Workshops‎ > ‎cs-ga-2010‎ > ‎

Arun Sood

Professor(Computer Science), George Mason University & Co-Director, International Cyber Center, Fairfax, VA


Intrusion Tolerance to Mitigate Attacks that Persist

The variety and complexity of cyber attacks is increasing.. and so are the numbers of successful intrusions to mission and business systems. From recent breach reports, it has become clear that intruders were in the system for long periods. Not only did the IDS/IPS fail to prevent the intrusion, these systems were not able to detect the presence of the intruder. Thus, the current cyber defenses cannot protect against customized malware and other zero day attacks and once an attack is successful it can persist for many weeks. Any strategy that will mitigate the effects of the attack would be useful, and if the breach duration is reduced it would lead to reduced losses.

In a series of papers we have introduced a new approach to this problem – Self Cleansing Intrusion Tolerance (SCIT). Our basic premise is to reduce the exposure time of the servers to the internet. SCIT servers mitigate intrusions by making the exploitation of vulnerabilities more difficult by limiting the effective exposure time of the server to the internet. We have achieved sub-minute exposure time for servers without service interruption. SCIT supplements existing security approaches, thus augmenting the value of existing investments. SCIT servers provide (1) threat independence, and (2) mission resilience, while (3) automatically recovering from a successful intrusion.

In this presentation, we will introduce the underlying principles behind SCIT, and show how our approaches reduces the risk of malicious data ex-filtration.