Enhancing operating system resistance to information warfare

A novel approach to defensive information warfare (DIW) is suggested that exploits the availability of low-cost symmetric multiprocessing systems and readily available COTS open source software. Pentium-based systems are now available at consumer prices in which dual-processor functionality can be acquired for a few hundred dollars. Coupled with COTS Linux OS software, such systems can be extended to provide novel capabilities in support of defensive information warfare. The resulting platform can support COTS application-level software through standard exported Linux APIs. The described dual processor system architecture can provide autonomous monitoring and control of application processing as well as functional separation of security critical components. One processor, the oversight processor, is dedicated to monitoring, evaluating, and controlling aspects of the behavior of the other processor, the application processor. By executing in parallel with the application processor, the oversight processor can fulfil its monitoring and control responsibilities in real time, transparent to application processing. This allows the oversight kernel to transform the system to a higher level of readiness in real time, utilizing a variety of techniques described in the paper. The described architecture reestablishes the OS as an integral component of defensive information warfare. It supports run-time, kernel-level adjustment to abnormal activity to allow the system to alter its INFOCON level as external alerts are received or an attack is detected. It provides a flexible and comprehensive approach to operating-system-based intrusion detection and response that can dynamically adjust to changing circumstances in the information warfare landscape