Title :
A Novel Intrusion-Tolerant Approach for Internet Access
Author :
Wen, Yan ; Zhao, Jinjing ; Wang, Huaimin
Author_Institution :
Nat. Univ. of Defense Technol., Changsha
Abstract :
Isolation execution is an effective mechanism that has been applied to protect the computers against the unknown attacks from the Internet. However, previous isolation solutions cannot achieve both the OS isolation and the reusage of existing software environment. In this paper, we present a new isolated execution approach called Aquarius for accessing the Internet safely. Besides fulfilling the OS isolation based on a hosted virtual machine (VM), Aquarius provides other two key features. One is that it can reuse the preinstalled software of the host OS. Another is that Aquarius faithfully reproduces the behavior of the Internet-accessing applications via providing transparent Internet accesses, as if they were directly connected to the Internet. Functional evaluation results illustrate the effectiveness of our approach, and performance evaluation results show that compute-intensive benchmarks run essentially at native speed on Aquarius VM, reaching 95.82-99.59% while network transmitting achieves 87.94% of the native network speed.
Keywords :
Internet; authorisation; network operating systems; telecommunication security; virtual machines; Aquarius virtual machine-based isolated execution environment; Internet access; OS isolation execution; intrusion-tolerant approach; Application software; Information processing; Internet; Intrusion detection; Isolation technology; Operating systems; Protection; Systems engineering and theory; Virtual machining; Virtual manufacturing; intrusion tolerant; local-booting technology; virtual machine;
Conference_Titel :
Information Processing (ISIP), 2008 International Symposiums on
Conference_Location :
Moscow
Print_ISBN :
978-0-7695-3151-9
DOI :
10.1109/ISIP.2008.28
