Towards a trusted immutable kernel extension (TIKE) for self-healing systems: a virtual machine approach

The conventional method to restore a compromised system is to wipe the system clean, install from known good media, and patch with the latest updates: a costly, restrictive, and inefficient method. An alternative method is to monitor the host and restore trust if a compromise occurs. When this method is automated, the system is said to be self-healing. One critical requirement of a self-healing system is that the self-healing mechanism itself must not be compromised. Our solution to this requirement is a trusted immutable kernel extension (TIKE) by way of a virtual machine. Using a host operating system as a trusted platform, we discuss a self-healing system that uses existing intrusion detection systems and corresponding self-healing mechanisms to automatically heal the guest operating system once a compromise has occurred.