Skip to Main content Skip to Navigation
Journal articles

Intrusion Survivability for Commodity Operating Systems

Ronny Chevalier 1, 2 David Plaquin 2 Chris Dalton 2 Guillaume Hiet 1
1 CIDRE - Confidentialité, Intégrité, Disponibilité et Répartition
CentraleSupélec, Inria Rennes – Bretagne Atlantique , IRISA-D1 - SYSTÈMES LARGE ÉCHELLE
Abstract : Despite the deployment of preventive security mechanisms to protect the assets and computing platforms of users, intrusions eventually occur. We propose a novel intrusion survivability approach to withstand ongoing intrusions. Our approach relies on an orchestration of fine-grained recovery and per-service responses (e.g., privileges removal). Such an approach may put the system into a degraded mode. This degraded mode prevents attackers to reinfect the system or to achieve their goals if they managed to reinfect it. It maintains the availability of core functions while waiting for patches to be deployed. We devised a cost-sensitive response selection process to ensure that while the service is in a degraded mode, its core functions are still operating. We built a Linux-based prototype and evaluated the effectiveness of our approach against different types of intrusions. The results show that our solution removes the effects of the intrusions, that it can select appropriate responses, and that it allows services to survive when reinfected. In terms of performance overhead, in most cases, we observed a small overhead, except in the rare case of services that write many small files asynchronously in a burst, where we observed a higher but acceptable overhead.
Document type :
Journal articles
Complete list of metadata
Contributor : Admin Hal Ur1 Connect in order to contact the contributor
Submitted on : Friday, May 28, 2021 - 11:42:35 AM
Last modification on : Wednesday, November 3, 2021 - 8:15:42 AM
Long-term archiving on: : Sunday, August 29, 2021 - 6:56:19 PM


Files produced by the author(s)



Ronny Chevalier, David Plaquin, Chris Dalton, Guillaume Hiet. Intrusion Survivability for Commodity Operating Systems. Digital Threats: Research and Practice, Association for Computing Machinery, 2020, 1 (4), pp.1-30. ⟨10.1145/3419471⟩. ⟨hal-03085774⟩



Les métriques sont temporairement indisponibles