Date Added: May 2009
Emerging software technologies such as SOA, cloud computing and semantic web are challenging some of the assumptions made in the existing designs of intrusion tolerant systems. This paper provides an analysis of the changing landscape, describes the newly introduced risks and vulnerabilities, and briefly outlines research efforts that may point the way forward. Experience shows that attacks may never be completely prevented, and some attacks may not be detected accurately and on time. Consequently, intrusion tolerance, combining aspects of protection, detection and reaction, is currently considered the optimal way to address information security challenges.