Virtualization-based Recovery Approach for Intrusion Tolerance

It is well known that increasing redundancy in a system generally improves the availability and dependability of the system. In this study, we present a Virtualization-based Recovery for Intrusion Tolerance (VRIT) architecture that strengthens cluster’s availability and dependability through periodic and event-driven recovery. By periodically reverting each virtual server to a pristine state, the VRIT cluster can limit the online exposure time of all servers, ensuring that even undetected attacks will be thwarted or at least be limited. Anomaly detection engines are installed in every virtual server to enable event-driven recovery within a fixed recovery cycle. Accumulated intrusion reports will prompt the compromised servers to be reverted earlier. A control algorithm is designed to manage both security and service availability. Experimental results demonstrate good performance of the algorithm.