Title :
Intrusion tolerance via network layer controls
Author :
O´Brien, Dick ; Smith, Rick ; Kappel, Tammy ; Bitzer, Clint
Abstract :
Existing information systems\´ security measures are limited because even if a component failure due to an intrusion is detected, there are few mechanisms for effectively isolating the corrupt component. Attacks tend to spread unchecked, hopping from one host to another. The typical response, to turn off the corrupted service, results in denial of service that is often as damaging as the attack itself. This paper describes the approach taken on the Intrusion Tolerant Server Infrastructure (ITSI) program to develop concepts and underlying technology that can identify and isolate intrusions, prevent them from freely spreading, and continue to provide service to benign users while recovering from the intrusion. The distinguishing feature of the ITSI approach is the use of "smart NICs" to help identify intrusions, and, once an intrusion has been detected, to contain it and ensure that service is uninterrupted by providing a failover capability.
Keywords :
Internet; client-server systems; file servers; information systems; security of data; system recovery; Intrusion Tolerant Server Infrastructure program; component failure; failover; information system security measures; network layer controls; smart NIC; Availability; Computer crime; Computer networks; Control systems; Identity-based encryption; Intrusion detection; Network servers; Operating systems; Read only memory; Tellurium;
Conference_Titel :
DARPA Information Survivability Conference and Exposition, 2003. Proceedings
Print_ISBN :
0-7695-1897-4
DOI :
10.1109/DISCEX.2003.1194875
