Details

Towards Self-Healing Systems: Re-establishing Trust in Compromised Systems

by Grizzard, Julian B

Abstract (Summary)
Computer systems are subject to a range of attacks that can compromise their intended operations. Conventional wisdom states that once a system has been compromised, the only way to recover is to format and reinstall. In this work, we present methods to automatically recover or self-heal from a compromise. We term the system an intrusion recovery system. The design consists of a layered architecture in which the production system and intrusion recovery system run in separate isolated virtual machines. The intrusion recovery system monitors the integrity of the production system and repairs state if a compromise is detected. A method is introduced to track the dynamic control flow graph of the production system guest kernel. A prototype of the system was built and tested against a suite of rootkit attacks. The system was able to recover from all attacks at a cost of about a 30% performance penalty.
Bibliographical Information:

Advisor:Schwan, Karsten; Schimmel, David; Copeland, John; Owen, Henry; Wills, Linda

School:Georgia Institute of Technology

School Location:USA - Georgia

Source Type:Master's Thesis

Keywords:electrical and computer engineering

ISBN:

Date of Publication:04/10/2006

© 2009 OpenThesis.org. All Rights Reserved.