Creating a cyber moving target for critical infrastructure applications using platform diversity

International Journal of Critical Infrastructure Protection

Volumn 5, Issue 1, 2012, Pages 30-39

  Okhravi, Hamed ^a   Comella, Adam ^a   Robinson, Eric ^a   Haines, Joshua ^a  

^a MIT LINCOLN LABORATORY   (United States)

Author keywords

Cyber moving target; Cyber survivability; Diversity; Platform heterogeneity; Virtualization

Indexed keywords

CYBER SURVIVABILITY; DIVERSITY; MOVING TARGETS; PLATFORM HETEROGENEITY; VIRTUALIZATIONS;

C (PROGRAMMING LANGUAGE); CRITICAL INFRASTRUCTURES; VIRTUAL REALITY;

PUBLIC WORKS;

EID: 84858289309     PISSN: 18745482     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.ijcip.2012.01.002     Document Type: Article

References (28)

1. R. Brown, Stuxnet worm causes industry concern for security firms, Mass High Tech, Boston, Massachusetts, October 19, 2010 http://www.masshightech.com/stories/2010/10/18/daily19-Stuxnet-worm-causes-industry-concern-for-security-firms.html.
2. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), ICS-ALERT-10-301-01 - Control System Internet Accessibility, Department of Homeland Security, Washington, DC, October 28, 2010 http://www.us-cert.gov/control_systems/pdf/ICS-Alert-10-301-01.pdf.
3. US Air Force Chief Scientist, Report on Technology Horizons: A Vision for Air Force Science and Technology During 2010-2030, Volume 1, Technical Report AF/ST-TR-10-01-PR, Department of the Air Force, Washington, DC, 2010.
4. National Security Council, Cybersecurity Progress after President Obama's Address, The White House, Washington, DC, July 14, 2010.
5. Carl G., Kesidis G., Brooks R., Rai S. Denial-of-service attack detection techniques. IEEE Internet Computing 2006, 10(1):82-89.
6. K. Kolyshkin, Virtualization in Linux, OpenVZ, 2006 ftp://openvz.org/doc/openvz-intro.pdf.
7. G. Stellner, CoCheck: checkpointing and process migration for MPI, in: Proceedings of the Tenth International Parallel Processing Symposium, 1996, pp. 526-531.
8. Bronevetsky G., Marques D., Pingali K., Stodghill P. Automated application-level checkpointing of MPI programs. ACM SIGPLAN Notices 2003, 38(10):84-94.
9. HDF Group, HDF4 Reference Manual, Champaign, Illinois, 2010, ftp://hdfgroup.org/HDF/Documentation/HDF4.2.5/HDF425_RefMan.pdf.
10. lxc Linux Containers, lxc man pages.
11. Parallels, Clustering in Parallels Virtuozzo-Based Systems, White Paper, Renton, Washington, 2009.
12. Sarmiento E. Securing FreeBSD using jail. System Administration 2001, 10(5):31-37.
13. I. Habib, Virtualization with KVM, Linux Journal, February 1, 2008 http://www.linuxjournal.com/article/9764.
14. Rodriguez G., Martin M., Gonzalez P., Tourino J., Doallo R. CPPC: a compiler-assisted tool for portable checkpointing of message-passing applications. Concurrency and Computation: Practice and Experience 2010, 22(6):749-766.
15. S. Lee, T. Johnson, R. Eigenmann, Cetus - an extensible compiler infrastructure for source-to-source transformation, in: Proceedings of the Sixteenth International Workshop on Languages and Compilers for Parallel Computing, 2003, pp. 539-553.
16. Smart J., Hock K., Csomor S. Cross-Platform GUI Programming with wxWidgets 2005, Prentice Hall, Upper Saddle River, New Jersey.
17. Trusted Computing Group, TPM Main Specification Level 2, Version 1.2, Revision 116, Beaverton, Oregon, 2011, http://www.trustedcomputinggroup.org/resources/tpm_main_specification.
18. E. Brickell, J. Camenisch, L. Chen, Direct anonymous attestation, in: Proceedings of the Eleventh ACM Conference on Computer and Communications Security, 2004, pp. 132-145.
19. K. Ingols, M. Chu, R. Lippmann, S. Webster, S. Boyer, Modeling modern network attacks and countermeasures using attack graphs, in: Proceedings of the Annual Computer Security Applications Conference, 2009, pp. 117-126.
20. Y. Chen, K. Li, J. Plank, CLIP: a checkpointing tool for message passing parallel programs, in: Proceedings of the ACM/IEEE Conference on Supercomputing, 1997, p. 33.
21. C. Clark, K. Fraser, S. Hand, J. Hansen, E. Jul, C. Limpach, I. Pratt, A. Warfield, Live migration of virtual machines, in: Proceedings of the Second Conference on Symposium on Networked Systems Design and Implementation, vol. 2, 2005, pp. 273-286.
22. A. Sood, Intrusion tolerance to mitigate attacks that persist presented at the Secure and Resilient Cyber Architectures Conference, 2010.
23. A. Bangalore, A. Sood, Securing web servers using self cleansing intrusion tolerance SCIT, in: Proceedings of the Second International Conference on Dependability, 2009, pp. 60-65.
24. Huang Y., Arsenault D., Sood A. Incorruptible self cleansing intrusion tolerance and its application to DNS security. Journal of Networks 2006, 1(5):21-30.
25. Y. Huang, A. Ghosh, Automating intrusion response via virtualization for realizing uninterruptible web services, in: Proceedings of the Eighth IEEE International Symposium on Network Computing and Applications, 2009, pp. 114-117.
26. Y. Huang, A. Ghosh, T. Bracewell, B. Mastropietro, A security evaluation of a novel resilient web serving architecture: lessons learned through industry/academia collaboration, in: Proceedings of the International Conference on Dependable Systems and Networks Workshops, 2010, pp. 188-193.
27. Blackmon S., Nguyen J. Storage: high-availability file server with heartbeat. System Administration 2001, 10(9):24-32.
28. R. Rabbat, T. McNeal, T. Burke, A high-availability clustering architecture with data integrity guarantees, in: Proceedings of the IEEE International Conference on Cluster Computing, 2001. pp. 178-182.