Countering Web Defacing Attacks with System Self Cleansing
暂无分享,去创建一个
Web defacing is a form of system intrusion that aims to subvert the contents of a web site. In this paper, we present a defense mechanism that is based on high availability computing, whereby a backup server is available to immediately take over in the presence of server failures. Our approach, called Self-Cleansing Intrusion Tolerance (SCIT), pushes the concept of highavailability computing one step further. In the SCIT approach, a web server is periodically assumed to have "failed," namely, comprised by undetected intrusion/subversion. Consequently, the server is brought off-line for cleansing and the integrity checking of system files and web contents, while a backup takes over. Indeed, it is more appropriate to see a SCIT system as two mirror servers working alternatively than as a primary server and its backup. In this paper, we define the concept of SCIT and present our experiences in building a SCIT web server prototype. . Our prototype results show that self-cleansing cycles are in the range of minutes, restricting the attackers to a very short time window to breach the system and subvert web contents. K eywords high-availability computing, computer security, defacing attack, self-cleansing systems.
[1] Peter S. Weygant,et al. Clusters for High Availability: A Primer of HP Solutions , 1996 .
[2] John Nguyen,et al. Storage: high-availability file server with heartbeat , 2001 .
[3] David Mosberger,et al. httperf—a tool for measuring web server performance , 1998, PERV.
[4] Tim Burke,et al. A high-availability clustering architecture with data integrity guarantees , 2001, Proceedings 42nd IEEE Symposium on Foundations of Computer Science.