Characterizing Intrusion Tolerant Systems Using a State Transition Model

Intrusion detection and response research has so far mostly concentrated on known and well-defined attacks. The authors believe that this narrow focus of attacks accounts for both the successes and limitation of commercial in Intrusion Detection Systems (IDS). Intrusion tolerance, on the other hand, is inherently tied to functions and services that require protection. This paper presents a state transition model to describe the dynamic behavior of intrusion tolerant systems. This model provides a framework from which one can define the vulnerability and the threat set to be addressed. The authors also show how this model helps one to describe both known and unknown security exploits by focusing on impacts rather than specific attack procedures.