Nowadays, virtualization has been widely used in the design of application systems. In this paper, we outline the characteristics of an intrusion tolerance system based on virtualization. The semi-Markov process of discrete time is used to model the system. The security of the system is analyzed and evaluated quantitatively from a number of perspectives such as time and space. Some new indicators are proposed to evaluate the security performance of the intrusion tolerance system more comprehensively and appropriately. We present the methods how to calculate the indicators. The simulation results showed that our methods are more accurate and comprehensive than the previous methods in describing the performance of such intrusion tolerance systems.