Professor, Computer Science and Co-Director, International Cyber Center, George Mason University Founder and CEO, SCIT Labs, Inc. Biography: Dr. Arun Sood is Professor of Computer Science in the Department of Computer Science, and Co-Director of the International Cyber Center (ICC) at George Mason University, Fairfax, VA. His research interests are in security architectures; image and multimedia computing; performance modeling and evaluation; simulation, modeling, and optimization. He and his team of faculty and students have developed a new approach to server security, called Self Cleansing Intrusion Tolerance (SCIT). We convert static servers into dynamic servers and reduce the exposure of the servers, while maintaining uninterrupted service. This research has been supported by US Army, NIST through the Critical Infrastructure Program, SUN, Lockheed Martin, Commonwealth of Virgina CTRF (in partnership with Northrop Grumman). Recently SCIT technology was winner of the Global Security Challenge (GSC) sponsored Securities Technologies for Tomorrow Challenge. This technology has been awarded 3 patents and 3 additional patents are pending. SCIT Labs, a university spin-off, has been formed to commercialize SCIT technology – Dr Sood is the founder and CEO of SCIT Labs. Since 2009 Dr. Sood has directed an annual workshop on Cyber Security and Global Affairs with Office of Naval Research support – Oxford 2009, Zurich 2010 and Budapest 2011. Dr. Sood has held academic positions at Wayne State University, Detroit, MI, Louisiana State University, Baton Rouge, and IIT, Delhi. His has been supported by the Office of Naval Research, NIMA (now NGA), National Science Foundation, U.S. Army Belvoir RD&E Center, U. S. Army TACOM, U.S. Department of Transportation, and private industry. He was awarded grants by NATO to organize and direct advance study institutes in relational database machine architecture and active perception and robot vision. Dr. Sood received the B.Tech degree from the Indian Institute of Technology (IIT), Delhi, in 1966, and the M.S. and Ph.D. degrees in Electrical Engineering from Carnegie Mellon University, Pittsburgh, PA, in 1967 and 1971, respectively. His research has resulted in more than 170 publications, two edited books, 4 patents, and his resume including publications list is available at http://cs.gmu.edu/~asood. Abstract: Reactive Only Strategies Are Inadequate: Resilience Through Recovery Should be Part of the Solution Our systems are constantly under attack. The current reactive approaches are tailored to defend against yesterday’s war. We propose that we need to add intrusion tolerance and resilience approaches to the defense of our computers. Reactive systems can only succeed if we have complete information about the threat and the system vulnerabilities. A goal of perfect knowledge is impossibly costly, and thus we have to shift our approach and develop strategies that will ensure availability and continuity of operations even in the presence of the intruder. To illustrate the complexity, we note that Symantec reports encountering 286 million unique variants of malware in 2010. Studies reported by the Verizon Business DBIR show that the bad guys remain in the systems for days, weeks and months. We believe that the inevitable intrusions can persist for long periods, and the fact that our servers are static makes our defense even more difficult. To address this challenging problem, we have developed SCIT a strategy that deploys a Moving Target Defense with constant restoration to a pristine state. In this presentation we will show that SCIT provides a robust approach to the problem. We will discuss how SCIT works very easily with other systems and how there is advantage to this aggregation. We will take an information risk analysis view and argue that SCIT helps reduce the bad consequences of intruder actions. In effect we argue that as engineers and computer scientists we have made a difficult problem into an impossible problem and we have to adopt an approach based on reliability engineering – best solutions balance MTTF against MTTR. We believe that our goal should not be perfect detection, but something like increasing the work effort of the attacker – thus making this into doable problem. Presentation: |
Workshops > cs-ga-2012 >