Abstract
Existing information systems? security measures are limited because even if a component failure due to an intrusion is detected, there are few mechanisms for effectively isolating the corrupt component. Attacks tend to spread unchecked, hopping from one host to another. The typical response, to turn off the corrupted service, results in denial of service that is often as damaging as the attack itself. This paper describes the approach taken on the Intrusion Tolerant Server Infrastructure (ITSI) program to develop concepts and underlying technology that can identify and isolate intrusions, prevent them from freely spreading, and continue to provide service to benign users while recovering from the intrusion. The distinguishing feature of the ITSI approach is the use of "smart NICs" to help identify intrusions, and, once an intrusion has been detected, to contain it and ensure that service is uninterrupted by providing a failover capability.