Incorruptible System Self-Cleansing for Intrusion Tolerance

Huang, Yih; Arsenault, D.; Sood, Arun K.

doi:10.1109/.2006.1629444

Cited by 15 publications

(12 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A central controller is used to manage server rotations and role assignments [11]. (In implementations, the controller could also be an offthe-shelf server; the name suggests its use not its construction.)…”

Section: Scit/hes Overviewmentioning

confidence: 99%

See 1 more Smart Citation

Securing DNS services through system self cleansing and hardware enhancements

Huang

Arsenault

Sood

2006

First International Conference on Availability, Reliability and Security (ARES'06)

Self Cite

View full text Add to dashboard Cite

--Domain Name Systems (DNS) provide the mapping between easily-remembered host names and their IP addresses. Popular DNS implementations however contain vulnerabilities that are exploited by frequent, targeted attacks. The software vulnerabilities of DNS together with the constant innovation and morphing of cyber attack techniques necessitate the consideration of the worst case scenarios: there will be successful but undetected attacks against DNS servers.In this work 1 we develop a secure DNS architecture that contains the damage of successful, undetected attacks. This formidable end is achieved by constantly cleansing the servers and rotating the role of individual servers. Moreover, the server rotation process itself is protected against corruption by hardware. We will show the advantages of our design in the following areas: (1) protection of the DNS master file and cryptographic keys, (2) incorruptible intrusion tolerance, (3) high availability, and (4) scalability, the support of using of high degrees of hardware/server redundancy to improve both system security and service dependability. Due to the critical importance of DNS, such a dependable and intrusion-resilient design contributes significantly to the overall security of the Internet.

show abstract

Section: Scit/hes Overviewmentioning

confidence: 99%

“…In [11], we presented SCIT/HES (HES for Hardware Enhanced Security), which uses simple hardware enhancements to provide incorruptibility guarantees, or SCIT Primitives.…”

Section: Introductionmentioning

confidence: 99%

Securing DNS services through system self cleansing and hardware enhancements

Huang

Arsenault

Sood

2006

First International Conference on Availability, Reliability and Security (ARES'06)

Self Cite

View full text Add to dashboard Cite

show abstract

“…The service in SCIT system is related with the high-availability such as the seamless server transitions and sharing of server identities (IP and/or hardware addresses). Examples of existing high-availability systems include DNS servers, NFS servers, web services, authentication services, firewalls, IPsec gateways, and virtual private network (VPN) gateways [23].…”

Section: Introductionmentioning

confidence: 99%

A Novel Intrusion Tolerant System Using Live Migration

Shin

Song

Lee

et al. 2014

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYThis letter proposes a novel intrusion tolerant system consisting of several virtual machines (VMs) that refresh the target system periodically and by live migration, which monitors the many features of the VMs to identify and replace exhausted VMs. The proposed scheme provides adequate performance and dependability against denial of service (DoS) attacks. To show its efficiency and security, we conduct experiments on the CSIM20 simulator, which showed 22% improvement in a normal situation and approximately 77.83% improvement in heavy traffic in terms of the response time compared to that reported in the literature. We measure and compare the response time. The result show that the proposed scheme has shorter response time and maintains than other systems and supports services during the heavy traffic. key words: intrusion tolerant system (ITS), proactive & reactive recovery, live migration, denial of service (DoS)

show abstract

“…The most similar intrusion tolerance solution to RWS is SCIT [10]; they both use virtualization, replicated VS images, reversions, and rotations. There are, however, critical distinctions.…”

Section: Related Workmentioning

confidence: 99%