Return to search

Rosie - A Recovery-oriented Security System

Recovery is a time-consuming and computationally expensive operation. If an attacker can affect heavily-shared objects on the machine, then many other processes and files can be compromised from accessing them. This would greatly increase the recovery effort. Since intrusions start with a network connection, we argue that the integrity of heavily-shared objects should be protected from the network, in order to minimize the recovery effort. We discuss our prototype Rosie, which is designed with incident response and post-intrusion recovery in mind. Rosie predicts how heavily-shared each file or process is, based on the previous system activities observed. Rosie enforces appropriate mandatory access control and uses techniques such as sandboxing, in order to protect heavily-shared objects’ integrity. Rosie provides an important recovery guarantee that the maximum number of files need to be recovered is at most equal to the dependency threshold, a value that can be adjusted by a system administrator.

Identiferoai:union.ndltd.org:TORONTO/oai:tspace.library.utoronto.ca:1807/35593
Date11 July 2013
CreatorsChow, Shun Yee
ContributorsGoel, Ashvin
Source SetsUniversity of Toronto
Languageen_ca
Detected LanguageEnglish
TypeThesis

Page generated in 0.0018 seconds