In this paper, we discuss the application of highavailability computing systems to intrusion contain ment. Intrusion Management Systems (IMS) serve to protect complex computer systems from unauthorized intrusio ns. The traditional IMS approaches rely on intrusion prevention and detection, followed by implementatio n f intrusion resistance procedures. A key assumption of a traditional IMS is that it is possible to detect al l intrusions. We believe that the sophistication and rapid evolut i n of information warfare require the more pessimistic assumption that undetected intrusions will occur an d must be guarded against as well. Our approach, called Self-Cleansing Intrusion Tolerance (SCIT), pushes the concept of high-availability computin g one step further. In a SCIT system, a server is pe riodically assumed to have "failed," namely, comprised by unde tect d intrusion. Consequently, the server is brought off -line for cleansing and integrity checking while a backup tak es over. Indeed, it is more appropriate to see a SCIT system as two mirror servers working alternatively than as a prim ary server and its backup. In this paper, we define th e concept of SCIT, present our experiences in building a SCIT firewall prototype, and discuss the future work in more advanced SCIT servers.
[1]
M. Bishop.
Vulnerabilities Analysis
,
1967
.
[2]
Eugene H. Spafford,et al.
Writing, supporting, and evaluating tripwire: a publically available security tool
,
1994
.
[3]
Charles E. Kahn,et al.
A common intrusion detection framework
,
2000
.
[4]
John Nguyen,et al.
Storage: high-availability file server with heartbeat
,
2001
.
[5]
Tim Burke,et al.
A high-availability clustering architecture with data integrity guarantees
,
2001,
Proceedings 42nd IEEE Symposium on Foundations of Computer Science.