Means to build fault-tolerant services have been at hand for some time. Defense against attacks remains a difficult problem, though. The problem becomes ever more urgent with the increasing use of networked computing systems in our society's critical infrastructures and in future-generation military systems (such as GIG and JBI). The objective of this AFOSR-funded effort was to bridge the gap from fault-tolerance to attack-tolerance by exploring two threads. The first thread was to explore the use of mechanically-generated diversity for creating independent server replicas and a 'moving target' defense. This led to a implementing a prototype system that embodied our proactive obfuscation scheme and to a theory that establishes mechanically- generated diversity is almost as powerful a defense as typechecking. The second thread was to explore language-based techniques and build a new theoretical basis for authorization and for quantifying information flow and information corruption. Here, Nexus Authorization Logic (NAL) was developed and deployed it as part of a new operating system.
展开▼