Professor Computer Science and Co-Director International Cyber Center, George Mason University Biography: Dr. Arun Sood is Professor of Computer Science in the Department of Computer Science, and Co-Director of the International Cyber Center at George Mason University, Fairfax, VA. His research interests are in security architectures; image and multimedia computing; performance modeling and evaluation; simulation, modeling, and optimization. He and his team of faculty and students have developed a new approach to server security, called Self Cleansing Intrusion Tolerance (SCIT). We convert static servers into dynamic servers and reduce the exposure of the servers, while maintaining uninterrupted service. This research has been supported by US Army, NIST through the Critical Infrastructure Program, SUN, Lockheed Martin, Commonwealth of Virgina CTRF (in partnership with Northrop Grumman). Recently SCIT technology was winner of the Global Security Challenge (GSC) sponsored Securities Technologies for Tomorrow Challenge. Dr Sood leads a university spin-off called SCIT Labs Inc, which is commercializing SCIT technology under license from GMU. Since 2009 Dr. Sood has directed an annual workshop on Cyber Security and Global Affairs with Office of Naval Research support. The 2009 workshop was at Oxford, 2010 in Zurich and 2011 in Budapest. He was awarded grants by NATO to organize and direct advance study institutes in relational database machine architecture and active perception and robot vision. Dr. Sood has held academic positions at Wayne State University, Detroit, MI, Louisiana State University, Baton Rouge, and IIT, Delhi. His has been supported by the Office of Naval Research, NIMA (now NGA), National Science Foundation, U.S. Army Belvoir RD&E Center, U. S. Army TACOM, U.S. Department of Transportation, and private industry. Dr. Sood received the B.Tech degree from the Indian Institute of Technology (IIT), Delhi, in 1966, and the M.S. and Ph.D. degrees in Electrical Engineering from Carnegie Mellon University, Pittsburgh, PA, in 1967 and 1971, respectively. His research has resulted in more than 160 publications, 4 patents, 2 edited books. His resume including publications list is available at http://cs.gmu.edu/~asood. Abstract: SCIT: Using Moving Target Defense for Proactive Cyber Deterrence – Reducing Zero Days and APT Induced Losses Virtualization technology has provided IT managers a new approach to reduce systems costs. Adopting virtualization has lead to increases in the server utilization. The trend to cloud has had a dramatic impact in this regard. While stand-alone server average utilizations were in the 15 to 20 % range, the cloud average server utilization is more than 65%. This increased utilization results in fewer servers to achieve the enterprise mission. The capital and operations cost reductions are significant, and in some organizations have lead to Cloud – First strategies, which leads to the Cloud Computing strategy being a major part of IT infrastructure planning. These strategies lead to new business models for delivering compute cycles. The economic drivers of the virtualized environment, leads us to examine the security implications. If we rely exclusively on the current reactive systems, then the virtualized servers, or the cloud, are going to be no more secure than the existing systems. In fact, multi tenancy, additional software, sharing of the memory resources, sharing of the internal data paths like the internal buses, all point to the possibilities of additional vulnerabilities, with shared resources providing a path for spreading the impact of an initial foot hold intrusion. However, this is only part of the story – the virtualized environment provides the system designer new opportunities to improve system security. We present Self Cleansing Intrusion Tolerance (SCIT) a patented novel approach for reducing cost of intrusions. This Moving Target Defense (MTD) strategy leads to higher level of cyber defense. We have built SCIT systems and these have been tested in Northrop Grumman and Lockheed laboratories. We show through experimental results and simulations that using SCIT results in much lower data ex-filtration losses even for zero day and APT attacks. Another interesting result of our work is that combining reactive and proactive systems provides significant advantage as compared to either separately. This combined strategy for virtualized environments has the potential of leveraging the existing investment in enterprise security. However, the SCIT approach leads to an increase in server utilization. We will examine the tradeoff between the rate of moving target defense and the increased load. The SCIT strategy effectively converts static servers into dynamic systems. In this way, we can facilitate a new series of strategies to effectively protect the virtualized environments including the cloud. Presentation: |
Workshops > cs-ga-2011 >