACM Transactions on Internet Technology10.1145/332323219:3(1-19)Online publication date: 27-Aug-2019
https://dl.acm.org/doi/10.1145/3323232
Safavi-Naini RPoostindouz ALisy V(2018)Path HoppingSecurity and Communication Networks10.1155/2018/84758182018Online publication date: 7-May-2018
https://dl.acm.org/doi/10.1155/2018/8475818
Lee YLee SSeo HYoon CShin SYoon H(2018)DuoSecurity and Communication Networks10.1155/2018/67510422018Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1155/2018/6751042
Fraunholz DKrohmer DDuque Anton SSchotten HAlbanese MHuang D(2018)Catch Me If You CanProceedings of the 5th ACM Workshop on Moving Target Defense10.1145/3268966.3268970(31-39)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3268966.3268970
Okamoto T(2017)Design of a Lightweight Intrusion-Tolerant System for Highly Available ServersProcedia Computer Science10.1016/j.procs.2017.08.261112:C(2319-2327)Online publication date: 1-Sep-2017
https://dl.acm.org/doi/10.1016/j.procs.2017.08.261
Xu JGuo PZhao MErbacher RZhu MLiu PJajodia SSun K(2014)Comparing Different Moving Target Defense TechniquesProceedings of the First ACM Workshop on Moving Target Defense10.1145/2663474.2663486(97-107)Online publication date: 7-Nov-2014
https://dl.acm.org/doi/10.1145/2663474.2663486
Carter KRiordan JOkhravi HJajodia SSun K(2014)A Game Theoretic Approach to Strategy Determination for Dynamic Platform DefensesProceedings of the First ACM Workshop on Moving Target Defense10.1145/2663474.2663478(21-30)Online publication date: 7-Nov-2014
https://dl.acm.org/doi/10.1145/2663474.2663478
Show More Cited By

Abstract

Cited By

Index Terms

Recommendations

Mitigating application-level denial of service attacks on Web servers: A client-transparent approach

On scalable and locality-aware web document sharing

A Stateful Intrusion Detection System for World-Wide Web Servers

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Share

Share this Publication link

Share on social media

Affiliations