Via NetworkWorld.com -
MIT Computer Science and Artificial Intelligence Laboratory researchers will next week detail a system they say will make it easier for companies to recover from nasty security intrusions.
The system, known as RETRO, lets administrators specify offending actions, such as a TCP connection or an HTTP request from an adversary, that they want to undo. RETRO then repairs the computer's file system by selectively undoing the offending actions-that is, constructing a new system state, as if the offending actions never took place, but all legitimate actions remained. By selectively undoing the adversary's changes while preserving user data, RETRO makes intrusion recovery more practical, the researchers state in a paper to be presented at next week's 9th USENIX Symposium on Operating Systems Design and Implementation.
---------------------------------------------------------------------------
Intrusion Recovery Using Selective Re-execution
http://people.csail.mit.edu/nickolai/papers/kim-retro.pdf
No comments:
Post a Comment