Intrusion Survivability for Commodity Operating Systems-Reference-Cited by-同舟云学术

Intrusion Survivability for Commodity Operating Systems

Published:2020-12-29 Issue:4 Volume:1 Page:1-30
ISSN:2692-1626
Container-title:Digital Threats: Research and Practice
language:en
Short-container-title:Digital Threats: Research and Practice

Author:

Chevalier Ronny¹,Plaquin David²,Dalton Chris²,Hiet Guillaume³

Affiliation:

1. HP Labs and CentraleSupélec, Inria, CNRS, IRISA

2. HP Labs

3. CentraleSupélec, Inria, CNRS, IRISA

Abstract

Despite the deployment of preventive security mechanisms to protect the assets and computing platforms of users, intrusions eventually occur. We propose a novel intrusion survivability approach to withstand ongoing intrusions. Our approach relies on an orchestration of fine-grained recovery and per-service responses (e.g., privileges removal). Such an approach may put the system into a degraded mode. This degraded mode prevents attackers to reinfect the system or to achieve their goals if they managed to reinfect it. It maintains the availability of core functions while waiting for patches to be deployed. We devised a cost-sensitive response selection process to ensure that while the service is in a degraded mode, its core functions are still operating. We built a Linux-based prototype and evaluated the effectiveness of our approach against different types of intrusions. The results show that our solution removes the effects of the intrusions, that it can select appropriate responses, and that it allows services to survive when reinfected. In terms of performance overhead, in most cases, we observed a small overhead, except in the rare case of services that write many small files asynchronously in a burst, where we observed a higher but acceptable overhead.

Publisher

Association for Computing Machinery (ACM)

Subject

General Medicine

Link

https://dl.acm.org/doi/pdf/10.1145/3419471

Reference86 articles.

1. Android Developers. 2019. Understand the Activity Lifecycle. Retrieved from https://developer.android.com/guide/components/activities/activity-lifecycle. Android Developers. 2019. Understand the Activity Lifecycle. Retrieved from https://developer.android.com/guide/components/activities/activity-lifecycle.

2. What’s wrong with risk matrices;Tony Cox Louis Anthony;Risk Anal.,2008

3. Apache. 2019. Apache HTTP Server. Retrieved from https://httpd.apache.org/. Apache. 2019. Apache HTTP Server. Retrieved from https://httpd.apache.org/.

4. Audit. 2019. The Linux Audit Project. Retrieved from https://github.com/linux-audit/. Audit. 2019. The Linux Audit Project. Retrieved from https://github.com/linux-audit/.

5. Basic concepts and taxonomy of dependable and secure computing