Research And Design For Distribution Storage Of Intrusion Tolerance

With development of the internet, the network security protection system depended on the firewall and intruding detection technology can not avoid the Hack Intruding attack. So the new scheme is needed for the network security protection system and it can continue to provide the network services when the network is under attacks. Then the new approach (ITS) based on the grid error tolerance is proposed.Intrusion-tolerance is a new information security technology and research approach. Differeate with the traditional security approach focusing on the invalidity of the intrusion, the intrusion-tolerant can continue to provide the well or sub-well services and ensure the system security and completeness although some parts of the system are destroyed or controlled by the vicious attack.Based on the intrusion-tolerant principle, intrusion-tolerance related architecture and the distribution storage characteristic, we propose a new intrusion-tolerance storage scheme for the distribution system, which can encode and decode in the linear complexity time cost and escape the substantive storage required problem of the recent schemes, with a special type of erasure code (IDA code). At the same time , the new scheme can satisfy the Byzantine tolerance requirement of the distribution system in the vicious environment by employing the security designs, such as digital fingerprint based security IDA code storage design, symmetric cryptosystem and distribution threshold cryptosystem based distribution storage system security design, authorization for the reading and writing handle and authorization mechanism design and so on. And the new scheme has well balance in the system security and requirementand has better application value.