New intrusion tolerance software fortifies server secrurity

June 16, 2008

In spite of increased focus and large investments in computer security, critical infrastructure systems remain vulnerable to attacks, says Arun Sood, professor of computer science at George Mason University. The increasing sophistication and incessant morphing of cyber-attacks lend importance to the concept of intrusion tolerance: a system must fend off, or at least limit, the damage caused by unknown and/or undetected attacks.

"The problem is that no matter how much investment is made in intrusion prevention and detection, intruders will still manage to break through and trespass on computer servers," says Sood. "By looking at this problem from a different angle, we developed a way to contain the losses that may occur because of an intrusion."

Sood, who is the director of the Laboratory of Interdisciplinary Computer Science at Mason, along with Yin Huang, senior research scientist in the Center for Secure Information Systems at Mason, created the Self Cleansing Intrusion Tolerance (SCIT) technology to provide an additional layer of defense to security architecture with firewalls and intrusion prevention and detection systems. While typical approaches to computer security are reactive and require prior knowledge of all attack modalities and software vulnerabilities, intrusion tolerance is a proactive approach to security.

In the SCIT approach, a server that has been online is assumed to have been compromised. SCIT servers are focused on limiting the losses that can occur because of an external intrusion, and achieve this goal by limiting the exposure time of the server to the Internet. Exposure time is defined as. the duration of time that a server is continuously connected to the Internet. Through the use of virtualization technology, duplicate servers are created and an online server is periodically cleansed and restored to a known clean state, regardless of whether an intrusion has been detected. These regular cleansings take place in sub-minute intervals.

"This approach of regular cleansings, when coupled with existing intrusion prevention and detection systems, leads to increased overall security," says Sood. "We know that intrusion detection systems can detect sudden increases in data throughput from a server, so to avoid detection, hackers steal data at low rates. SCIT interrupts the flow of data regularly and automatically, and the data ex-filtration process is interrupted every cleansing cycle. Thus, SCIT, in partnership with intrusion detection systems, limits the volume of data that can be stolen."

By reducing exposure time, SCIT provides an additional level of protection while efforts are ongoing to find and fix vulnerabilities and correct configuration errors.

Source: George Mason University

Explore further: How drones are advancing scientific research

Related Stories

How drones are advancing scientific research

June 19, 2017

Drones, or unmanned aerial vehicles (UAVs), have been around since the early 1900s. Originally used for military operations, they became more widely used after about 2010 when electronic technology got smaller, cheaper and ...

New security procedures secure the intelligent factory

April 3, 2017

At the Hannover Messe from April 24 to 28, 2017, Fraunhofer researchers will present two new procedures for the protection of Industrie 4.0 production facilities (Hall 2, Booth C16/C22): here, a self-learning system recognizes ...

Designing sensors to detect foreign bodies in food

March 31, 2017

Researchers at the NUP/UPNA-Public University of Navarre and the Navarre-based company Anteral S.L. have designed a novel system of sensors to improve quality control in the food sector and based on terahertz technology. ...

Detecting walking speed with wireless signals

May 1, 2017

We've long known that breathing, blood pressure, body temperature and pulse provide an important window into the complexities of human health. But a growing body of research suggests that another vital sign - how fast you ...

Recommended for you

Ringing the changes: Dutch bike lock blocks rider's phone

June 21, 2017

A telecom company in the Netherlands has teamed up with the country's traffic safety authority to develop a bicycle lock that also blocks its mobile network, in a move aimed at protecting young riders who regularly pedal ...

2 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

superhuman
not rated yet Jun 17, 2008
How are legitimate users supposed to do anything on a server that resets every minute?
ITGal
not rated yet Jun 17, 2008
The SCIT software uses virtualization technology so that the user never notices a disruption in service, only the person hacking the server gets cut off.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.