Towards Self-Healing Systems: Re-establishing Trust in Compromised Systems

Grizzard, Julian B.

10 April 2006

Computer systems are subject to a range of attacks that can compromise their intended operations. Conventional wisdom states that once a system has been compromised, the only way to recover is to format and reinstall. In this work, we present methods to automatically recover or self-heal from a compromise. We term the system an intrusion recovery system. The design consists of a layered architecture in which the production system and intrusion recovery system run in separate isolated virtual machines. The intrusion recovery system monitors the integrity of the production system and repairs state if a compromise is detected. A method is introduced to track the dynamic control flow graph of the production system guest kernel. A prototype of the system was built and tested against a suite of rootkit attacks. The system was able to recover from all attacks at a cost of about a 30% performance penalty.

Virtual machine

End-user security

Intrusion detection

Intrusion recovery

Rootkits

Enhancing security risk awareness in end-users via affective feedback

Shepherd, Lynsay A.

January 2016

Background: Risky security behaviour displayed by end-users has the potential to leave devices vulnerable to compromise, despite the availability of security tools designed to aid users in defending themselves against potential online threats. This indicates a need to modify the behaviour of end-users, allowing them to consider the security implications of their actions online. Previous research has indicated affective feedback may serve as a successful method of educating users about risky security behaviours. Thus, by influencing end-users via affective feedback it may be possible to engage users, improving their security awareness. Aims: Develop and apply knowledge of monitoring techniques and affective feedback, establishing if this changes users’ awareness of risky security behaviour in the context of a browser-based environment. Methodology: The methodology employs the use of log files derived from the monitoring solution, and information provided by users during the experiments. Questionnaire data was compared against log files and information provided during experiments, providing an overall quantitative approach. Results: In the case of the log files and questionnaires, participants were found to have engaged in instances of risky security behaviours, which they were unaware of, and this indicated a low-level of awareness of risky security behaviour. Whilst the results indicate the affective feedback did not make a difference to behaviour during the course of the experiments, participants felt that the affective feedback delivered had an impact, raising their security awareness, encouraging them to learn about online security. Conclusions: This body of research has made a novel contribution to the field of affective feedback and usable security. Whilst the results indicate the affective feedback made no difference to behaviour, users felt it had an impact on them, persuading them to consider their security behaviours online, and encouraging them to increase their knowledge of risky security behaviours. The research highlights the potential application of affective feedback in the field of usable security. Future work seeks to explore different ways in which affective feedback can be positioned on-screen, and how feedback can be tailored to target specific groups, such as children, or elderly people, with the aim of raising security awareness.