Abstract
In traditional dependable software design technologies, it has been assumed implicitly that the software was used in disconnection form to computer networks and that their main purpose was to contain effects of system failures in the operational phase, caused by the remaining faults in the software. Then the fault tolerant design technology based on the principle of redundancy still plays a central role in realization of highly dependable systems. On the other hand, the use of computer networks has been undergoing dramatic growth in scale, variety and coverage, and has given rise to an increasing number of vulnerabilities and malicious threats. As the result, software systems connected to networks may be often exposed to the risk by malicious attacks, and many security failures may occur in practice. The classical security-related work to prevent security risk has privileged intrusion detection and intrusion tolerance. In this tutorial article, we focus on the intrusion tolerant technique, which is inspired from the traditional software fault tolerant technique, and introduce the quantitative evaluation methods of system security, based on stochastic modeling.
