【正文】 n distributed systems in accessing and processing critical services and mission, the availability of information and continuity of services are being more important. Therefore the importance of implementing systems that continue to function in the presence of security breaches cannot be overemphasized. One of the solutions to provide the availability and continuity of information system applications is introducing an intrusion tolerance system. Security mechanism and adaptation mechanism can ensure intrusion tolerance by protecting the application from accidental or malicious changes to the system and by adapting the application to the changing conditions. In this paper we propose an intrusion tolerance model that improves the developmental structure while assuring security level. We also design and implement an adaptive intrusion tolerance system to verify the efficiency of our model by integrating proper functions extracted from CORBA security modules.1. IntroductionMost of distributed system has both a vulnerability in availability in service and obstacle of service by traffic of network.[1] Our society depends on the network employing distributed system and is faced with vulnerability such as medical system, banking system and national defense. The stop of service by vulnerability makes a disorder. We have to solve the critical problem.[2] The proposed system to solve the problem by vulnerability which effects the stop of service is intrusion tolerance system. The defect tolerance system has a concern the relation both system and accidental defect of software. The intrusion tolerance system has an interest in not only accidental defect but also defect by intentional operation.[3] The intrusion tolerance system prevent degradation of service quality through proper correspondence until we find a solution to solve accidental or intentional attack. The goal of this system supports the persistence of service for a long time. The intrusion tolerance can be supported through security mechanism and adaptive mechanism.[4,5] The application using security mechanism has a vulnerability in cyber attack. In contrary to this application, application with adaptive mechanism can survive a system for a short time. Therefore the application with intrusion tolerance function realizes using security mechanism and adaptive mechanism.Security mechanism such access control and cryptography can strengthen intrusion tolerance function by protecting accidental or intentional attack. Adaptive mechanism using bandwidth management or redundancy management can support intrusion tolerance function by adapting a change of system state. In this paper, we have implemented intrusion tolerance system by separating application function using a variety of security mechanism and adaptive mechanism in middle ware. The proposed paper is as follows. We proposed intrusion tolerance security model for e Commerce system by analyzing security model and distributed object model of CORBA in section 2. Section 3 described the intrusion tolerance application for eCommerce system through the intrusion tolerance mechanism and strategy of implementation and extract the intrusion tolerance technology and implementation method. We have designed system analyses by intrusion tolerance security model and element technology and have confirmed the realization of application of intrusion tolerance using middleware type with developed intrusion tolerance module in Section 4. In section 5, the conclusion and issues are stated.2. Security Model of eCommerce System. Security Model for Distributed Object SystemThe software with distributed information system is posed of object that is connected with distributed in network. And object of client calls operation of object operating in remote to realized the function of application.[7]. The client object calls method of remote object such as local object. Object of proxy transfers remote method call to local ORB after marshaling. ORB transfers message call using IIOP message to remote ORB with servant object. Remote ORB transfers method call to skeleton operating unmarshaling and skeleton transfers message call to implemented object. The final results of operating method transfer the values by reverse. The distributed object model hides the plexity such as variety, patibility and heterogeneousness and shows the functional interface of ponent.CORBA distributed object system guarantees confidentiality of object, integrity and availability by using security mechanism based on policy in middleware. Security policy totally establishes group mechanism by using domain, privilege and usage authority. Security administrator involves object in domain and equally establishes security policy about group of objects. And security administrator executes usages the security policy on usage group by grouping with same privilege attributes. The method of object groups the methods by contributing same usage privilege and applies security policy on group. The distributed object security model is depicted in figure 1. Fig. 1. Security Model of Distributed Object System. Intrusion Tolerance Model of HACQIT SystemApplication systems that can sustain service against illegal intrusion or attacks by intruders with high levels of technique of penetrating the intrusion prevention system and intrusion detection system should be able to adjust to the change in status using the intrusion information from the security system and be able to switch into substitute servers or sites providing the same services.The intrusion tolerance system of HACQIT (Hierarchical Adaptive Control of Quality of service for Intrusion Tolerance), a US based DARPA project, is a representative security model that can easily be applied to the application systems. The HACQIT system is posed of the main server, duplicate server, firewall, controller and sandbox as shown in figure 2. User’s service request passes through the firew