New intrusion tolerance software fortifies server secrurity

June 16, 2008

In spite of increased focus and large investments in computer security, critical infrastructure systems remain vulnerable to attacks, says Arun Sood, professor of computer science at George Mason University. The increasing sophistication and incessant morphing of cyber-attacks lend importance to the concept of intrusion tolerance: a system must fend off, or at least limit, the damage caused by unknown and/or undetected attacks.

"The problem is that no matter how much investment is made in intrusion prevention and detection, intruders will still manage to break through and trespass on computer servers," says Sood. "By looking at this problem from a different angle, we developed a way to contain the losses that may occur because of an intrusion."

Sood, who is the director of the Laboratory of Interdisciplinary Computer Science at Mason, along with Yin Huang, senior research scientist in the Center for Secure Information Systems at Mason, created the Self Cleansing Intrusion Tolerance (SCIT) technology to provide an additional layer of defense to security architecture with firewalls and intrusion prevention and detection systems. While typical approaches to computer security are reactive and require prior knowledge of all attack modalities and software vulnerabilities, intrusion tolerance is a proactive approach to security.

In the SCIT approach, a server that has been online is assumed to have been compromised. SCIT servers are focused on limiting the losses that can occur because of an external intrusion, and achieve this goal by limiting the exposure time of the server to the Internet. Exposure time is defined as. the duration of time that a server is continuously connected to the Internet. Through the use of virtualization technology, duplicate servers are created and an online server is periodically cleansed and restored to a known clean state, regardless of whether an intrusion has been detected. These regular cleansings take place in sub-minute intervals.

"This approach of regular cleansings, when coupled with existing intrusion prevention and detection systems, leads to increased overall security," says Sood. "We know that intrusion detection systems can detect sudden increases in data throughput from a server, so to avoid detection, hackers steal data at low rates. SCIT interrupts the flow of data regularly and automatically, and the data ex-filtration process is interrupted every cleansing cycle. Thus, SCIT, in partnership with intrusion detection systems, limits the volume of data that can be stolen."

By reducing exposure time, SCIT provides an additional level of protection while efforts are ongoing to find and fix vulnerabilities and correct configuration errors.

Source: George Mason University

Explore further: Three radical steps to derail doping in elite sport

Related Stories

Three radical steps to derail doping in elite sport

March 12, 2018

Elite British cycling outfit Team Sky "crossed an ethical line" by giving medicines to squad members which could be used to enhance performance, according to the new UK parliamentary committee report into doping in British ...

Dawn reveals recent changes in Ceres' surface

March 15, 2018

Observations of Ceres have detected recent variations in its surface, revealing that the only dwarf planet in the inner solar system is a dynamic body that continues to evolve and change.

Cyberattack against German government 'ongoing'

March 1, 2018

Germany's government IT network is suffering an "ongoing" cyberattack, the parliamentary committee on intelligence affairs said Thursday, without confirming a media report that Russian hackers were behind the assault.

How to protect your internet-of-things devices

December 20, 2017

Internet-connected devices are nearly ubiquitous, with computer circuitry now found in a variety of common appliances. They can include security cameras, DVRs, printers, cars, baby monitors, and refrigerators—even "smart" ...

Recommended for you

1 in 3 Michigan workers tested opened fake 'phishing' email

March 16, 2018

Michigan auditors who conducted a fake "phishing" attack on 5,000 randomly selected state employees said Friday that nearly one-third opened the email, a quarter clicked on the link and almost one-fifth entered their user ...

World's biggest battery in Australia to trump Musk's

March 16, 2018

British billionaire businessman Sanjeev Gupta will built the world's biggest battery in South Australia, officials said Friday, overtaking US star entrepreneur Elon Musk's project in the same state last year.

Origami-inspired self-locking foldable robotic arm

March 15, 2018

A research team of Seoul National University led by Professor Kyu-Jin Cho has developed an origami-inspired robotic arm that is foldable, self-assembling and also highly-rigid. (The researchers include Suk-Jun Kim, Dae-Young ...


Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet Jun 17, 2008
How are legitimate users supposed to do anything on a server that resets every minute?
not rated yet Jun 17, 2008
The SCIT software uses virtualization technology so that the user never notices a disruption in service, only the person hacking the server gets cut off.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.