07-005, 03-023: Self Cleansing Systems

Scientists at George Mason University have developed a series of "self-healing" computer systems that complement and strengthen existing intrusion prevention and detection technologies.

As computer systems become more complex they are increasingly vulnerable to cyber warfare. Current intrusion management systems rely heavily on the ability to detect intrusion events. However, "undetected" and "unknown" intrusions will occur and must be guarded against as well. The "self-healing" system was developed under the assumption that all systems communicating with the outside world are compromised. The Self-Cleansing Intrusion Tolerance, (SCIT), system does not eliminate the use of current intrusion management systems, but extends the idea of system "defense-in-depth: through periodic system cleansing. This system restricts attackers to a very short time window to breach a system and cause harm. Stateless firewalls and servers are relatively easy to "SCIT-ize". The latest SCIT embodiments utilize virtual single use servers. The present invention is compatible with many types of computing systems including web servers, file servers, DNS servers, and certification services.

Market Significance:
Despite our best efforts any network system that is connected to the Internet can or will be compromised. According to the 2003 CSI/FBI Computer Crime and Security Survey, the risk of cyber attacks continues to be high. The report found 75 percent of the 530 firms surveyed acknowledged financial losses, but only 47 percent could quantify the losses, which totaled more than $201 million dollars in 2003. Attacks against internet-connected systems have become so commonplace that CERT will no longer publish the number of incidents reported.

The survivability of your system is dependent on its ability to perform in a hostile environment and survive an attack that results in a successful intrusion. Numerous products exist to target "known" attack techniques. Industry analyst firm IDC estimates that companies will spend more than $12 billion dollars worldwide this year to protect themselves from these security threats. But what about the "unknown" and "undetected" cyber attacks? SCIT addresses these "unknown" and "undetected" cyber attacks. The ability to avoid or contain undetected attacks is an important step in protecting critical infrastructures such as: telecommunications, banking and finance, electrical power, oil and gas distribution and storage, water supply, transportation, emergency services, and government services from harm.