Title :
Towards a trusted immutable kernel extension (TIKE) for self-healing systems: a virtual machine approach
Author :
Grizzard, Julian B. ; Dodson, E.R. ; Conti, Gregory J. ; Levine, John G. ; Owen, Henry L.
Author_Institution :
Georgia Inst. of Technol., Atlanta, GA, USA
Abstract :
The conventional method to restore a compromised system is to wipe the system clean, install from known good media, and patch with the latest updates: a costly, restrictive, and inefficient method. An alternative method is to monitor the host and restore trust if a compromise occurs. When this method is automated, the system is said to be self-healing. One critical requirement of a self-healing system is that the self-healing mechanism itself must not be compromised. Our solution to this requirement is a trusted immutable kernel extension (TIKE) by way of a virtual machine. Using a host operating system as a trusted platform, we discuss a self-healing system that uses existing intrusion detection systems and corresponding self-healing mechanisms to automatically heal the guest operating system once a compromise has occurred.
Keywords :
authorisation; operating system kernels; system recovery; virtual machines; host operating system; intrusion detection system; self-healing system; trusted immutable kernel extension; virtual machine approach; Application software; Computer architecture; Computer networks; Humans; Immune system; Intrusion detection; Kernel; Monitoring; Operating systems; Virtual machining;
Conference_Titel :
Information Assurance Workshop, 2004. Proceedings from the Fifth Annual IEEE SMC
Print_ISBN :
0-7803-8572-1
DOI :
10.1109/IAW.2004.1437855
