Accession Number : ADA548748


Title :   From Fault-tolerance to Attack Tolerance


Descriptive Note : Final rept. 1 Dec 2005-30 Nov 2010


Corporate Author : CORNELL UNIV ITHACA NY DEPT OF COMPUTER SCIENCE


Personal Author(s) : Schneider, Fred B


Full Text : http://www.dtic.mil/dtic/tr/fulltext/u2/a548748.pdf


Report Date : 02 Apr 2011


Pagination or Media Count : 10


Abstract : Means to build fault-tolerant services have been at hand for some time. Defense against attacks remains a difficult problem, though. The problem becomes ever more urgent with the increasing use of networked computing systems in our society's critical infrastructures and in future-generation military systems (such as GIG and JBI). The objective of this AFOSR-funded effort was to bridge the gap from fault-tolerance to attack-tolerance by exploring two threads. The first thread was to explore the use of mechanically-generated diversity for creating independent server replicas and a moving target'' defense. This led to a implementing a prototype system that embodied our proactive obfuscation scheme and to a theory that establishes mechanically-generated diversity is almost as powerful a defense as typechecking. The second thread was to explore language-based techniques and build a new theoretical basis for authorization and for quantifying information flow and information corruption. Here, Nexus Authorization Logic (NAL) was developed and deployed it as part of a new operating system.


Descriptors :   *COMPUTER NETWORK SECURITY , *FAULT TOLERANT COMPUTING , PROTOTYPES , SEMANTICS


Subject Categories : Computer Systems
      Computer Systems Management and Standards


Distribution Statement : APPROVED FOR PUBLIC RELEASE