Towards a trusted immutable kernel extension (TIKE) for self-healing systems: a virtual machine approach
暂无分享,去创建一个
The conventional method to restore a compromised system is to wipe the system clean, install from known good media, and patch with the latest updates: a costly, restrictive, and inefficient method. An alternative method is to monitor the host and restore trust if a compromise occurs. When this method is automated, the system is said to be self-healing. One critical requirement of a self-healing system is that the self-healing mechanism itself must not be compromised. Our solution to this requirement is a trusted immutable kernel extension (TIKE) by way of a virtual machine. Using a host operating system as a trusted platform, we discuss a self-healing system that uses existing intrusion detection systems and corresponding self-healing mechanisms to automatically heal the guest operating system once a compromise has occurred.
[1] Rafail Ostrovsky,et al. How to withstand mobile virus attacks (extended abstract) , 1991, PODC '91.
[2] Henry L. Owen,et al. A methodology to detect and characterize Kernel level rootkit exploits involving redirection of the system call table , 2004, Second IEEE International Information Assurance Workshop, 2004. Proceedings..
[3] Tal Garfinkel,et al. Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.
[4] Stephanie Forrest,et al. Infect Recognize Destroy , 1996 .