Title :
Enhancing operating system resistance to information warfare
Author :
Hollingworth, Dennis ; Redmond, Timothy
Author_Institution :
NAI Labs., Network Associates, Los Angeles, CA, USA
Abstract :
A novel approach to defensive information warfare (DIW) is suggested that exploits the availability of low-cost symmetric multiprocessing systems and readily available COTS open source software. Pentium-based systems are now available at consumer prices in which dual-processor functionality can be acquired for a few hundred dollars. Coupled with COTS Linux OS software, such systems can be extended to provide novel capabilities in support of defensive information warfare. The resulting platform can support COTS application-level software through standard exported Linux APIs. The described dual processor system architecture can provide autonomous monitoring and control of application processing as well as functional separation of security critical components. One processor, the oversight processor, is dedicated to monitoring, evaluating, and controlling aspects of the behavior of the other processor, the application processor. By executing in parallel with the application processor, the oversight processor can fulfil its monitoring and control responsibilities in real time, transparent to application processing. This allows the oversight kernel to transform the system to a higher level of readiness in real time, utilizing a variety of techniques described in the paper. The described architecture reestablishes the OS as an integral component of defensive information warfare. It supports run-time, kernel-level adjustment to abnormal activity to allow the system to alter its INFOCON level as external alerts are received or an attack is detected. It provides a flexible and comprehensive approach to operating-system-based intrusion detection and response that can dynamically adjust to changing circumstances in the information warfare landscape
Keywords :
Unix; application program interfaces; computer crime; computer viruses; multiprocessing systems; real-time systems; system monitoring; COTS Linux OS software; COTS application-level software; COTS open source software; DIW; INFOCON level; Pentium based systems; abnormal activity; application processing; application processor; autonomous monitoring; defensive information warfare; dual processor system architecture; dual-processor functionality; external alerts; information warfare landscape; low-cost symmetric multiprocessing systems; operating system resistance; operating-system-based intrusion detection; oversight processor; real time; run-time kernel-level adjustment; security critical components; standard exported Linux APIs; Computer architecture; Control systems; Linux; Monitoring; Multiprocessing systems; Open source software; Operating systems; Process control; Software standards; Software systems;
Conference_Titel :
MILCOM 2000. 21st Century Military Communications Conference Proceedings
Conference_Location :
Los Angeles, CA
Print_ISBN :
0-7803-6521-6
DOI :
10.1109/MILCOM.2000.904088