Darrin Johnson's Weblog: Need for speed...

In popular media and technical journals we frequently see reports of the latest security weaknesses, hackers breaking into systems, services and data being compromised, etc. Professor Arun Sood, at George Mason University, has taken a novel approach to confronting these security threats. The fundamental approach of Self Cleansing Intrusion Tolerance (SCIT) is to create a known good version of a service (e.g. identity, dns, webserving, etc.) which is then replicated with some of the services put online and some held offline in reserve. Then periodically the offline copies are brought online with online versions being taken offline, scrubbed and ready to be brought online again. I don't do the technology justice so I recommend taking a look at his his website at http://cs.gmu.edu/~asood/scit/ and especially the listed publications.


Professor Sood also posted a great introductory article on Reavis Consulting Group's RiskBloggers.com on "Exposure Time - A Metric For Proactive Security Risk Management". The article discusses the critical consideration of the relationship between the intruder residence time (IRT) and the potential for loss as defined by the loss curve. The "exposure time" however, as Professor Sood asserts, is a more interesting metric. Unfortunately there is invariably a trade-off of cost (e.g. increased number of replicated services, additional equipment, etc.) and exposure time. If you are interested in services security and how to design low exposure time systems then this article and related links are worth reading.