Intrusion tolerant communication networks and associated methods
First Claim
Patent Images
1. A method for intrusion tolerance in a communication network, the method comprising:
- operating the communication network in a good state in the absence of vulnerability to intrusion;
entering a vulnerable state from the good state once the communication network becomes vulnerable to intrusion;
entering an active attack state from the vulnerable state once the vulnerability is exploited; and
entering a triage state from the active attack state to respond to the exploitation of the vulnerability by entering at least one of a fail-secure state in which the communication network ceases to function while preserving at least one of the integrity and confidentiality of data maintained by the communication network, a graceful degradation state in which only predefined essential services are maintained, a failed state in which the communication network ceases to function, and the good state.
3 Assignments
0 Petitions
Accused Products
Abstract
An intrusion tolerant communication network and related methods is provided that places emphasis on continuity of operation and provides for an attack-survivable communication network whose network devices collectively accomplish the specified networking intent even under attack and despite active intrusions. The present invention defines methods for network intrusion tolerance in terms of the various state transitions that maximize the overall effectiveness of an intrusion tolerant communication network.
-
Citations
30 Claims
-
1. A method for intrusion tolerance in a communication network, the method comprising:
-
operating the communication network in a good state in the absence of vulnerability to intrusion;
entering a vulnerable state from the good state once the communication network becomes vulnerable to intrusion;
entering an active attack state from the vulnerable state once the vulnerability is exploited; and
entering a triage state from the active attack state to respond to the exploitation of the vulnerability by entering at least one of a fail-secure state in which the communication network ceases to function while preserving at least one of the integrity and confidentiality of data maintained by the communication network, a graceful degradation state in which only predefined essential services are maintained, a failed state in which the communication network ceases to function, and the good state. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for intrusion tolerance in a communication network, the method comprising:
-
operating the communication network in a good state in the absence of vulnerability to intrusion;
screening for vulnerability to intrusion which would cause the communication network to transition to a vulnerable state;
further securing the communication network to eliminate at least some of the vulnerabilities detected while screening the communication network so as to return the communication network to the good state;
screening for exploitation of a vulnerability against which the communication network remains susceptible following any further securing of the communication network with the exploitation of the vulnerability causing the communication network to enter an active attack state; and
responding to the exploitation of the vulnerability in at least one of the following manners;
recovering from the exploitation of the vulnerability and returning to the good state without degradation of the communication network;
maintaining only predefined essential services of the communication network;
ceasing operation of the communication network while preserving at least one of the integrity and confidentiality of the data maintained by the communication network; and
ceasing operation of the communication network without assurance of at least one of the integrity and confidentiality of the data maintained by the communication network. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. An intrusion tolerant communication network capable of operating in a good state in the absence of vulnerability to intrusion, the communication network comprising:
-
a vulnerability detection element capable of screening for vulnerability to intrusion which would cause the communication network to transition to a vulnerable state;
a security element capable of further securing the communication network to eliminate at least some of the vulnerabilities detected by said vulnerability detection element so as to return the communication network to the good state;
a vulnerability exploitation detection element capable of screening for exploitation of a vulnerability against which the communication network remains susceptible with the exploitation of the vulnerability causing the communication network to enter an active attack state; and
a triage element capable of responding to the exploitation of the vulnerability in at least one of the following manners;
recovering from the exploitation of the vulnerability and returning to the good state without degradation of the communication network;
maintaining only predefined essential services of the communication network;
ceasing operation of the communication network while preserving at least one of the integrity and confidentiality of the data maintained by the communication network; and
ceasing operation of the communication network without assurance of at least one of the integrity and confidentiality of the data maintained by the communication network. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
-
Specification