مرکز منطقه ای اطلاع رساني علوم و فناوري - SHELF: Preserving Business Continuity and Availability in an Intrusion Recovery System

DocumentCode :

3100840

Title :

SHELF: Preserving Business Continuity and Availability in an Intrusion Recovery System

Author :

Xiong, Xi ; Jia, Xiaoqi ; Liu, Peng

Author_Institution :

Dept. of Comput. Sci. & Eng., Pennsylvania State Univ., University Park, PA, USA

fYear :

2009

fDate :

7-11 Dec. 2009

Firstpage :

484

Lastpage :

493

Abstract :

Recovering from intrusions for a compromised computer system is a challenging job, especially for systems that run continuous services. Current intrusion recovery techniques often do not preserve the accumulated useful state of running applications and have very limited system availability when performing recovery routines. In this paper, we propose SHELF, an on-the-fly intrusion recovery prototype system that provides a comprehensive solution to preserve business continuity, availability and recovery accuracy. SHELF preserves accumulated clean states for infected applications and files so that they can continue with the most recent pre-infection states after recovery. Moreover, SHELF leverages OS-aware taint tracking techniques to swiftly determine the sources of intrusion and assess system-wide damages caused by the intrusion. SHELF uses quarantine methods to prevent infection propagation so that uninfected and recovered objects can provide availability during the recovery phase. We integrate SHELF prototype in a virtualization environment to achieve user transparency and protection. Our evaluation shows that SHELF can perform accurate recovery on-the-fly effectively with an acceptable performance overhead.

Keywords :

business continuity; operating systems (computers); security of data; OS-aware taint tracking techniques; SHELF; business continuity; computer system; continuous services; current intrusion recovery techniques; infection propagation; intrusion recovery system; on-the-fly intrusion recovery prototype system; quarantine methods; user transparency; Application software; Availability; Business continuity; Computer science; Computer security; Educational institutions; File systems; Information science; Prototypes; Virtual prototyping; availability; intrusion recovery; taint tracking; virtual machines;

fLanguage :

English

Publisher :

ieee

Conference_Titel :

Computer Security Applications Conference, 2009. ACSAC '09. Annual

Conference_Location :

Honolulu, HI

ISSN :

1063-9527

Print_ISBN :

978-0-7695-3919-5

Type :

conf

DOI :

10.1109/ACSAC.2009.52

Filename :

5380701

Link To Document :

https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=3100840