Building intrusion tolerant applications

Authors: T. Wu, M. Malkin, and D. Boneh

The ITTC project provides tools and an infrastructure for building intrusion tolerant applications. Rather than prevent intrusions or detect them after the fact, the ITTC system ensures that the compromise of a few system components does not compromise total system security. Our designs are intended to simplify the integration of ITTC into existing applications. We give examples of embedding ITTC into the Apache web server and into a Certification Authority (CA).

In proceedings of the 8th USENIX Security Symposium, pp. 79--91, 1999

Full paper: PostScript, PDF         [first posted 7/1999 ]

Related papers: See our related work on experimenting with distributed RSA key generation.
ITTC Project Home Page.