Incorruptible system self-cleansing for intrusion tolerance

Author

Huang, Yih ; Arsenault, David ; Sood, Arun

Author_Institution

Dept. of Comput. Sci., George Mason Univ., Fairfax, VA

fYear

2006

fDate

10-12 April 2006

Lastpage

496

Abstract

Despite the increased focus on security, critical information systems remain vulnerable to cyber attacks. The problem stems in large part from the constant innovation and evolution of attack techniques. The trend leads importance to the concept of intrusion tolerance a critical system must fend off or at least limit the damage caused by unknown and/or undetected attacks. In prior work, we developed a self-cleansing intrusion tolerance (SCIT) architecture that achieves the above goal by constantly cleansing the servers and rotating the rule of individual servers. In this paper, we show that, with simple hardware enhancements strategically placed in a SCIT system, incorruptible intrusion containment can be realized. We then present an incorruptible SCIT design for use by one of the most critical infrastructures of the Internet, the domain name services. It is our belief that incorruptible intrusion containment as presented here constitutes a new, effective layer of system defense for critical information system

Keywords

Internet; network servers; security of data; telecommunication security; Internet; SCIT system; critical information system; cyber attack; domain name service; incorruptible intrusion containment; network server; self-cleansing intrusion tolerance architecture; Computer science; Face detection; Hardware; Information systems; Intrusion detection; Switches; Web server;

fLanguage

English

Publisher

ieee

Conference_Titel

Performance, Computing, and Communications Conference, 2006. IPCCC 2006. 25th IEEE International

Conference_Location

Phoenix, AZ

Print_ISBN

1-4244-0198-4

Type

conf

DOI

10.1109/.2006.1629444

Filename

1629444