 |
CuPIDS: An Exploration of Highly Focused, Co-Processor-Based Information System Protection
Authors: Paul D. Williams; Eugene H. Spafford; AIR FORCE INST OF TECH WRIGHT-PATTERSONAFB OH |
|
Abstract:
The Co-Processing Intrusion Detection System (CuPID S) project is exploring how torn improve information system security by dedicating computational resources to system security tasks in a shared resource, multi- processor (MP) architecture. Our research explores ways in which this architecture offers improvements over the traditional uni-processor (UP) model of security. There are a number of areas to explore, one of which has a protected application running on one processor in a symmetric multiprocessing (SMP) system while a shadow process specific to that application runs on a different processor, monitoring its activity, ready to respond immediately if the application violates policy. Experiments with a prototype Cu- PIDS system demonstrate the feasibility of this approach. Fine-grained protection of the real-world application WU-FTP resulted in less than a ten percent slowdown while demonstrating CuPIDS' ability to quickly detect illegitimate behavior, raise an alarm, automatically repair the damage done by the fault or attack, allow the application to resume execution, and export a signature for the activity leading up to the error.
| Limitations: |
 APPROVED FOR PUBLIC RELEASE |
| Description: |
Major rept. |
| Pages: |
22 |
| Report Date: |
20 MAY 2005 |
| Report Number: |
A258534 |
|
|
|
|
|
|
| |
|
|
Keywords relating to this report:
Email This Abstract
