Dr. Arun Sood is Professor of Computer Science and Co - Director International Cyber Center, George Mason University, Fairfax, Virginia. He was formerly department chair. He is CEO of a SCIT Labs Inc - start up that is licensing SCIT technology from the university. He has published more than 150 papers, and two edited books. He has been awarded 2 patent, and has applied for 3 patents based on SCIT. List of publications and a detailed resume is available at http://cs.gmu.edu/~asood. He was awarded BTech (1966) from Indian Institute of Technology, Delhi, and MS (1967) and PhD (1971) by Carnegie Mellon University. All degrees in Electrical Engineering.

Beyond Prevention and Detection – Intrusion Tolerance

The complexity of modern information services, and the sophistication, pace, and variety of attack techniques requires a new thinking about the computer security problem. In spite of large investments in computer security, attackers continue to evade the most advanced intrusion prevention and detection systems. The problem stems in large part from the constant innovation and evolution of attack techniques, and rapid development of exploits based on recently discovered software vulnerabilities. We conclude – intrusions are inevitable. Our response to these attacks is the concept of intrusion tolerance: a critical system must fend off or at least limit, the damage caused by unknown and/or undetected attacks.

The current intrusion prevention (firewalls) or detection approaches require prior knowledge of all the attack modalities and software vulnerabilities. These approaches are good at fighting yesterday's wars, but what about the serious current and future threats? What about the malware installed on servers? What about inadvertent configuration errors by system administrators? Our response to these formidable challenges is Self Cleansing Intrusion Tolerance (SCIT). SCIT represents a paradigm shift as compared to firewalls and IDSs. SCIT servers are focused on limiting the losses that can occur because of an intrusion. To achieve this goal we limit the exposure time of the server to the internet. In the SCIT approach we have achieved sub-minute exposure time for servers without service interruption. We emphasize that SCIT is not a replacement technology but instead complements and adds to existing approaches.