Analysis of techniques for building intrusion tolerant server systems

The theme of intrusion detection systems (IDS) is detection because prevention mechanisms alone are not guaranteed to keep intruders out. The research focus of IDS is therefore on how to detect as many attacks as possible, as soon as we can, and at the same time to reduce the false alarm rate. However, a growing recognition is that a variety of mission critical applications need to continue to operate or provide a minimal level of services even when they are under attack or have been partially compromised; hence the need for intrusion tolerance. The goal of this paper is to identify common techniques for building highly available and intrusion tolerant server systems and characterize with examples how various techniques are applied in different application domains. Further, we want to point out the potential pitfalls as well as challenging open research issues which need to be addressed before intrusion tolerant systems (ITS) become prevalent and truly useful beyond a specific range of applications.