主动反应与自再生的容忍入侵关键技术研究
|
摘要
近几年来,随着分布式网络系统的大量应用,网络入侵的方式也层出不穷,传统的入侵防御和入侵检测技术无法实现一个具有抵制任何故障/入侵能力的系统,而容忍入侵技术能在故障/入侵已发生时保证系统关键功能的执行,因而受到越来越多的关注。
本文在查阅了大量容忍入侵技术的相关文献之后,综述了当前容侵系统和容侵技术研究的现状,指出新的主动反应式容侵系统和自再生的容侵技术将是容忍入侵研究的新方向,分别针对这两个方向,进行了较为系统的研究:
一、分析认为反应式容侵系统具有较好的兼容性,增加了容侵功能的反应式系统能够和原有系统较好地兼容,但现有的反应式容侵系统根据入侵检测结果在入侵形成后被动响应,具有反应时间不足的缺陷。为克服此问题,本文提出让系统根据入侵预测结果提前反应、主动响应,构建主动反应式容侵系统,并研究了相关的入侵预测关键技术:
1)入侵建模:提出了基于攻击者能力的入侵模型及其构建与描述方法,该入侵模型从攻击者能力的角度出发,关注入侵对系统安全的影响;利用来自IDS的警报信息,采用入侵警报关联的方法及时构建入侵模型,并用形式化方法证明了采用相关方法构建该入侵模型的存在性和唯一性;提出了基于TIBC语言的模型描述方法及模型实时建立方法,并用相关实验检验了该模型构建算法的性能。
2)入侵预测:提出了用于入侵预测的混合式贝叶斯网络模型及基于该模型的入侵预测方法,该混合式贝叶斯网络分为攻击层和状态层两个层次,存在收敛连接和连续连接两种连接,可以很好的描述攻击行为与该攻击行为所导致的系统安全状态之间的因果联系;该网络模型可由前述基于攻击者能力的入侵模型直接转化而来,在相关信度更新算法的支持下,文章通过具体实验示例表明了该预测方法的有效性。
二、分析认为当前基于“优雅降级”的容侵技术最终依然会导致系统在不断降级中失败,而“自再生技术”可以通过派生出新一代系统来恢复原有系统具备的容忍能力。为此考查了与再生技术相关的无线传感器网络的拓扑生成方法,并以此为背景,研究了容侵的无线传感器网络拓扑自再生技术,具体工作如下:
1)拓扑生成方法综述与分析:综述了当前无线传感器网络拓扑生成方法并分析了它们在恶意入侵环境下的表现,指出针对现有拓扑生成方法可能存在
Recently, network intrusion becames more and more frequent with the wide application of distributed networks, and these bring on the phenomenon that no system can resist all the fault and intrusion. For its abilities of tolerating the intrusions and guaranteeing the key sevices of systems, intrusion tolerance attracts more and more attention.
A recent survey of the intrusion tolerance system (ITS) and intrusion tolerance technology is given firstly in this dissertation, and the conclusion that initiative reactive ITS and self-regeneration technology are the new progress is achieved by analyzing, then some key problems of these two aspects are studied and systemic conclusions are achieved.
In the aspect of ITS, the author suggested an initiative reactive ITS which initiatively reacts by intrusion prediction instead of by intrusion detection in the existed reactive ITS to get more reacting time, then focuses on the two key technologies, modeling and predicting method of intrusion, which are appropriate to trig the reactive intrusion tolerance system.
1) Modeling the Intrusion: An intrusion model of state transition of attackers’capability and its constructing algorithm is presented. The model pays its emphasis on the influence of the intrusion upon the system and describes the intrusion as the state transition process of the attackers’capability. The constructing algorithm correlates the intrusion detection alerts into meta-attack, and defines cover as the reduction of meta-attack. Then the method of transforming the cover of meta-attack to intrusion model and the proofs of the equivalences among intrusion model, meta-attack and its cover are given. And then an algorithm for describing the intrusion model adaptively is present in which the manual work is not employed as the existing methods. In the end, both the intrusion model and the algorithms for constructing and describing this model show their good performances in the correlation experiment.
2) Predicting the Intrusion: A hybrid Bayesian network method for intrusion predicting is presented which is based on the intrusion model of state transition of attackers’capability. The network model shows the casual relation of the
本文在查阅了大量容忍入侵技术的相关文献之后,综述了当前容侵系统和容侵技术研究的现状,指出新的主动反应式容侵系统和自再生的容侵技术将是容忍入侵研究的新方向,分别针对这两个方向,进行了较为系统的研究:
一、分析认为反应式容侵系统具有较好的兼容性,增加了容侵功能的反应式系统能够和原有系统较好地兼容,但现有的反应式容侵系统根据入侵检测结果在入侵形成后被动响应,具有反应时间不足的缺陷。为克服此问题,本文提出让系统根据入侵预测结果提前反应、主动响应,构建主动反应式容侵系统,并研究了相关的入侵预测关键技术:
1)入侵建模:提出了基于攻击者能力的入侵模型及其构建与描述方法,该入侵模型从攻击者能力的角度出发,关注入侵对系统安全的影响;利用来自IDS的警报信息,采用入侵警报关联的方法及时构建入侵模型,并用形式化方法证明了采用相关方法构建该入侵模型的存在性和唯一性;提出了基于TIBC语言的模型描述方法及模型实时建立方法,并用相关实验检验了该模型构建算法的性能。
2)入侵预测:提出了用于入侵预测的混合式贝叶斯网络模型及基于该模型的入侵预测方法,该混合式贝叶斯网络分为攻击层和状态层两个层次,存在收敛连接和连续连接两种连接,可以很好的描述攻击行为与该攻击行为所导致的系统安全状态之间的因果联系;该网络模型可由前述基于攻击者能力的入侵模型直接转化而来,在相关信度更新算法的支持下,文章通过具体实验示例表明了该预测方法的有效性。
二、分析认为当前基于“优雅降级”的容侵技术最终依然会导致系统在不断降级中失败,而“自再生技术”可以通过派生出新一代系统来恢复原有系统具备的容忍能力。为此考查了与再生技术相关的无线传感器网络的拓扑生成方法,并以此为背景,研究了容侵的无线传感器网络拓扑自再生技术,具体工作如下:
1)拓扑生成方法综述与分析:综述了当前无线传感器网络拓扑生成方法并分析了它们在恶意入侵环境下的表现,指出针对现有拓扑生成方法可能存在
Recently, network intrusion becames more and more frequent with the wide application of distributed networks, and these bring on the phenomenon that no system can resist all the fault and intrusion. For its abilities of tolerating the intrusions and guaranteeing the key sevices of systems, intrusion tolerance attracts more and more attention.
A recent survey of the intrusion tolerance system (ITS) and intrusion tolerance technology is given firstly in this dissertation, and the conclusion that initiative reactive ITS and self-regeneration technology are the new progress is achieved by analyzing, then some key problems of these two aspects are studied and systemic conclusions are achieved.
In the aspect of ITS, the author suggested an initiative reactive ITS which initiatively reacts by intrusion prediction instead of by intrusion detection in the existed reactive ITS to get more reacting time, then focuses on the two key technologies, modeling and predicting method of intrusion, which are appropriate to trig the reactive intrusion tolerance system.
1) Modeling the Intrusion: An intrusion model of state transition of attackers’capability and its constructing algorithm is presented. The model pays its emphasis on the influence of the intrusion upon the system and describes the intrusion as the state transition process of the attackers’capability. The constructing algorithm correlates the intrusion detection alerts into meta-attack, and defines cover as the reduction of meta-attack. Then the method of transforming the cover of meta-attack to intrusion model and the proofs of the equivalences among intrusion model, meta-attack and its cover are given. And then an algorithm for describing the intrusion model adaptively is present in which the manual work is not employed as the existing methods. In the end, both the intrusion model and the algorithms for constructing and describing this model show their good performances in the correlation experiment.
2) Predicting the Intrusion: A hybrid Bayesian network method for intrusion predicting is presented which is based on the intrusion model of state transition of attackers’capability. The network model shows the casual relation of the
引文
[Albrecht1997] Albrecht R, Zukerman R, et, al. Towards a Bayesian model for keyhole plan recognition in large domains. Proceedings of the 6th International Conference on User Modeling. Sardinia , Italy , 1997 , 365-376.
[Albert2000] Albert R, Jeong H, et al, Error and Attack Tolerance of Complex Networks. Nature, Vol. 406(27): 378-382, 2000.
[Ammann 2002] Ammann, P, Jajodia S, et al, Recovery from Malicious Transactions. IEEE Transactions on Knowledge and Data Engineering, 15(5): 1167-1185, 2002.
[Anderson1996] Anderson R, Kuhn M, et al. A Cautionary Note. Proceedings of the 2nd Usenix Workshop on Electronic Commerce, USENIX Association, Oakland 1996, 1-11.
[Basagni2001] Basagni S, Herrin C, et al, Secure Pebblenets. Proceedings of the 2nd International Symposium on Mobile Ad Hoc Networking &Computing. ACM Press, Washington DC, 2001, 156-163.
[Blain1990] Blain, L. and Y. Deswarte. An Intrusion-tolerant Security Server for An Open Distributed System. Proceedings of the European Symposium in Computer Security. Toulouse. France. Oct. 1990.
[Blom1985] Blom R, An Optimal Class of Symmetric Key Generation Systems. Advances in Cryptology - EUROCRYPT’84, Lecture Notes in Computer Science Vol.209:335-338. Springer-Verlag, Berlin 1985.
[Blundo1993] Blundo C, Santis A D, et al, Perfectly-Secure Key Distribution for Dynamic Conferences. Advances in Cryptology- CRYPTO ’92, Lecture Notes in Computer Science Vol.704:471-486, Springer-Verlag, Berlin 1993.
[Bollobas1985] Bollobas B. Random Graphs. Academic Press, London, 1985.
[Brant 2002] Brant S Wang F. Design and Implementation of Adaptive Reconfiguration for Intrusion Tolerant Systems. International Conference on Dependable Systems and Networks. Washington D.C., June 22-26, 2002.
[Buschmann2003] Buschmann, C., Fischer, S.,et al, Middleware for Swarm-Like Collections of Devices. IEEE Pervasive Computing Magazine, Vol.2(4): 96-97,2003
[Caccamo2002] Caccamo M, ZHANG L, et al. An implicit prioritized access protocol for wireless sensor networks. Proc of IEEE Real-Time System Symposium. Austin, Texas, 2002.
[Cachin2000] Cachin C, and Shoup V. Random oracles in constantinople: Practical asynchronous Byzantine agreement using cryptography. Symp.on Principles of Distributed Computing. Portland, Oregon. 2000.
[Cachin2001] Cachin, C. Distributing trust on the Internet. Intenational Conference on Dependable Systems and Networks. Gteborg, Sweden, June 2001, 183-222.
[Cachin2004] Cachin C, Samar A. Secure distributed DNS. Intenational Conference on Dependable Systems and Networks (DSN-2004). June 2004, 423-432.
[Cachin2002CCS] Cachin C, et al. Asynchronous verifiable secret sharing and proactive cryptosystems. Proc. 9th ACM Conference on Computer and Communications Security (CCS). 2002, 88-97.
[Cachin2002DSN] Cachin C, Poritz J, Secure intrusion-tolerant replication on the Internet. DSN-2002. Ruschlikon, Switzerland, June 2002, 167-176.
[Calinescu2003] Calinescu G, Wan P-J, et al. High Connectivity with Minimum Total Power in Wireless Ad Hoc Networks, Proceedings of Ad Hoc Now, 2003.
[Carman2000] Carman D W, Kruus P S, et al, Constraints an Approaches for Distributed Sensor Network Security. Technical Report, NAI Labs 2000. www.cs.umbc.edu/courses/graduate/ CMSC691A/ Spring04/papers/nailabs_report_00-010_final.pdf
[Cai2003] Liang C, et al, Building a highly available and intrusion tolerant database security and protection system. Journal of Zhejiang University SCIENCE, Vol. 4(3): 287-293, 2003.
[Camenisch2000] Camenisch J, Damgard I, Verifiable Encryption and Applications to Group Signatures and Signature Sharing. Technical Report RS-98-32, BRICS, Department of Computer Science, University of Aarhus, http://citeseer.ist.psu.edu/ camenisch99 verifiable.htm.
[Cerpa2004] Cerpa A, Estrin D. ASCENT: adaptive self-configuring sensor networks topologies. IEEE Transactions on Mobile Computing, 2004, 3(3):272-285.
[Chan2003] Chan H, Perrig A, Song D, Predistribution Schemes for Sensor Networks. Proceedings of the IEEE Security and Privacy Symposium. IEEE Computer Society Press, Los Alamos 2003. 197-213.
[Chen2005] Chen Y, Sang H, A Fault Tolerant Topology Control in Wireless Sensor Networks. ACS/IEEE International Conference on Computer Systems and Applications, Cairo, Egypt, January 2005.
[Cheung1997] Cheung S, An Efficient Message Authentication Scheme for Link State Routing. Proc.13th Annual Computer Security Applications Conference, San Diego, California, Dec. 1997.
[Cheung1999] Cheung S, An Intrusion Tolerance Approach for Protecting Network Infrastructures. Ph.D. Dissertation. University of California, Davis, Sep.1999.
[Cheung2003] Cheung S, Lindqvist U, Martin W. Modeling Multi-step Cyber Attacks for Scenario Recognition. DARPA Information Survivability Conference and Exposition. Washington, D.C. 2003.
[Chlamtac1999] Chlamtac I, Farago A. A new approach to the design and analysis of P2P mobile networks, ACM/Baltzer wireless networks. Vol.6(5): 149-156, 1999.
[Cornell] Cornell On-line Certification Authority. URL: http://www.cs.cornell.edu/home/ldzhou /coca.htm.
[Correia2001] Correia M, Verssimo P, Neves N. F., The Architecture of Secure Group Communication System Based on Intrusion Tolerance. The Proceedings of the International Workshop on Applied Reliable Group Communication, Phoenix, Arizona, Apr. 2001
[Cui2004] 崔竞松, 王丽娜, 张焕国, 傅建明. 一种并行容侵系统研究模型——RC 模型. 计算机学报. Vol.27(4):500-506, 2004.
[Cukier2001] Cukier, M., et al. Intrusion Tolerance Approaches in ITUA. Fast Abstract in Supplement of the 2001 International Conference on Dependable Systems and Networks. Goeteborg, Sweden, July 2001, B64-B65.
[Cukier2002] Cukier M, et al., Providing Intrusion Tolerance with ITUA. The 2002 International Conference on Dependable Systems and Networks, Washington, DC, USA, 2002.
[Cuppens2000] Cuppens F, Ortalo R. LAMBDA: A Language to Model a Database for Detection of Attacks. In Third International Workshop on the Recent Advances in Intrusion Detection, Toulouse, France, 2000.
[Cuppens2001] Cuppens F. Managing alerts in multi-intrusion detection environments. In 17th Annual Computer Security Applications Conference (ACSAC). New-Oreans, December 2001.
[Cuppens2002] Cuppens F, Miège A. Alert Correlation in a Cooperative Intrusion Detection Framework. In Proceedings of IEEE Symposium on Security and Privacy, Oakland, California, USA, 2002.
[Dain2001] Dain O, Cuningham R, Fusing a heterogeneous alert stream into scenarios. In Proceeding of the ACM Workshop on Data Mining for Security Applications. Lecture Notes in Computer Science. 2001, Vol. 2629: 1-13.
[Debar2001] Debar H and Wespi A. Aggregation and Correlation of Intrusion-Detection Alerts.The 4th International Symposium of Recent Advances in Intrusion Detection (RAID) 2001, Springer-Verlag Lecture Notes in Computer Science, October 2001.
[Deng2003] Deng J., Han R., Mishra S.. INSENS: Intrusion-Tolerant Routing in Wireless Sensor Networks. In. the 23rd IEEE International Conference on Distributed Computing Systems. Providence, RI. May 2003.
[Deswarte 1991] Deswarte Y, Blain L, et al, Intrusion Tolerance in Distributed Computing Systems. In Proceedings of the International Symposium on Security and Privacy. New York: IEEE Press. May 1991, 110-121.
[Dobson1986] Dobson J E, Randell B, Building Reliable Secure Computing Systems out of Unreliable Insecure Components. IEEE Symposium on Security and Privacy. Oakland, CA, USA, 1986, 187-193.
[Dousson1996] Dousson C, Alarm Driven Supervision for Telecommunication Networks: Online Chronicle Recognition, Annales des Telecommunications, Vol. 51(9):501-508.
[Dworkin2001] Dworkin, M.: NIST Special Publication 800-38A: Recommendation for Block Cipher Modes of Operation. http://csrc.nist.gov/publications/nistpubs/800- 38a/sp800-38a.pdf. 2001.
[Tseng2004] Tseng Y, Chang Y, Tseng P, Energy-efficient topology control for wireless ad hoc sensor networks. Journal of information science and engineering, Vol. 20(1): 27-37, 2004.
[Eschenauer2002] Eschenauer L, Gligor V D, A Key-Management Scheme for Distributed Sensor Networks. Proceedings of the Conference on Computer and Communications Security’02. Washington DC, 2002. 41-47.
[Fraga1985] Fraga J, Powell D, A Fault- and Intrusion- Tolerant File System. The 3rd International Conference on Computer Security. Dublin, Ireland. 1985, 203-218.
[Goseva2001]Goseva P, Wang F, etc, Characterizing Intrusion Tolerant Systems Using a State Transition Model. DARPA Information Survivability Conference and Exposition, 2001, vol. 2: 11-22.
[Guajardo2001] Guajardo J, Bluemel R, et al, Efficient Implementation of Elliptic Curve Cryptosystems on the TI MSP430x33x Family of Microcontrollers. Proceedings of the International Workshop on Practice and Theory in Public Key Cryptography ’01, Springer-Verlag, Berlin, Lecture Notes in Computer Science, Vol.1992: 365-382, 2001.
[Guo2004] Guo Y, Ma J. An Efficient and Secure Fault-tolerant Conference-Key Distribution Protocol. IEEE Transactions on Consumer Electronics. Vol. 50(2): 571-575, 2004.
[Guo2005] 郭渊博,容忍入侵的理论与方法及应用研究,西安电子科技大学博士学位论文,2005年 9 月。
[Heinzelman2002] Heinzelman W, Chandrakasan A, et al. An Application-specific Protocol Architecture for Wireless Micro-sensor Network. IEEE Trans on Wireless Communication. Vol. 1(4): 660-670, 2002.
[Huang2000] Huang Z, Lu X, Wang H, A Diversified Dynamic Redundancy Method Exploiting the Intrusion Tolerance, Third Information Survivability Workshop, Boston, Massachusetts Oct. 2000,
[Huang2003] Huang J, Mishra S, A Highly Scalable and Efficient Key Distribution Protocol for Large Group Multicast. 23rd IEEE International Conference on Distributed Computing Systems(IEEE GLOBECOM2003). San Francisco, CA, May 2003.
[Huang2004]黄遵国,卢锡城,胡华平,生存能力技术及其实现案例研究,通信学报,Vol.25(7):137-145, 2004.
[Ian2004] Ian Welch, John Wame, Peter Ryan, et al, Architectural Analysis of MAFTIA’s Intrusion Tolerance Capabilities, International Conference on Dependable Systems and Networks, 2004, 453-461.
[Jia2005] Jia Xiaohua, Kim Dongsoo, et al. Power Assignment for k-Connectivity in Wireless Ad Hoc Networks. In 24th Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM 2005), Miami, Florida, USA, 2005.
[Jin2002] 荆继武, 冯登国, 一种入侵容忍的 CA 方案, 软件学报, Vol.13(8):1417-1422, 2002.
[Jing2003] Jing, J., et al. ARECA: a highly attack resilient certification authority. ACM workshop on Survivable and self-regenerative systems. 2003, 53-63.
[Julisch2001] Julisch K, Mining Alarm Clusters to Improve Alarm Handling Efficiency, 17th Annual Computer Security Applications Conference (ACSAC'01), December 2001, 12-21.
[Karlof2003] Karlof C, Wanger D, Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures, 1st IEEE International Workshop on Sensor Network Protocol and Applications, 2003, 293-315.
[Koberstein2004] Koberstein J, Reuter F, Luttenberger N, The XCast Approach for Contentbased Flooding Control in Distributed Virtual Shared Information Spaces: Design and Evaluation. Proceedings of the 1st European Workshop on Wireless Sensor Networks (LNCS 2920), Springer-Verlag, Berlin 2004, 188-203.
[Kolchin1978] Kolchin V, Sevastanov B, et al. Random Allocation. Winston and Sons Press, Washington DC, 1987.
[Kubisch2003] Kubisch M., Karl H., and Wolisz A, Distributed algorithms for transmission power control in wireless sensor networks, In Proc. IEEE Wireless Communications and Networking Conference (WCNC'03), New York,USA , March 2003, 558-563.
[Kursawe2002] Kursawe. K. Asynchronous Byzantine group communication. 21st IEEE Symposium on Reliable Distributed Systems, Osaka, Japan, 2002. 352- 357.
[Lee2005] Lee Hwajung, SEEMLESS: Distributed Algorithm for Topology Control of Survivable Energy Efficient Multihop Wireless Sensor Networks Using Adjustable Transmission Power. Proc. 6th International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD2005), Baltimore, Maryland, May 2005.
[Li2004] 李家春, 李之棠. 分布式入侵告警关联分析. 计算机研究与发展. Vol.41 (11): 1919-1923, 2004.
[LiL2001] Li L, Joseph Y, et al. Analysis of A Cone-based Distributed Topology Control Algorithm for Wireless Multi-hop Networks, Proceedings of the 20th annual ACM symposium on Principles of distributed computing, Auguest. 2001, 264-273.
[LiN2003] Li N, Hou J, et al. Design and analysis of an MST-based topology control algorithm. IEEE INFOCOM2003, Franciso,USA, 2003, 1702-1712.
[LiN2004] Li N, Hou J, FLSS: A Fault-Tolerant Topology Control Algorithm for Wireless Networks. Proceedings of the 10th annual international conference on Mobile computing and networking, September, New york, USA, ACM press, 275-286, 2004.
[Ling2005] 林闯,彭雪海, 可信网络研究,计算机学报, Vol.28 (5): 751-758, 2005.
[Liu2001CSFW] Liu, P., Jajodia, S. Multi-Phase Damage Confinement in Database Systems for Intrusion Tolerance. Proc. 14th IEEE Computer Security Foundations Workshop (CSFW'01). June 2001, 191-205.
[Liu2001DAIS] Liu, P. DAIS: A Real-Time Data Attack Isolation System for Commercial Database Applications. Proc. 17th Annual Computer Security Applications Conference (ACSAC'01). Dec 2001, 219-229.
[Liu2001DBSEC] Liu P, Hao X, Efficient Damage Assessment and Repair in Resilient Distributed Database Systems. Proc. 15th IFIP WG 11.3 Working Conference on Data and Applications Security (DBSEC'01). Niagara, Ontario, Canada, July 2001.
[Liu2002] Liu P, et al, Engineering a Distributed Intrusion Tolerant Database System. DARPA OASIS Final Technical Report, 2002.
[Liu2002ACSAC] Liu P, et al. Architectures for Intrusion Tolerant Database Systems. Proc. 18th Annual Computer Security Applications Conference (ACSAC '02), 2002, 311-320.
[Liu2002DBSEC] Liu P, Wang Y, The Design and Implementation of a Multiphase Database Damage Confinement System. Proc. 16th IFIP Working Conf. on Data and Applications Security (DBSEC'02), July 2002.
[Liu2004] Liu, P., et al, The Design and Implementation of a Self-Healing Database System. Journal of Intelligent Information Systems, 23(3): 247-269, 2004.
[LiuD2003] Liu, D., and Ning, P.: Establishing Pairwise Keys in Distributed Sensor Networks. Proceedings of the Conference on Computer and Communications Security ’03. ACM Press, Washington DC 2003, 52-61.
[LiuP2003] Liu, P. Architectures for Intrusion Tolerant Database Systems. Chapter of Foundations of Intrusion Tolerant Systems. IEEE Computer Society Press, 2003: 3-13.
[LiX2003] Li Xiang-yang, Wan Peng-jun, et al. Fault Tolerant Deployment and Topology Control in Wireless Networks. Proc. 4th ACM Intl. Symp. on Mobile Ad Hoc Networking and Computing (MobiHoc03), Annapolis, MD, 2003.
[Luenam2001] Luenam P, Liu P, ODAR: An On-the-fly Damage Assessment and Repair System for Commercial Database Applications. in 2001. Proc. 15th IFIP WG 11.3 Working Conference on Data and Application Security (DBSEC'01), Niagara, Ontario, Canada, July 2001.
[Luenam2002] Luenam, P. and Liu P, The Design of an Adaptive Intrusion Tolerant Database System. Proc. IEEE Workshop on Intrusion Tolerant Systems (ITS '02), June 2002.
[Madan2004] Madan B., et al, A method for modeling and quantifying the security attributes of intrusion tolerant systems. Performance Evaluation, 56(1-4): 167-186, 2004.
[Malkin1999] Malkin M., Wu T., and Boneh D, Experimenting with Shared Generation of RSA keys, Proceedings of the Internet Society's 1999 Symposium on Network and Distributed System Security (SNDSS), Springer Press, California, 1999, 43-56
[Malkin2000] Malkin T, M. Wu, T. Boneh, D. Building intrusion tolerant applications. DARPA Information Survivability Conference and Exposition, Hilton Head, SC, 2000.
[Marsh2004] Marsh, M.A. and Schneider F.B., CODEX: A Robust and Secure Secret Distribution System. IEEE Transactions on Dependable and Secure Computing, 1(1): p. 34-47, 2004.
[Meester1996] Meester R and Roy R, Continuum Percolation, Cambridge University Press, MA, 1996.
[Michael2004] Michael A et al, CODEX: A Robust and Secure Secret Distribution System. IEEE Transactions on Dependable and Secure Computing, 1(1): 34-47, 2004.
[Morin2003] Morin B, Debar H. Correlation of Intrusion Symptoms: an Application of Chronicles. 6th International Conference on Recent Advances in Intrusion Detection (RAID'03). Pittsburgh, USA. Sept 2003.
[Narayanaswamy2002] S Narayanaswamy, V Kawadia, R. S. Sreenivas and P. R. Kumar. Power Control in Ad-hoc Networks: Theory, architecture, algorithm and implementation of the COMPOW protocol. In Proc. European Wireles Networkss, Florence, Italy, February 2002, 156-162.
[Ning2002] Ning P, Cui Y, et al. Constructing Attack Scenarios through Correlation of Intrusion Alerts, Proceedings of the 9th ACM Conference on Computer& Communications Security, Washington D. C., 2002.
[Ning2004] Ning P, Cui Y, et al.Techniques and Tools for Analyzing Intrusion Alerts. ACM Transactions on Information and System Security, Vol.7 (2) 274-318, 2004.
[Pal2000] Pal P., et al. Intrusion Tolerant Systems. Proceedings of the IEEE Information Survivability Workshop (ISW-2000). Boston, Massachusetts, October 2000.
[Pal2001] Pal P., et al. Survival by Defense-Enabling. Proceedings of the New Security Paradigms Workshop. Cloudcroft, New Mexico. September 2001, 71-78.
[Pan2005] Pan D, et al, A Non-Interactive Protocol for Member Expansion in a Secret Sharing Scheme. Journal of Software, 16(1): 116-120, 2005.
[Paulo2003] Paulo E V, et al. Intrusion-Tolerant Architectures: Concepts and Design. Lecture Notes in Computer Science. Vol. 2677: 90-109, 2003.
[Peng2005a] Peng. Wen-ling, and Wang Li-na, Building Intrusion Tolerant Software System. Wuhan University Journal of Natural Science, Vol. 14 (1): 47-50, 2005.
[Peng2005b] 彭文灵, 王丽娜, 张焕国等,基于角色访问控制的入侵容忍机制研究. 电子学报, 33(1):91-95, 2005.
[Penrose1999] Penrose M, On k-connectivity for a geometric graph, Random Structures and Algorithms, Vol. 15( 2):145-164, 1999.
[Perrig2001] Perrig A, Szewczyk R, et al, SPINS: Security Protocols for Sensor Networks. In: Proceedings of the 7th International Conference on mobile Computing and Networks. ACM Press, Washington DC 2001, 189 –199.
[Qin2004] Qin Xinzhou, Lee Wenke, Attack Plan Recognition and Prediction Using Causal Networks, Proceeding of 20th Annual Security Application Conference (ACSAC’04), Tucson, Arizona, 2004, 370-379.
[Ramasamy2002] Ramasamy, H.V., et al. Quantifying the Cost of Providing Intrusion Tolerance in Group Communication Systems. Proceedings of the 2002 International Conference on Dependable Systems and Networks (DSN-2002). Washington, DC, June 2002.
[Ramasubramanian2004] Ramasubramanian P, Kannan A, Quickprop Neural Network Short-Term Forecasting Framework for a Database Intrusion Prediction System. Lecture Notes in Computer Science (ICAISC 2004): 847-852.
[Rubel2001] Rubel P, et al. Assessing Adaptation in the Context of Security and Survivability. First Workshop on Information-Security-System Rating and Ranking (ISSRR). Williamsburg, VA. May 2001.
[Sanders2002] Sanders, W.H., et al. Probabilistic Validation of Intrusion Tolerance. The International Conference on Dependable Systems and Networks. Bethesda, Maryland June 2002.
[Santi2004] Santi P. Silence is golden with high probability: Maintaining a connected backbone in wireless sensor network. 1st European Workshop on Wireless Sensor Networks, Berlin, January 2004.
[Santi2005] Paolo Santi, Topology Control in Wireless Ad Hoc and Sensor Networks. ACM Comp. Surveys, Vol. 37(2):164-194, 2005.
[Schurgers2002] C Schurgers, V Tsiatsis, M Srivastava. STEM: Topology management for energy efficient sensor networks. Proc of IEEE Aerospace Conference. Big Sky, MT, 2002. 78-79.
[Singh2003] Singh, S., M. Cukier, and W. Sanders. Probabilistic validation of an intrusion tolerant replication system. International Conference on Dependable Systems and Networks. San Francisco, CA, June 2003.
[Smirnov2004] Smirnov, A. and T.-c. Chiueh. A Portable Implementation Framework for Intrusion-Resilient Database Management Systems. International Conference on Dependable Systems and Networks. Florence, Italy. July 2004.
[Sohrahi2004] SOHRABI K, MERRILL W, ELSON J, et al. Scalable self-assembly for Ad hoc wireless sensor networks, IEEE Transactions on Mobile Computing.Vol. 3(4): 317-331, 2004.
[Solinas1999] Solinas, J.A.: Generalized Mersenne Numbers. Technical Report CORR-9939, Dept of C&O, University of Waterloo, Canada, 1999.
[Staniford2002] Staniford S, Hoagland J, and Alerney J M. Practical automated detection of stealthy portscans, Journal of Computer Security, 2002.
[Steven2001] Steven J. Templeton, Karl L. A Requires/Provides Model for Computer Attacks. Proceedings of the 2000 workshop on New security paradigms. Ballycotton, Ireland. 2001.
[Templeton2000] Templeton S, Levit K. A requires/provides model for computer attacks. In Proceeding of New Security Paradigms Workshop, Ballycotton, County Cork, Ireland. 2000.
[Undercoffer2003] Undercoffer J, Pinkston J. Modeling Computer Attacks: A Target-Centric Ontology for Intrusion Detection. The Sixth International Symposium on Recent Advances in Intrusion Detection, Pittsburgh, PA, USA 2003.
[Upalli2002] Upalli, R. and Wang F.. Design and Implementation of Ballot Voting for Intrusion Tolerant Systems. International Conference on Dependable Systems and Networks. Washington D.C.June 2002.
[Valdes] Valdes A., Simulation Analysis of a National Intrusion Tolerant System. www.sdl.sri. com/ users/ valdes/ sim_model.pdf, 2003.
[Valdes2001] Valdes A and Skinner K. Probabilistic Alert Correlation. In Proceedings of the 4th International Symposium, Recent Advances in Intrusion Detection (RAID2001), Springer-Verlag, Lecture Notes in Computer Science. Vol.2218: 54-68.
[Verissimo2006] Verissimo P, Neves N, et al, Intrusion-Tolerant Middleware: The Road to Automatic Security”, IEEE Security and Privicy, Vol. 4(4):54-62, August 2006.
[Wan2004] Wan Peng-jun, Yi Chih-wei, Asymptotic Critical Transmission Range for Connectivity in Wireless Ad Hoc Networks with Bernouli Nodes. Proceedings of the 5th ACM international symposium on Mobile ad hoc networking and computing (MOBIHOC 2004), Tokyo, Japan, 2004.
[Wang2001]王宏,可验证秘密共享及门限密码体制研究.西安电子科技大学博士学位论文,2001年 5 月
[Wang2004] Wang C, Ma J. Availability Analysis and Comparison of Different Intrusion-Tolerant systems. Lecture Notes in Computer Science. 2004, vol.3309: 161-166.
[Wang2004] Wang L, Ma J, Zhan Y. Enhancing the content of the intrusion alerts using logic correlation. Lecture Notes in Computer Science. 2004, Vol. 3309:137-142.
[Wang2006] 王超, 可生存网络系统的理论与关键技术研究,西安电子科技大学博士学位论文,2006 年 6 月。
[WangF2003] Wang F, Upalli R. Killian C. Analysis of Intrusion Tolerant Techniques for Distributed Server Systems. MILCOM 2003. Boston, MA, 2003.
[WangFY2003] Wang F, Jou F, et al. SITAR: A Scalable Intrusion Tolerance Architecture for Distributed Services-a Technology Summary. Proceedings of DARPA Information Survivability Conference and Exposition, 2003, Vol.2:153-155.
[WangL2005] Wang L, Liu A, Jajodia S, An Efficient and Unified Approach to Correlating, Hypothesizing, and Predicting Intrusion Alerts, ESORICS2005, Lecture Notes in Computer S cience, Vol.3679: 247-266, 2005.
[WangR2003] Wang R, Wang F. et al, Design and Implementation of Acceptance Monitor for Building Intrusion Tolerant Systems. Software - Practice and Experience, Vol.33: 1399–1417, 2003.
[WangX2003] Wang, X., M.H. Hossain, and H. Lin. An Intrusion-Tolerant Password Authentication System. Proceedings of the 19th Annual Computer Security Applications Conference. December, 2003, 110-118.
[Wong2002] Wong T, Wang C, and Wing J. Verifiable Secret Redistribution for Archive Systems. Proceedings of the First International IEEE Security in Storage Workshop. December 2002, 94-106.
[Wu1999] Wu, T., M. Malkin, and D. Boneh. Building Intrusion Tolerant Applications. Proceedings of the 8th USENIX Security Symposium, USA, USENIX Association. August, 1999, 79-91.
[Wu2004] 吴晓东, 陈纯. 基于多项式分享的分布式认证方案. 浙江大学学报(工学版), Vol. 38(11): 1446-1450. 2004.
[XuY2001] Xu Y, Heidemann J, and Estrin D. Geography-informed Energy conservation for ad hoc routing. Proceedings of the Seventh Annual ACM/IEEE International Conference on Mobile Computing and Networking(MobiCOM2001), Rome, Italy, July 2001
[XuY2003] Ya Xu, Solomon Bien, Yutaka Mori, et al. Topology Control Protocols to Conserve Energy in Wireless Ad Hoc Networks. Center for Embedded Networked Computing, Technical Report 0006, University of California. January 2003.
[Younis2004] Younis O, Fahmy S. HEED: A Hybrid, Energy-Efficient, Distributed Clustering Approach for Ad Hoc Sensor Networks. IEEE Transactions on Mobile Computing, vol3(4): 366-379, 2004.
[Ye2002] Ye W, et al. An energy-efficient MAC protocol for wireless sensor networks Proc of the 21st International Annual Joint Conference (Infocom2002), IEEE Computer and Communications Societies, New York, 2002.
[Yu2003] Yu, M., P. Liu, and W. Zhang. Intrusion Masking for Distributed Atomic Operations. in Proc. 18th IFIP International Information Security Conference (SEC'03). IEEE Press, May 2003, 229-240.
[Yu2005] 俞艳苹, 郭渊博,马建峰, 基于自适应大数表决机制的容忍入侵模型. 系统工程与电子技术, Vol.27 (6 ):1098-1101, 2005.
[Zakiuddin2000] Zakiuddin I., Malvern D., etc. Formal Verification for Survivable Key Management Systems, Third Information Survivability Workshop (ISW-2000), Boston, Massachusetts Oct. 2000. Available at http://www.cert.org/research/isw/isw2000/index.html.
[Zhang2001] 张福泰,可验证秘密分享及其应用研究.西安电子科技大学博士学位论文,2001年 10 月
[Zhang2004] 张险峰, 张峰,秦志光, 一个基于门限 ECC 的解密方案及其应用. 计算机科学, 31(8): 64-67. 2004.
[Zhou1999] Zhou L, Haas Z. J., Securing Ad Hoc Networks. IEEE Networks Special Issue on Network Security. Vol. 2(3): 28-39, 1999.
[Zhou2002] Zhou L, Schneider F.B., et al., COCA: A Secure Distributed On-line Certification Authority. ACM Transactions on Computer Systems, Vol.20(4): 329-368. 2002.
[Zhu2003] Zhu S, et al, LEAP: Efficient Security Mechanisms for Large-Scale Distributed Sensor Networks. Proceedings of the Conference on Computer and Communications Security ’03. ACM Press, Washington DC, 2003. 62-72.
[Zhu2004a] 朱建明, 无线网络安全方法与技术研究, 西安电子科技大学博士论文,2004 年 12月。
[Zhu2004b]朱建明, 郭渊博, and 马建峰, 一种可生存的数据库安全结构设计与实现. 计算机科学, 2004(9A):143-148.
[ZhouL] Zhou L, Schneider F.et al, Proactive secret sharing for asynchronous systems. ACM Transactions on Information and System Security (TISSEC), Vol. 8(3): 259-286, 2005.
[Albert2000] Albert R, Jeong H, et al, Error and Attack Tolerance of Complex Networks. Nature, Vol. 406(27): 378-382, 2000.
[Ammann 2002] Ammann, P, Jajodia S, et al, Recovery from Malicious Transactions. IEEE Transactions on Knowledge and Data Engineering, 15(5): 1167-1185, 2002.
[Anderson1996] Anderson R, Kuhn M, et al. A Cautionary Note. Proceedings of the 2nd Usenix Workshop on Electronic Commerce, USENIX Association, Oakland 1996, 1-11.
[Basagni2001] Basagni S, Herrin C, et al, Secure Pebblenets. Proceedings of the 2nd International Symposium on Mobile Ad Hoc Networking &Computing. ACM Press, Washington DC, 2001, 156-163.
[Blain1990] Blain, L. and Y. Deswarte. An Intrusion-tolerant Security Server for An Open Distributed System. Proceedings of the European Symposium in Computer Security. Toulouse. France. Oct. 1990.
[Blom1985] Blom R, An Optimal Class of Symmetric Key Generation Systems. Advances in Cryptology - EUROCRYPT’84, Lecture Notes in Computer Science Vol.209:335-338. Springer-Verlag, Berlin 1985.
[Blundo1993] Blundo C, Santis A D, et al, Perfectly-Secure Key Distribution for Dynamic Conferences. Advances in Cryptology- CRYPTO ’92, Lecture Notes in Computer Science Vol.704:471-486, Springer-Verlag, Berlin 1993.
[Bollobas1985] Bollobas B. Random Graphs. Academic Press, London, 1985.
[Brant 2002] Brant S Wang F. Design and Implementation of Adaptive Reconfiguration for Intrusion Tolerant Systems. International Conference on Dependable Systems and Networks. Washington D.C., June 22-26, 2002.
[Buschmann2003] Buschmann, C., Fischer, S.,et al, Middleware for Swarm-Like Collections of Devices. IEEE Pervasive Computing Magazine, Vol.2(4): 96-97,2003
[Caccamo2002] Caccamo M, ZHANG L, et al. An implicit prioritized access protocol for wireless sensor networks. Proc of IEEE Real-Time System Symposium. Austin, Texas, 2002.
[Cachin2000] Cachin C, and Shoup V. Random oracles in constantinople: Practical asynchronous Byzantine agreement using cryptography. Symp.on Principles of Distributed Computing. Portland, Oregon. 2000.
[Cachin2001] Cachin, C. Distributing trust on the Internet. Intenational Conference on Dependable Systems and Networks. Gteborg, Sweden, June 2001, 183-222.
[Cachin2004] Cachin C, Samar A. Secure distributed DNS. Intenational Conference on Dependable Systems and Networks (DSN-2004). June 2004, 423-432.
[Cachin2002CCS] Cachin C, et al. Asynchronous verifiable secret sharing and proactive cryptosystems. Proc. 9th ACM Conference on Computer and Communications Security (CCS). 2002, 88-97.
[Cachin2002DSN] Cachin C, Poritz J, Secure intrusion-tolerant replication on the Internet. DSN-2002. Ruschlikon, Switzerland, June 2002, 167-176.
[Calinescu2003] Calinescu G, Wan P-J, et al. High Connectivity with Minimum Total Power in Wireless Ad Hoc Networks, Proceedings of Ad Hoc Now, 2003.
[Carman2000] Carman D W, Kruus P S, et al, Constraints an Approaches for Distributed Sensor Network Security. Technical Report, NAI Labs 2000. www.cs.umbc.edu/courses/graduate/ CMSC691A/ Spring04/papers/nailabs_report_00-010_final.pdf
[Cai2003] Liang C, et al, Building a highly available and intrusion tolerant database security and protection system. Journal of Zhejiang University SCIENCE, Vol. 4(3): 287-293, 2003.
[Camenisch2000] Camenisch J, Damgard I, Verifiable Encryption and Applications to Group Signatures and Signature Sharing. Technical Report RS-98-32, BRICS, Department of Computer Science, University of Aarhus, http://citeseer.ist.psu.edu/ camenisch99 verifiable.htm.
[Cerpa2004] Cerpa A, Estrin D. ASCENT: adaptive self-configuring sensor networks topologies. IEEE Transactions on Mobile Computing, 2004, 3(3):272-285.
[Chan2003] Chan H, Perrig A, Song D, Predistribution Schemes for Sensor Networks. Proceedings of the IEEE Security and Privacy Symposium. IEEE Computer Society Press, Los Alamos 2003. 197-213.
[Chen2005] Chen Y, Sang H, A Fault Tolerant Topology Control in Wireless Sensor Networks. ACS/IEEE International Conference on Computer Systems and Applications, Cairo, Egypt, January 2005.
[Cheung1997] Cheung S, An Efficient Message Authentication Scheme for Link State Routing. Proc.13th Annual Computer Security Applications Conference, San Diego, California, Dec. 1997.
[Cheung1999] Cheung S, An Intrusion Tolerance Approach for Protecting Network Infrastructures. Ph.D. Dissertation. University of California, Davis, Sep.1999.
[Cheung2003] Cheung S, Lindqvist U, Martin W. Modeling Multi-step Cyber Attacks for Scenario Recognition. DARPA Information Survivability Conference and Exposition. Washington, D.C. 2003.
[Chlamtac1999] Chlamtac I, Farago A. A new approach to the design and analysis of P2P mobile networks, ACM/Baltzer wireless networks. Vol.6(5): 149-156, 1999.
[Cornell] Cornell On-line Certification Authority. URL: http://www.cs.cornell.edu/home/ldzhou /coca.htm.
[Correia2001] Correia M, Verssimo P, Neves N. F., The Architecture of Secure Group Communication System Based on Intrusion Tolerance. The Proceedings of the International Workshop on Applied Reliable Group Communication, Phoenix, Arizona, Apr. 2001
[Cui2004] 崔竞松, 王丽娜, 张焕国, 傅建明. 一种并行容侵系统研究模型——RC 模型. 计算机学报. Vol.27(4):500-506, 2004.
[Cukier2001] Cukier, M., et al. Intrusion Tolerance Approaches in ITUA. Fast Abstract in Supplement of the 2001 International Conference on Dependable Systems and Networks. Goeteborg, Sweden, July 2001, B64-B65.
[Cukier2002] Cukier M, et al., Providing Intrusion Tolerance with ITUA. The 2002 International Conference on Dependable Systems and Networks, Washington, DC, USA, 2002.
[Cuppens2000] Cuppens F, Ortalo R. LAMBDA: A Language to Model a Database for Detection of Attacks. In Third International Workshop on the Recent Advances in Intrusion Detection, Toulouse, France, 2000.
[Cuppens2001] Cuppens F. Managing alerts in multi-intrusion detection environments. In 17th Annual Computer Security Applications Conference (ACSAC). New-Oreans, December 2001.
[Cuppens2002] Cuppens F, Miège A. Alert Correlation in a Cooperative Intrusion Detection Framework. In Proceedings of IEEE Symposium on Security and Privacy, Oakland, California, USA, 2002.
[Dain2001] Dain O, Cuningham R, Fusing a heterogeneous alert stream into scenarios. In Proceeding of the ACM Workshop on Data Mining for Security Applications. Lecture Notes in Computer Science. 2001, Vol. 2629: 1-13.
[Debar2001] Debar H and Wespi A. Aggregation and Correlation of Intrusion-Detection Alerts.The 4th International Symposium of Recent Advances in Intrusion Detection (RAID) 2001, Springer-Verlag Lecture Notes in Computer Science, October 2001.
[Deng2003] Deng J., Han R., Mishra S.. INSENS: Intrusion-Tolerant Routing in Wireless Sensor Networks. In. the 23rd IEEE International Conference on Distributed Computing Systems. Providence, RI. May 2003.
[Deswarte 1991] Deswarte Y, Blain L, et al, Intrusion Tolerance in Distributed Computing Systems. In Proceedings of the International Symposium on Security and Privacy. New York: IEEE Press. May 1991, 110-121.
[Dobson1986] Dobson J E, Randell B, Building Reliable Secure Computing Systems out of Unreliable Insecure Components. IEEE Symposium on Security and Privacy. Oakland, CA, USA, 1986, 187-193.
[Dousson1996] Dousson C, Alarm Driven Supervision for Telecommunication Networks: Online Chronicle Recognition, Annales des Telecommunications, Vol. 51(9):501-508.
[Dworkin2001] Dworkin, M.: NIST Special Publication 800-38A: Recommendation for Block Cipher Modes of Operation. http://csrc.nist.gov/publications/nistpubs/800- 38a/sp800-38a.pdf. 2001.
[Tseng2004] Tseng Y, Chang Y, Tseng P, Energy-efficient topology control for wireless ad hoc sensor networks. Journal of information science and engineering, Vol. 20(1): 27-37, 2004.
[Eschenauer2002] Eschenauer L, Gligor V D, A Key-Management Scheme for Distributed Sensor Networks. Proceedings of the Conference on Computer and Communications Security’02. Washington DC, 2002. 41-47.
[Fraga1985] Fraga J, Powell D, A Fault- and Intrusion- Tolerant File System. The 3rd International Conference on Computer Security. Dublin, Ireland. 1985, 203-218.
[Goseva2001]Goseva P, Wang F, etc, Characterizing Intrusion Tolerant Systems Using a State Transition Model. DARPA Information Survivability Conference and Exposition, 2001, vol. 2: 11-22.
[Guajardo2001] Guajardo J, Bluemel R, et al, Efficient Implementation of Elliptic Curve Cryptosystems on the TI MSP430x33x Family of Microcontrollers. Proceedings of the International Workshop on Practice and Theory in Public Key Cryptography ’01, Springer-Verlag, Berlin, Lecture Notes in Computer Science, Vol.1992: 365-382, 2001.
[Guo2004] Guo Y, Ma J. An Efficient and Secure Fault-tolerant Conference-Key Distribution Protocol. IEEE Transactions on Consumer Electronics. Vol. 50(2): 571-575, 2004.
[Guo2005] 郭渊博,容忍入侵的理论与方法及应用研究,西安电子科技大学博士学位论文,2005年 9 月。
[Heinzelman2002] Heinzelman W, Chandrakasan A, et al. An Application-specific Protocol Architecture for Wireless Micro-sensor Network. IEEE Trans on Wireless Communication. Vol. 1(4): 660-670, 2002.
[Huang2000] Huang Z, Lu X, Wang H, A Diversified Dynamic Redundancy Method Exploiting the Intrusion Tolerance, Third Information Survivability Workshop, Boston, Massachusetts Oct. 2000,
[Huang2003] Huang J, Mishra S, A Highly Scalable and Efficient Key Distribution Protocol for Large Group Multicast. 23rd IEEE International Conference on Distributed Computing Systems(IEEE GLOBECOM2003). San Francisco, CA, May 2003.
[Huang2004]黄遵国,卢锡城,胡华平,生存能力技术及其实现案例研究,通信学报,Vol.25(7):137-145, 2004.
[Ian2004] Ian Welch, John Wame, Peter Ryan, et al, Architectural Analysis of MAFTIA’s Intrusion Tolerance Capabilities, International Conference on Dependable Systems and Networks, 2004, 453-461.
[Jia2005] Jia Xiaohua, Kim Dongsoo, et al. Power Assignment for k-Connectivity in Wireless Ad Hoc Networks. In 24th Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM 2005), Miami, Florida, USA, 2005.
[Jin2002] 荆继武, 冯登国, 一种入侵容忍的 CA 方案, 软件学报, Vol.13(8):1417-1422, 2002.
[Jing2003] Jing, J., et al. ARECA: a highly attack resilient certification authority. ACM workshop on Survivable and self-regenerative systems. 2003, 53-63.
[Julisch2001] Julisch K, Mining Alarm Clusters to Improve Alarm Handling Efficiency, 17th Annual Computer Security Applications Conference (ACSAC'01), December 2001, 12-21.
[Karlof2003] Karlof C, Wanger D, Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures, 1st IEEE International Workshop on Sensor Network Protocol and Applications, 2003, 293-315.
[Koberstein2004] Koberstein J, Reuter F, Luttenberger N, The XCast Approach for Contentbased Flooding Control in Distributed Virtual Shared Information Spaces: Design and Evaluation. Proceedings of the 1st European Workshop on Wireless Sensor Networks (LNCS 2920), Springer-Verlag, Berlin 2004, 188-203.
[Kolchin1978] Kolchin V, Sevastanov B, et al. Random Allocation. Winston and Sons Press, Washington DC, 1987.
[Kubisch2003] Kubisch M., Karl H., and Wolisz A, Distributed algorithms for transmission power control in wireless sensor networks, In Proc. IEEE Wireless Communications and Networking Conference (WCNC'03), New York,USA , March 2003, 558-563.
[Kursawe2002] Kursawe. K. Asynchronous Byzantine group communication. 21st IEEE Symposium on Reliable Distributed Systems, Osaka, Japan, 2002. 352- 357.
[Lee2005] Lee Hwajung, SEEMLESS: Distributed Algorithm for Topology Control of Survivable Energy Efficient Multihop Wireless Sensor Networks Using Adjustable Transmission Power. Proc. 6th International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD2005), Baltimore, Maryland, May 2005.
[Li2004] 李家春, 李之棠. 分布式入侵告警关联分析. 计算机研究与发展. Vol.41 (11): 1919-1923, 2004.
[LiL2001] Li L, Joseph Y, et al. Analysis of A Cone-based Distributed Topology Control Algorithm for Wireless Multi-hop Networks, Proceedings of the 20th annual ACM symposium on Principles of distributed computing, Auguest. 2001, 264-273.
[LiN2003] Li N, Hou J, et al. Design and analysis of an MST-based topology control algorithm. IEEE INFOCOM2003, Franciso,USA, 2003, 1702-1712.
[LiN2004] Li N, Hou J, FLSS: A Fault-Tolerant Topology Control Algorithm for Wireless Networks. Proceedings of the 10th annual international conference on Mobile computing and networking, September, New york, USA, ACM press, 275-286, 2004.
[Ling2005] 林闯,彭雪海, 可信网络研究,计算机学报, Vol.28 (5): 751-758, 2005.
[Liu2001CSFW] Liu, P., Jajodia, S. Multi-Phase Damage Confinement in Database Systems for Intrusion Tolerance. Proc. 14th IEEE Computer Security Foundations Workshop (CSFW'01). June 2001, 191-205.
[Liu2001DAIS] Liu, P. DAIS: A Real-Time Data Attack Isolation System for Commercial Database Applications. Proc. 17th Annual Computer Security Applications Conference (ACSAC'01). Dec 2001, 219-229.
[Liu2001DBSEC] Liu P, Hao X, Efficient Damage Assessment and Repair in Resilient Distributed Database Systems. Proc. 15th IFIP WG 11.3 Working Conference on Data and Applications Security (DBSEC'01). Niagara, Ontario, Canada, July 2001.
[Liu2002] Liu P, et al, Engineering a Distributed Intrusion Tolerant Database System. DARPA OASIS Final Technical Report, 2002.
[Liu2002ACSAC] Liu P, et al. Architectures for Intrusion Tolerant Database Systems. Proc. 18th Annual Computer Security Applications Conference (ACSAC '02), 2002, 311-320.
[Liu2002DBSEC] Liu P, Wang Y, The Design and Implementation of a Multiphase Database Damage Confinement System. Proc. 16th IFIP Working Conf. on Data and Applications Security (DBSEC'02), July 2002.
[Liu2004] Liu, P., et al, The Design and Implementation of a Self-Healing Database System. Journal of Intelligent Information Systems, 23(3): 247-269, 2004.
[LiuD2003] Liu, D., and Ning, P.: Establishing Pairwise Keys in Distributed Sensor Networks. Proceedings of the Conference on Computer and Communications Security ’03. ACM Press, Washington DC 2003, 52-61.
[LiuP2003] Liu, P. Architectures for Intrusion Tolerant Database Systems. Chapter of Foundations of Intrusion Tolerant Systems. IEEE Computer Society Press, 2003: 3-13.
[LiX2003] Li Xiang-yang, Wan Peng-jun, et al. Fault Tolerant Deployment and Topology Control in Wireless Networks. Proc. 4th ACM Intl. Symp. on Mobile Ad Hoc Networking and Computing (MobiHoc03), Annapolis, MD, 2003.
[Luenam2001] Luenam P, Liu P, ODAR: An On-the-fly Damage Assessment and Repair System for Commercial Database Applications. in 2001. Proc. 15th IFIP WG 11.3 Working Conference on Data and Application Security (DBSEC'01), Niagara, Ontario, Canada, July 2001.
[Luenam2002] Luenam, P. and Liu P, The Design of an Adaptive Intrusion Tolerant Database System. Proc. IEEE Workshop on Intrusion Tolerant Systems (ITS '02), June 2002.
[Madan2004] Madan B., et al, A method for modeling and quantifying the security attributes of intrusion tolerant systems. Performance Evaluation, 56(1-4): 167-186, 2004.
[Malkin1999] Malkin M., Wu T., and Boneh D, Experimenting with Shared Generation of RSA keys, Proceedings of the Internet Society's 1999 Symposium on Network and Distributed System Security (SNDSS), Springer Press, California, 1999, 43-56
[Malkin2000] Malkin T, M. Wu, T. Boneh, D. Building intrusion tolerant applications. DARPA Information Survivability Conference and Exposition, Hilton Head, SC, 2000.
[Marsh2004] Marsh, M.A. and Schneider F.B., CODEX: A Robust and Secure Secret Distribution System. IEEE Transactions on Dependable and Secure Computing, 1(1): p. 34-47, 2004.
[Meester1996] Meester R and Roy R, Continuum Percolation, Cambridge University Press, MA, 1996.
[Michael2004] Michael A et al, CODEX: A Robust and Secure Secret Distribution System. IEEE Transactions on Dependable and Secure Computing, 1(1): 34-47, 2004.
[Morin2003] Morin B, Debar H. Correlation of Intrusion Symptoms: an Application of Chronicles. 6th International Conference on Recent Advances in Intrusion Detection (RAID'03). Pittsburgh, USA. Sept 2003.
[Narayanaswamy2002] S Narayanaswamy, V Kawadia, R. S. Sreenivas and P. R. Kumar. Power Control in Ad-hoc Networks: Theory, architecture, algorithm and implementation of the COMPOW protocol. In Proc. European Wireles Networkss, Florence, Italy, February 2002, 156-162.
[Ning2002] Ning P, Cui Y, et al. Constructing Attack Scenarios through Correlation of Intrusion Alerts, Proceedings of the 9th ACM Conference on Computer& Communications Security, Washington D. C., 2002.
[Ning2004] Ning P, Cui Y, et al.Techniques and Tools for Analyzing Intrusion Alerts. ACM Transactions on Information and System Security, Vol.7 (2) 274-318, 2004.
[Pal2000] Pal P., et al. Intrusion Tolerant Systems. Proceedings of the IEEE Information Survivability Workshop (ISW-2000). Boston, Massachusetts, October 2000.
[Pal2001] Pal P., et al. Survival by Defense-Enabling. Proceedings of the New Security Paradigms Workshop. Cloudcroft, New Mexico. September 2001, 71-78.
[Pan2005] Pan D, et al, A Non-Interactive Protocol for Member Expansion in a Secret Sharing Scheme. Journal of Software, 16(1): 116-120, 2005.
[Paulo2003] Paulo E V, et al. Intrusion-Tolerant Architectures: Concepts and Design. Lecture Notes in Computer Science. Vol. 2677: 90-109, 2003.
[Peng2005a] Peng. Wen-ling, and Wang Li-na, Building Intrusion Tolerant Software System. Wuhan University Journal of Natural Science, Vol. 14 (1): 47-50, 2005.
[Peng2005b] 彭文灵, 王丽娜, 张焕国等,基于角色访问控制的入侵容忍机制研究. 电子学报, 33(1):91-95, 2005.
[Penrose1999] Penrose M, On k-connectivity for a geometric graph, Random Structures and Algorithms, Vol. 15( 2):145-164, 1999.
[Perrig2001] Perrig A, Szewczyk R, et al, SPINS: Security Protocols for Sensor Networks. In: Proceedings of the 7th International Conference on mobile Computing and Networks. ACM Press, Washington DC 2001, 189 –199.
[Qin2004] Qin Xinzhou, Lee Wenke, Attack Plan Recognition and Prediction Using Causal Networks, Proceeding of 20th Annual Security Application Conference (ACSAC’04), Tucson, Arizona, 2004, 370-379.
[Ramasamy2002] Ramasamy, H.V., et al. Quantifying the Cost of Providing Intrusion Tolerance in Group Communication Systems. Proceedings of the 2002 International Conference on Dependable Systems and Networks (DSN-2002). Washington, DC, June 2002.
[Ramasubramanian2004] Ramasubramanian P, Kannan A, Quickprop Neural Network Short-Term Forecasting Framework for a Database Intrusion Prediction System. Lecture Notes in Computer Science (ICAISC 2004): 847-852.
[Rubel2001] Rubel P, et al. Assessing Adaptation in the Context of Security and Survivability. First Workshop on Information-Security-System Rating and Ranking (ISSRR). Williamsburg, VA. May 2001.
[Sanders2002] Sanders, W.H., et al. Probabilistic Validation of Intrusion Tolerance. The International Conference on Dependable Systems and Networks. Bethesda, Maryland June 2002.
[Santi2004] Santi P. Silence is golden with high probability: Maintaining a connected backbone in wireless sensor network. 1st European Workshop on Wireless Sensor Networks, Berlin, January 2004.
[Santi2005] Paolo Santi, Topology Control in Wireless Ad Hoc and Sensor Networks. ACM Comp. Surveys, Vol. 37(2):164-194, 2005.
[Schurgers2002] C Schurgers, V Tsiatsis, M Srivastava. STEM: Topology management for energy efficient sensor networks. Proc of IEEE Aerospace Conference. Big Sky, MT, 2002. 78-79.
[Singh2003] Singh, S., M. Cukier, and W. Sanders. Probabilistic validation of an intrusion tolerant replication system. International Conference on Dependable Systems and Networks. San Francisco, CA, June 2003.
[Smirnov2004] Smirnov, A. and T.-c. Chiueh. A Portable Implementation Framework for Intrusion-Resilient Database Management Systems. International Conference on Dependable Systems and Networks. Florence, Italy. July 2004.
[Sohrahi2004] SOHRABI K, MERRILL W, ELSON J, et al. Scalable self-assembly for Ad hoc wireless sensor networks, IEEE Transactions on Mobile Computing.Vol. 3(4): 317-331, 2004.
[Solinas1999] Solinas, J.A.: Generalized Mersenne Numbers. Technical Report CORR-9939, Dept of C&O, University of Waterloo, Canada, 1999.
[Staniford2002] Staniford S, Hoagland J, and Alerney J M. Practical automated detection of stealthy portscans, Journal of Computer Security, 2002.
[Steven2001] Steven J. Templeton, Karl L. A Requires/Provides Model for Computer Attacks. Proceedings of the 2000 workshop on New security paradigms. Ballycotton, Ireland. 2001.
[Templeton2000] Templeton S, Levit K. A requires/provides model for computer attacks. In Proceeding of New Security Paradigms Workshop, Ballycotton, County Cork, Ireland. 2000.
[Undercoffer2003] Undercoffer J, Pinkston J. Modeling Computer Attacks: A Target-Centric Ontology for Intrusion Detection. The Sixth International Symposium on Recent Advances in Intrusion Detection, Pittsburgh, PA, USA 2003.
[Upalli2002] Upalli, R. and Wang F.. Design and Implementation of Ballot Voting for Intrusion Tolerant Systems. International Conference on Dependable Systems and Networks. Washington D.C.June 2002.
[Valdes] Valdes A., Simulation Analysis of a National Intrusion Tolerant System. www.sdl.sri. com/ users/ valdes/ sim_model.pdf, 2003.
[Valdes2001] Valdes A and Skinner K. Probabilistic Alert Correlation. In Proceedings of the 4th International Symposium, Recent Advances in Intrusion Detection (RAID2001), Springer-Verlag, Lecture Notes in Computer Science. Vol.2218: 54-68.
[Verissimo2006] Verissimo P, Neves N, et al, Intrusion-Tolerant Middleware: The Road to Automatic Security”, IEEE Security and Privicy, Vol. 4(4):54-62, August 2006.
[Wan2004] Wan Peng-jun, Yi Chih-wei, Asymptotic Critical Transmission Range for Connectivity in Wireless Ad Hoc Networks with Bernouli Nodes. Proceedings of the 5th ACM international symposium on Mobile ad hoc networking and computing (MOBIHOC 2004), Tokyo, Japan, 2004.
[Wang2001]王宏,可验证秘密共享及门限密码体制研究.西安电子科技大学博士学位论文,2001年 5 月
[Wang2004] Wang C, Ma J. Availability Analysis and Comparison of Different Intrusion-Tolerant systems. Lecture Notes in Computer Science. 2004, vol.3309: 161-166.
[Wang2004] Wang L, Ma J, Zhan Y. Enhancing the content of the intrusion alerts using logic correlation. Lecture Notes in Computer Science. 2004, Vol. 3309:137-142.
[Wang2006] 王超, 可生存网络系统的理论与关键技术研究,西安电子科技大学博士学位论文,2006 年 6 月。
[WangF2003] Wang F, Upalli R. Killian C. Analysis of Intrusion Tolerant Techniques for Distributed Server Systems. MILCOM 2003. Boston, MA, 2003.
[WangFY2003] Wang F, Jou F, et al. SITAR: A Scalable Intrusion Tolerance Architecture for Distributed Services-a Technology Summary. Proceedings of DARPA Information Survivability Conference and Exposition, 2003, Vol.2:153-155.
[WangL2005] Wang L, Liu A, Jajodia S, An Efficient and Unified Approach to Correlating, Hypothesizing, and Predicting Intrusion Alerts, ESORICS2005, Lecture Notes in Computer S cience, Vol.3679: 247-266, 2005.
[WangR2003] Wang R, Wang F. et al, Design and Implementation of Acceptance Monitor for Building Intrusion Tolerant Systems. Software - Practice and Experience, Vol.33: 1399–1417, 2003.
[WangX2003] Wang, X., M.H. Hossain, and H. Lin. An Intrusion-Tolerant Password Authentication System. Proceedings of the 19th Annual Computer Security Applications Conference. December, 2003, 110-118.
[Wong2002] Wong T, Wang C, and Wing J. Verifiable Secret Redistribution for Archive Systems. Proceedings of the First International IEEE Security in Storage Workshop. December 2002, 94-106.
[Wu1999] Wu, T., M. Malkin, and D. Boneh. Building Intrusion Tolerant Applications. Proceedings of the 8th USENIX Security Symposium, USA, USENIX Association. August, 1999, 79-91.
[Wu2004] 吴晓东, 陈纯. 基于多项式分享的分布式认证方案. 浙江大学学报(工学版), Vol. 38(11): 1446-1450. 2004.
[XuY2001] Xu Y, Heidemann J, and Estrin D. Geography-informed Energy conservation for ad hoc routing. Proceedings of the Seventh Annual ACM/IEEE International Conference on Mobile Computing and Networking(MobiCOM2001), Rome, Italy, July 2001
[XuY2003] Ya Xu, Solomon Bien, Yutaka Mori, et al. Topology Control Protocols to Conserve Energy in Wireless Ad Hoc Networks. Center for Embedded Networked Computing, Technical Report 0006, University of California. January 2003.
[Younis2004] Younis O, Fahmy S. HEED: A Hybrid, Energy-Efficient, Distributed Clustering Approach for Ad Hoc Sensor Networks. IEEE Transactions on Mobile Computing, vol3(4): 366-379, 2004.
[Ye2002] Ye W, et al. An energy-efficient MAC protocol for wireless sensor networks Proc of the 21st International Annual Joint Conference (Infocom2002), IEEE Computer and Communications Societies, New York, 2002.
[Yu2003] Yu, M., P. Liu, and W. Zhang. Intrusion Masking for Distributed Atomic Operations. in Proc. 18th IFIP International Information Security Conference (SEC'03). IEEE Press, May 2003, 229-240.
[Yu2005] 俞艳苹, 郭渊博,马建峰, 基于自适应大数表决机制的容忍入侵模型. 系统工程与电子技术, Vol.27 (6 ):1098-1101, 2005.
[Zakiuddin2000] Zakiuddin I., Malvern D., etc. Formal Verification for Survivable Key Management Systems, Third Information Survivability Workshop (ISW-2000), Boston, Massachusetts Oct. 2000. Available at http://www.cert.org/research/isw/isw2000/index.html.
[Zhang2001] 张福泰,可验证秘密分享及其应用研究.西安电子科技大学博士学位论文,2001年 10 月
[Zhang2004] 张险峰, 张峰,秦志光, 一个基于门限 ECC 的解密方案及其应用. 计算机科学, 31(8): 64-67. 2004.
[Zhou1999] Zhou L, Haas Z. J., Securing Ad Hoc Networks. IEEE Networks Special Issue on Network Security. Vol. 2(3): 28-39, 1999.
[Zhou2002] Zhou L, Schneider F.B., et al., COCA: A Secure Distributed On-line Certification Authority. ACM Transactions on Computer Systems, Vol.20(4): 329-368. 2002.
[Zhu2003] Zhu S, et al, LEAP: Efficient Security Mechanisms for Large-Scale Distributed Sensor Networks. Proceedings of the Conference on Computer and Communications Security ’03. ACM Press, Washington DC, 2003. 62-72.
[Zhu2004a] 朱建明, 无线网络安全方法与技术研究, 西安电子科技大学博士论文,2004 年 12月。
[Zhu2004b]朱建明, 郭渊博, and 马建峰, 一种可生存的数据库安全结构设计与实现. 计算机科学, 2004(9A):143-148.
[ZhouL] Zhou L, Schneider F.et al, Proactive secret sharing for asynchronous systems. ACM Transactions on Information and System Security (TISSEC), Vol. 8(3): 259-286, 2005.