Skip to Main Content
The number of malware attacks is increasing, Companies have invested millions of dollars in intrusion detection and intrusion prevention (ID/IP) technologies and products, yet many web servers are hacked every year. The current reactive methods of security have proven to be inadequate because the ldquobad guysrdquo are always one step ahead of the Intrusion Detection/Intrusion Prevention community. Our research seeks to prove the feasibility of a completely new and innovative theory of server security called ldquoSelf-Cleansing Intrusion Tolerancerdquo (SCIT). SCIT shifts the focus from detection and prevention to containing losses. SCIT uses virtualization technology in a new and unique way to make it more difficult for attackers to do damage/acquire data by reducing a serverpsilas exposure time from several months to less than a minute. In this way we increase the dependability of the server and provide a new way to balance the trade-off between security and availability. We have applied SCIT to multiple types of servers (DNS, SSO and Web), in this paper we will focus on securing web servers using SCIT. Based on the results of load testing of a web application for various load scenarios under both scit and non-scit environments, we will clearly show that SCIT provides a high degree of security with little degradation in overall response time of the application.
Date of Conference: 18-23 June 2009