Secure, Resilient Computing Clusters: Self-Cleansing Intrusion Tolerance with Hardware Enforced Security (SCIT/HES)

The formidable difficulty in securing systems stems in large part from the increasing complexity of the systems we build but also the degree to which we now depend on information systems. Complex systems cannot be fully verified under all possible conditions. Self cleansing intrusion tolerance (SCIT) servers go through periodic cleaning. SCIT can be used to create secure and robust cluster of servers without the impossible requirement of having perfect security on each server in the cluster. In this paper, we identify six SCIT security primitives that must be satisfied. We present a SCIT hardware enhanced (SCIT/HES) implementation that guarantees the incorruptibility of SCIT operations

[1]  Alfonso Valdes,et al.  Design Assurance Arguments for Intrusion Tolerance , 2002 .

[2]  Arun K. Sood,et al.  Securing DNS services through system self cleansing and hardware enhancements , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[3]  David A. Patterson,et al.  Embracing Failure: A Case for Recovery-Oriented Computing (ROC) , 2001 .

[4]  Tim Burke,et al.  A high-availability clustering architecture with data integrity guarantees , 2001, Proceedings 42nd IEEE Symposium on Foundations of Computer Science.

[5]  J. H. Lala Intrusion tolerant systems , 2000, Proceedings. 2000 Pacific Rim International Symposium on Dependable Computing.

[6]  Arun K. Sood,et al.  Closing cluster attack windows through server redundancy and rotations , 2006, Sixth IEEE International Symposium on Cluster Computing and the Grid (CCGRID'06).

[7]  Y. Huang Self-Cleansing Systems for Intrusion Containment , 2006 .

[8]  Arun K. Sood,et al.  Incorruptible system self-cleansing for intrusion tolerance , 2006, 2006 IEEE International Performance Computing and Communications Conference.

[9]  Y. Huang,et al.  Countering Web Defacing Attacks with System Self Cleansing , 2003 .

[10]  Yves Deswarte,et al.  Intrusion tolerance in distributed computing systems , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[11]  Richard E. Schantz,et al.  Survival by defense-enabling , 2001, NSPW '01.

[12]  John Nguyen,et al.  Storage: high-availability file server with heartbeat , 2001 .

[13]  Arun K. Sood,et al.  SCIT-DNS: Critical infrastructure protection through secure DNS server dynamic updates , 2006, J. High Speed Networks.