Friday, June 20, 2008

New Intrusion Tolerance Software Fortifies Server Security

ACM TechNews reports that researchers at George Mason University have developed a nonreactive approach for dealing with intrusion detection and prevention.

Arun Sood, professor of computer science and director of the Laboratory of Interdisciplinary Computer Science and Yin Huang, senior research scientist in the Center for Secure Information Systems, make the assumption that someone is trespassing on computers servers. They believe that by limiting the time of continuous connectivity to the Internet and using virtualization technology to create duplicate servers, an online server is periodically cleansed and restored to a known clean state, regardless of whether an intrusion has actually occurred or been detected.

In creating Self Cleansing Intrusion Tolerance (SCIT), Sood and Huang achieve the goal of limiting the exposure time of the server to the Internet.
“This approach of regular cleansings, when coupled with existing intrusion prevention and detection systems, leads to increased overall security,” says Sood. “We know that intrusion detection systems can detect sudden increases in data throughput from a server, so to avoid detection, hackers steal data at low rates. SCIT interrupts the flow of data regularly and automatically, and the data ex-filtration process is interrupted every cleansing cycle. Thus, SCIT, in partnership with intrusion detection systems, limits the volume of data that can be stolen.”
See George Mason University News for further information.