Sciweavers

SOSP
2005
ACM

The taser intrusion recovery system

14 years 8 months ago
The taser intrusion recovery system
Recovery from intrusions is typically a very time-consuming operation in current systems. At a time when the cost of human resources dominates the cost of computing resources, we argue that next generation systems should be built with automated intrusion recovery as a primary goal. In this paper, we describe the design of Taser, a system that helps in selectively recovering legitimate file-system data after an attack or local damage occurs. Taser reverts tainted, i.e. attack-dependent, file-system operations but preserves legitimate operations. This process is difficult for two reasons. First, the set of tainted operations is not known precisely. Second, the recovery process can cause conflicts when legitimate operations depend on tainted operations. Taser provides several analysis policies that aid in determining the set of tainted operations. To handle conflicts, Taser uses automated resolution policies that isolate the tainted operations. Our evaluation shows that Taser is eff...
Ashvin Goel, Kenneth Po, Kamran Farhadi, Zheng Li,
Added 17 Mar 2010
Updated 17 Mar 2010
Type Conference
Year 2005
Where SOSP
Authors Ashvin Goel, Kenneth Po, Kamran Farhadi, Zheng Li, Eyal de Lara
Comments (0)