SHELF: Preserving business continuity and availability in an intrusion recovery system

Xi Xiong, Xiaoqi Jia, Peng Liu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

12 Citations (Scopus)

Abstract

Recovering from intrusions for a compromised computer system is a challenging job, especially for systems that run continuous services. Current intrusion recovery techniques often do not preserve the accumulated useful state of running applications and have very limited system availability when performing recovery routines. In this paper, we propose SHELF, an on-the-fly intrusion recovery prototype system that provides a comprehensive solution to preserve business continuity, availability and recovery accuracy. SHELF preserves accumulated clean states for infected applications and files so that they can continue with the most recent pre-infection states after recovery. Moreover, SHELF leverages OS-aware taint tracking techniques to swiftly determine the sources of intrusion and assess system-wide damages caused by the intrusion. SHELF uses quarantine methods to prevent infection propagation so that uninfected and recovered objects can provide availability during the recovery phase. We integrate SHELF prototype in a virtualization environment to achieve user transparency and protection. Our evaluation shows that SHELF can perform accurate recovery on-the-fly effectively with an acceptable performance overhead.

Original languageEnglish (US)
Title of host publication25th Annual Computer Conference Security Applications, ACSAC 2009
Pages484-493
Number of pages10
DOIs
StatePublished - Dec 1 2009
Event25th Annual Computer Conference Security Applications, ACSAC 2009 - Honolulu, HI, United States
Duration: Dec 7 2009Dec 11 2009

Publication series

NameProceedings - Annual Computer Security Applications Conference, ACSAC
ISSN (Print)1063-9527

Other

Other25th Annual Computer Conference Security Applications, ACSAC 2009
CountryUnited States
CityHonolulu, HI
Period12/7/0912/11/09

Fingerprint

Availability
Recovery
Industry
Transparency
Computer systems

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Software
  • Safety, Risk, Reliability and Quality

Cite this

Xiong, X., Jia, X., & Liu, P. (2009). SHELF: Preserving business continuity and availability in an intrusion recovery system. In 25th Annual Computer Conference Security Applications, ACSAC 2009 (pp. 484-493). [5380701] (Proceedings - Annual Computer Security Applications Conference, ACSAC). https://doi.org/10.1109/ACSAC.2009.52
Xiong, Xi ; Jia, Xiaoqi ; Liu, Peng. / SHELF : Preserving business continuity and availability in an intrusion recovery system. 25th Annual Computer Conference Security Applications, ACSAC 2009. 2009. pp. 484-493 (Proceedings - Annual Computer Security Applications Conference, ACSAC).
@inproceedings{3b23448e9b9f48f8a34937865f747d74,
title = "SHELF: Preserving business continuity and availability in an intrusion recovery system",
abstract = "Recovering from intrusions for a compromised computer system is a challenging job, especially for systems that run continuous services. Current intrusion recovery techniques often do not preserve the accumulated useful state of running applications and have very limited system availability when performing recovery routines. In this paper, we propose SHELF, an on-the-fly intrusion recovery prototype system that provides a comprehensive solution to preserve business continuity, availability and recovery accuracy. SHELF preserves accumulated clean states for infected applications and files so that they can continue with the most recent pre-infection states after recovery. Moreover, SHELF leverages OS-aware taint tracking techniques to swiftly determine the sources of intrusion and assess system-wide damages caused by the intrusion. SHELF uses quarantine methods to prevent infection propagation so that uninfected and recovered objects can provide availability during the recovery phase. We integrate SHELF prototype in a virtualization environment to achieve user transparency and protection. Our evaluation shows that SHELF can perform accurate recovery on-the-fly effectively with an acceptable performance overhead.",
author = "Xi Xiong and Xiaoqi Jia and Peng Liu",
year = "2009",
month = "12",
day = "1",
doi = "10.1109/ACSAC.2009.52",
language = "English (US)",
isbn = "9780769539195",
series = "Proceedings - Annual Computer Security Applications Conference, ACSAC",
pages = "484--493",
booktitle = "25th Annual Computer Conference Security Applications, ACSAC 2009",

}

Xiong, X, Jia, X & Liu, P 2009, SHELF: Preserving business continuity and availability in an intrusion recovery system. in 25th Annual Computer Conference Security Applications, ACSAC 2009., 5380701, Proceedings - Annual Computer Security Applications Conference, ACSAC, pp. 484-493, 25th Annual Computer Conference Security Applications, ACSAC 2009, Honolulu, HI, United States, 12/7/09. https://doi.org/10.1109/ACSAC.2009.52

SHELF : Preserving business continuity and availability in an intrusion recovery system. / Xiong, Xi; Jia, Xiaoqi; Liu, Peng.

25th Annual Computer Conference Security Applications, ACSAC 2009. 2009. p. 484-493 5380701 (Proceedings - Annual Computer Security Applications Conference, ACSAC).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - SHELF

T2 - Preserving business continuity and availability in an intrusion recovery system

AU - Xiong, Xi

AU - Jia, Xiaoqi

AU - Liu, Peng

PY - 2009/12/1

Y1 - 2009/12/1

N2 - Recovering from intrusions for a compromised computer system is a challenging job, especially for systems that run continuous services. Current intrusion recovery techniques often do not preserve the accumulated useful state of running applications and have very limited system availability when performing recovery routines. In this paper, we propose SHELF, an on-the-fly intrusion recovery prototype system that provides a comprehensive solution to preserve business continuity, availability and recovery accuracy. SHELF preserves accumulated clean states for infected applications and files so that they can continue with the most recent pre-infection states after recovery. Moreover, SHELF leverages OS-aware taint tracking techniques to swiftly determine the sources of intrusion and assess system-wide damages caused by the intrusion. SHELF uses quarantine methods to prevent infection propagation so that uninfected and recovered objects can provide availability during the recovery phase. We integrate SHELF prototype in a virtualization environment to achieve user transparency and protection. Our evaluation shows that SHELF can perform accurate recovery on-the-fly effectively with an acceptable performance overhead.

AB - Recovering from intrusions for a compromised computer system is a challenging job, especially for systems that run continuous services. Current intrusion recovery techniques often do not preserve the accumulated useful state of running applications and have very limited system availability when performing recovery routines. In this paper, we propose SHELF, an on-the-fly intrusion recovery prototype system that provides a comprehensive solution to preserve business continuity, availability and recovery accuracy. SHELF preserves accumulated clean states for infected applications and files so that they can continue with the most recent pre-infection states after recovery. Moreover, SHELF leverages OS-aware taint tracking techniques to swiftly determine the sources of intrusion and assess system-wide damages caused by the intrusion. SHELF uses quarantine methods to prevent infection propagation so that uninfected and recovered objects can provide availability during the recovery phase. We integrate SHELF prototype in a virtualization environment to achieve user transparency and protection. Our evaluation shows that SHELF can perform accurate recovery on-the-fly effectively with an acceptable performance overhead.

UR - http://www.scopus.com/inward/record.url?scp=77950847824&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77950847824&partnerID=8YFLogxK

U2 - 10.1109/ACSAC.2009.52

DO - 10.1109/ACSAC.2009.52

M3 - Conference contribution

AN - SCOPUS:77950847824

SN - 9780769539195

T3 - Proceedings - Annual Computer Security Applications Conference, ACSAC

SP - 484

EP - 493

BT - 25th Annual Computer Conference Security Applications, ACSAC 2009

ER -

Xiong X, Jia X, Liu P. SHELF: Preserving business continuity and availability in an intrusion recovery system. In 25th Annual Computer Conference Security Applications, ACSAC 2009. 2009. p. 484-493. 5380701. (Proceedings - Annual Computer Security Applications Conference, ACSAC). https://doi.org/10.1109/ACSAC.2009.52