ISSN : 1796-2056
Volume : 1    Issue : 5    Date : September/October 2006

Incorruptible Self-Cleansing Intrusion Tolerance and Its Application to DNS Security
Yih Huang, David Arsenault, and Arun Sood
Page(s): 21-30
Full Text:
PDF (355 KB)

Despite the increased focus on security, critical information systems remain vulnerable to cyber
attacks. The trend lends importance to the concept of intrusion tolerance: there is a high probability
that systems will be successfully attacked and a critical system must fend off or at least limit the
damage caused by unknown and/or undetected attacks. In prior work, we developed a Self
-Cleansing Intrusion Tolerance (SCIT) architecture that achieves the above goal by constantly
cleansing the servers and rotating the role of individual servers. In this paper1, we show that SCIT
operations can be incorruptibly enforced with hardware enhancements. We then present an
incorruptible SCIT design for use by one of the most critical infrastructures of the Internet, the
domain name systems. We will show the advantages of our designs in the following areas: (1)
incorruptible intrusion tolerance, (2) high availability, (3) scalability, the support for using high
degrees of hardware/server redundancy to improve both system security and service dependability,
and (4) in the case of SCIT-based DNSSEC, protection of the DNS master file and cryptographic
keys. It is our belief that incorruptible intrusion tolerance as presented here constitutes a new,
effective layer of system defense for critical information systems.

Index Terms
computer security, self-cleansing system, intrusion tolerance, domain name system