Intrusion tolerant communication networks and associated methods

US 7,350,234 B2
Filed: 06/11/2002
Issued: 03/25/2008
Est. Priority Date: 06/11/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for intrusion tolerance in a private communication network including a plurality of interconnected servers, comprising:

ascertaining entrance into an active attack state produced by an intrusion into the communication network; and

entering a triage state upon recognition of the active attack state by selecting from a plurality of predetermined triage states including each of the following,(a) a cease-to-function state in which the plurality of interconnected servers ceases to function,(b) a degradation state in which only predefined essential services of the communications network are maintained for communication outside the private communication network, and(c) a prior-to-intrusion state of the communication network before said entrance into the attack state.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An intrusion tolerant communication network and related methods is provided that places emphasis on continuity of operation and provides for an attack-survivable communication network whose network devices collectively accomplish the specified networking intent even under attack and despite active intrusions. The present invention defines methods for network intrusion tolerance in terms of the various state transitions that maximize the overall effectiveness of an intrusion tolerant communication network.

Citations

30 Claims

1. A method for intrusion tolerance in a private communication network including a plurality of interconnected servers, comprising:
- ascertaining entrance into an active attack state produced by an intrusion into the communication network; and
  
  entering a triage state upon recognition of the active attack state by selecting from a plurality of predetermined triage states including each of the following,(a) a cease-to-function state in which the plurality of interconnected servers ceases to function,(b) a degradation state in which only predefined essential services of the communications network are maintained for communication outside the private communication network, and(c) a prior-to-intrusion state of the communication network before said entrance into the attack state.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising:
    - entering a masked compromised state from the active attack state to mask impact of the attack and provide transparent recovery to the prior-to-intrusion state.
  - 3. The method of claim 1, further comprising:
    - entering an undetected compromised state from the active attack state once the communication network is unable to recognize the active attack state.
  - 4. The method of claim 1, further comprising:
    - returning to the prior-to-intrusion state from a vulnerable state if the vulnerable state is detected before exploitation begins.
  - 5. The method of claim 1, further comprising:
    - returning to the prior-to-intrusion state from the cease-to-function state by restoring services via manual intervention.
  - 6. The method of claim 5, further comprising:
    - reconfiguring the communication network to reduce the effectiveness of future attacks.
  - 7. The method of claim 5, further comprising:
    - evolving the communication network to reduce the effectiveness of future attacks.
  - 8. The method of claim 1, further comprising:
    - returning to the prior-to-intrusion state from the graceful degradation state by restoring services via manual intervention.
  - 9. The method of claim 8, further comprising:
    - reconfiguring the communication network to reduce the effectiveness of future attacks.
  - 10. The method of claim 8, further comprising:
    - evolving the communication network to reduce the effectiveness of future attacks.
  - 11. The method of claim 1, further comprising:
    - returning to the prior-to-intrusion state from a failed state by restoring services via manual intervention.
  - 12. The method of claim 11, further comprising:
    - reconfiguring the communication network to reduce the effectiveness of future attacks.
  - 13. The method of claim 12, further comprising:
    - evolving the communication network to reduce the effectiveness of future attacks.

14. A method for intrusion tolerance in a private communication network including a plurality of interconnected servers, the method comprising:
- screening for vulnerability to intrusion which would cause the communication network to transition to a vulnerable state;
  
  securing the communication network to eliminate at least some of the vulnerabilities detected while screening the communication network so as to return the communication network to a prior-to-intrusion state;
  
  screening for exploitation of a vulnerability against which the communication network remains susceptible following any further securing of the communication network with the exploitation of the vulnerability causing the communication network to enter an active attack state; and
  
  responding to the exploitation of the vulnerability by selecting from a plurality of predetermined triage steps including each of the following,a) recovering from the exploitation of the vulnerability and returning to the prior-to-intrusion state without degradation of the communication network,b) maintaining only predefined essential services of the communication network for communication outside the private communication network, andc) ceasing operation of the plurality of interconnected servers while preserving at least one of the integrity and confidentiality of the data maintained by the communication network.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The method of claim 14, wherein responding to the exploitation of the vulnerability further comprises recovering transparently by masking the impact of the attack.
  - 16. The method of claim 14, further comprising:
    - compromising the communication network when the screening for exploitation of a vulnerability fails to recognize an active attack.
  - 17. The method of claim 14, wherein maintaining only predefined essential services of the communication network further comprises:
    - returning to the prior-to-intrusion state by a manual restoration procedure.
  - 18. The method of claim 17, wherein returning to the prior-to-intrusion state further comprises at least one of a reconfiguration procedure and an evolution procedure.
  - 19. The method of claim 14, wherein ceasing operation of the communication network while preserving at least one of the integrity and confidentiality of the data maintained by the communication network further comprises:
    - returning to the prior-to-intrusion state by a manual restoration procedure.
  - 20. The method of claim 19, wherein returning to the prior-to-intrusion state further comprises at least one of a reconfiguration procedure and an evolution procedure.
  - 21. The method of claim 14, wherein ceasing operation of the communication network without assurance of at least one of the integrity and confidentiality of the data maintained by the communication network further comprises:
    - returning to the prior-to-intrusion state by a manual restoration procedure.
  - 22. The method of claim 21, wherein returning to the prior-to-intrusion state further comprises at least one of a reconfiguration procedure and an evolution procedure.

23. An intrusion tolerant private communication network including a plurality of interconnected servers, comprising:
- a vulnerability detection element configured to screen for vulnerability to an intrusion which would cause the communication network to transition to a vulnerable state;
  
  a security element configured to secure the communication network to eliminate at least some of the vulnerabilities detected by said vulnerability detection element so as to return the communication network to prior-to-intrusion state;
  
  a vulnerability exploitation detection element configured to screen for exploitation of a vulnerability against which the communication network remains susceptible with the exploitation of the vulnerability causing the communication network to enter an active attack state; and
  
  a triage element configured to respond to the exploitation of the vulnerability by selecting from each of the following plurality of predetermined triage instructions configured to,recover the communication network from the exploitation of the vulnerability and return to the prior-to-intrusion state without degradation of the communication network,maintain only predefined essential services of the communication network for communication outside the private communication network, andcease operation of the plurality of interconnected servers while preserving at least one of the integrity and confidentiality of the data maintained by the communication network.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
- - 24. The network of claim 23, further comprising:
    - a masking element configured to mask the impact of an active attack that is determined by the vulnerability exploitation detection element.
  - 25. The network of claim 23, wherein the triage element is configured to respond to the exploitation of the vulnerability by maintaining only predefined essential services of the communication network and returning the communication network to the prior-to-intrusion state by a manual restoration procedure.
  - 26. The network of claim 25, wherein the triage element is configured to return the communication network to the prior-to-intrusion state by at least one of a reconfiguration procedure and an evolution procedure.
  - 27. The network of claim 23, wherein the triage element is configured to respond to the exploitation of the vulnerability by ceasing operation of the communication network while preserving at least one of the integrity and confidentiality of the data maintained by the communication network and by returning the communication network to the prior-to-intrusion state by a manual restoration procedure.
  - 28. The network of claim 27, wherein the triage element is configured to return the communication network to the prior-to-intrusion state by at least one of a reconfiguration procedure and an evolution procedure.
  - 29. The network of claim 23, wherein the triage element is configured to respond to the exploitation of the vulnerability by ceasing operation of the communication network without assurance of at least one of the integrity and confidentiality of the data maintained by the communication network and by returning the communication network to the prior-to-intrusion state by a manual restoration procedure.
  - 30. The method of claim 29, wherein the triage element is configured to return the communication network to the prior-to-intrusion state by at least one of a reconfiguration procedure and an evolution procedure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Research Triangle Institute
Original Assignee
Research Triangle Institute
Inventors
Vaidyanathan, Kalyanaraman, Wang, Rong, Wang, Feiyi, Trivedi, Kishor, Muthusamy, Balamurugan, Goseva-Popstojanova, Katerina, Gong, Fengmin
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
Cervetti; David Garcia

Application Number

US10/166,921
Publication Number

US 20030033542A1
Time in Patent Office

2,114 Days
Field of Search

726/22, 726/26, 726/23
US Class Current

726/23
CPC Class Codes

H04L 63/1433 Vulnerability analysis

H04L 63/1441 Countermeasures against mal...

Intrusion tolerant communication networks and associated methods

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Intrusion tolerant communication networks and associated methods

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links