Claims
- 1. A method for intrusion tolerance in a communication network, the method comprising:
operating the communication network in a good state in the absence of vulnerability to intrusion; entering a vulnerable state from the good state once the communication network becomes vulnerable to intrusion; entering an active attack state from the vulnerable state once the vulnerability is exploited; and entering a triage state from the active attack state to respond to the exploitation of the vulnerability by entering at least one of a fail-secure state in which the communication network ceases to function while preserving at least one of the integrity and confidentiality of data maintained by the communication network, a graceful degradation state in which only predefined essential services are maintained, a failed state in which the communication network ceases to function, and the good state.
- 2. The method of claim 1, further comprising the step of entering a masked compromised state from the active attack state to mask impact of the attack and provide transparent recovery to the good state.
- 3. The method of claim 1, further comprising the step of entering an undetected compromised state from the active attack state once the communication network is unable to recognize the active attack state.
- 4. The method of claim 1, further comprising the step of returning to the good state from the vulnerable state if the vulnerable state is detected before exploitation begins.
- 5. The method of claim 1, further comprising the step of returning to the good state from the fail-secure state by restoring services via manual intervention.
- 6. The method of claim 5, further comprising the step of reconfiguring the communication network to reduce the effectiveness of future attacks.
- 7. The method of claim 5, further comprising the step of evolving the communication network to reduce the effectiveness of future attacks.
- 8. The method of claim 1, further comprising the step of returning to the good state from the graceful degradation state by restoring services via manual intervention.
- 9. The method of claim 8, further comprising the step of reconfiguring the communication network to reduce the effectiveness of future attacks.
- 10. The method of claim 8, further comprising the step of evolving the communication network to reduce the effectiveness of future attacks.
- 11. The method of claim 1, further comprising the step of returning to the good state from the failed state by restoring services via manual intervention.
- 12. The method of claim 11, further comprising the step of reconfiguring the communication network to reduce the effectiveness of future attacks.
- 13. The method of claim 12, further comprising the step of evolving the communication network to reduce the effectiveness of future attacks.
- 14. A method for intrusion tolerance in a communication network, the method comprising:
operating the communication network in a good state in the absence of vulnerability to intrusion; screening for vulnerability to intrusion which would cause the communication network to transition to a vulnerable state; further securing the communication network to eliminate at least some of the vulnerabilities detected while screening the communication network so as to return the communication network to the good state; screening for exploitation of a vulnerability against which the communication network remains susceptible following any further securing of the communication network with the exploitation of the vulnerability causing the communication network to enter an active attack state; and responding to the exploitation of the vulnerability in at least one of the following manners:
recovering from the exploitation of the vulnerability and returning to the good state without degradation of the communication network; maintaining only predefined essential services of the communication network; ceasing operation of the communication network while preserving at least one of the integrity and confidentiality of the data maintained by the communication network; and ceasing operation of the communication network without assurance of at least one of the integrity and confidentiality of the data maintained by the communication network.
- 15. The method of claim 14, wherein responding to the exploitation of the vulnerability in at least one of the following manners further comprises recovering transparently by masking the impact of the attack.
- 16. The method of claim 14, further comprising the step of compromising the communication network when the screening for exploitation of a vulnerability fails to recognize an active attack.
- 17. The method of claim 14, wherein maintaining only predefined essential services of the communication network further comprises the step of returning to the good state by a manual restoration procedure.
- 18. The method of claim 17, wherein returning to the good state further comprises at least one of a reconfiguration procedure and an evolution procedure.
- 19. The method of claim 14, wherein ceasing operation of the communication network while preserving at least one of the integrity and confidentiality of the data maintained by the communication network further comprises the step of returning to the good state by a manual restoration procedure.
- 20. The method of claim 19, wherein returning to the good state further comprises at least one of a reconfiguration procedure and an evolution procedure.
- 21. The method of claim 14, wherein ceasing operation of the communication network without assurance of at least one of the integrity and confidentiality of the data maintained by the communication network further comprises the step of returning to the good state by a manual restoration procedure.
- 22. The method of claim 21, wherein returning to the good state further comprises at least one of a reconfiguration procedure and an evolution procedure.
- 23. An intrusion tolerant communication network capable of operating in a good state in the absence of vulnerability to intrusion, the communication network comprising:
a vulnerability detection element capable of screening for vulnerability to intrusion which would cause the communication network to transition to a vulnerable state; a security element capable of further securing the communication network to eliminate at least some of the vulnerabilities detected by said vulnerability detection element so as to return the communication network to the good state; a vulnerability exploitation detection element capable of screening for exploitation of a vulnerability against which the communication network remains susceptible with the exploitation of the vulnerability causing the communication network to enter an active attack state; and a triage element capable of responding to the exploitation of the vulnerability in at least one of the following manners:
recovering from the exploitation of the vulnerability and returning to the good state without degradation of the communication network; maintaining only predefined essential services of the communication network; ceasing operation of the communication network while preserving at least one of the integrity and confidentiality of the data maintained by the communication network; and ceasing operation of the communication network without assurance of at least one of the integrity and confidentiality of the data maintained by the communication network.
- 24. The network of claim 23, further comprising a masking element capable of masking the impact of an active attack that is determined by the vulnerability exploitation detection element.
- 25. The network of claim 23, wherein the triage element is capable of responding to the exploitation of the vulnerability by maintaining only predefined essential services of the communication network and returning the communication network to the good state by a manual restoration procedure.
- 26. The network of claim 25, wherein returning the communication network to the good state further comprises at least one of a reconfiguration procedure and an evolution procedure.
- 27. The network of claim 23, wherein the triage element that is capable of responding to the exploitation of the vulnerability by ceasing operation of the communication network while preserving at least one of the integrity and confidentiality of the data maintained by the communication network and returning the communication network to the good state by a manual restoration procedure.
- 28. The network of claim 27, wherein returning the communication network to the good state further comprises at least one of a reconfiguration procedure and an evolution procedure.
- 29. The network of claim 23, wherein the triage element that is capable of responding to the exploitation of the vulnerability by ceasing operation of the communication network without assurance of at least one of the integrity and confidentiality of the data maintained by the communication network and returning the communication network to the good state by a manual restoration procedure.
- 30. The method of claim 29, wherein returning the communication network to the good state further comprises at least one of a reconfiguration procedure and an evolution procedure.
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] The present application claims priority from U.S. Provisional Patent Application Serial No. 60/297,424 filed Jun. 11, 2001, the contents of which are herein incorporated by reference.
Provisional Applications (1)
|
Number |
Date |
Country |
|
60297424 |
Jun 2001 |
US |