New intrusion tolerance software fortifies server secrurity

June 16, 2008

In spite of increased focus and large investments in computer security, critical infrastructure systems remain vulnerable to attacks, says Arun Sood, professor of computer science at George Mason University. The increasing sophistication and incessant morphing of cyber-attacks lend importance to the concept of intrusion tolerance: a system must fend off, or at least limit, the damage caused by unknown and/or undetected attacks.

"The problem is that no matter how much investment is made in intrusion prevention and detection, intruders will still manage to break through and trespass on computer servers," says Sood. "By looking at this problem from a different angle, we developed a way to contain the losses that may occur because of an intrusion."

Sood, who is the director of the Laboratory of Interdisciplinary Computer Science at Mason, along with Yin Huang, senior research scientist in the Center for Secure Information Systems at Mason, created the Self Cleansing Intrusion Tolerance (SCIT) technology to provide an additional layer of defense to security architecture with firewalls and intrusion prevention and detection systems. While typical approaches to computer security are reactive and require prior knowledge of all attack modalities and software vulnerabilities, intrusion tolerance is a proactive approach to security.

In the SCIT approach, a server that has been online is assumed to have been compromised. SCIT servers are focused on limiting the losses that can occur because of an external intrusion, and achieve this goal by limiting the exposure time of the server to the Internet. Exposure time is defined as. the duration of time that a server is continuously connected to the Internet. Through the use of virtualization technology, duplicate servers are created and an online server is periodically cleansed and restored to a known clean state, regardless of whether an intrusion has been detected. These regular cleansings take place in sub-minute intervals.

"This approach of regular cleansings, when coupled with existing intrusion prevention and detection systems, leads to increased overall security," says Sood. "We know that intrusion detection systems can detect sudden increases in data throughput from a server, so to avoid detection, hackers steal data at low rates. SCIT interrupts the flow of data regularly and automatically, and the data ex-filtration process is interrupted every cleansing cycle. Thus, SCIT, in partnership with intrusion detection systems, limits the volume of data that can be stolen."

By reducing exposure time, SCIT provides an additional level of protection while efforts are ongoing to find and fix vulnerabilities and correct configuration errors.

Source: George Mason University


print this article email this article download pdf blog this article bookmark this article     Stumble it Digg this share on Facebook retweet share on Reddit add to delicious
Rate this story - 4.7 /5 (7 votes)

Rank Filter

Move the slider to adjust rank threshold, so that you can hide some of the comments.


Display comments: newest first

  • superhuman - Jun 17, 2008
    • Rank: not rated yet
    How are legitimate users supposed to do anything on a server that resets every minute?
  • ITGal - Jun 17, 2008
    • Rank: not rated yet
    The SCIT software uses virtualization technology so that the user never notices a disruption in service, only the person hacking the server gets cut off.

June 16, 2008 all stories

Comments: 2

4.7 /5 (7 votes)
  • Stumble this up

  • Digg this

  • share this

  • hide

  • Related Stories




  • hide

  • Relevant PhysicsForums posts

  • Sixth sense technology
    created Nov 26, 2009
  • kindle e-reader and scientific papers
    created Nov 24, 2009
  • Help with a camera choice
    created Nov 18, 2009
  • casio calculator that's similar to TI-89
    created Nov 08, 2009
  • More from Physics Forums - Computing & Technology

Other News

Government delays new ban on Internet gambling

Technology / Internet

created 12 hours ago | popularity 3 / 5 (2) | comments 0

(AP) -- The Treasury Department and the Federal Reserve are giving U.S. financial institutions an additional six months to comply with regulations designed to ban Internet gambling.


Fujitsu Develops Technology for Low-Temperature Full-Service Direct Formation of Graphene Transistors on Large-Scale Substrates

Fujitsu Develops Technology for Low-Temperature Full-Service Direct Formation of Graphene Transistors on Large-Scale Sub

Technology / Semiconductors

created 13 hours ago | popularity 5 / 5 (5) | comments 1

Fujitsu Laboratories today announced, as a world first, the development of a novel technology for forming graphene transistors directly on the entire surface of large-scale insulating substrates at low temperatures ...


Teachers begin using cell phones for class lessons

Technology / Hi Tech

created 9 hours ago | popularity 3 / 5 (1) | comments 0

(AP) -- Ariana Leonard's high school students shuffled in their seats, eagerly awaiting a cue from their Spanish teacher that the assignment would begin. "Take out your cell phones," she said in Spanish.


Semantic research sets world standards

Semantic research sets world standards

Technology / Computer Sciences

created 19 hours ago | popularity 3.3 / 5 (3) | comments 1

(PhysOrg.com) -- European researchers have created new tools for semantic technology development which are helping to set the next generation of official standards. The tools also unblock some key bottlenecks ...


Signal fading on radio traffic reports

Technology / Other

created 11 hours ago | popularity not rated yet | comments 1

(AP) -- For more than 20 years, Mike Nolan was known to radio listeners as the "eye in the sky." He flew over Southern California freeways in his single-engine plane, reporting on the nation's worst traffic.




PhysOrg Account
advanced search
  • follow with twitter
  • follow on facebook
  • read with kindle
  • customize RSS
  • physorg mobile
  • newsletter