CuPIDS: An Exploration of Highly Focused, Co-Processor-Based Information System Protection

摘要

The Co-Processing Intrusion Detection System (CuPID S) project is exploring how torn improve information system security by dedicating computational resources to system security tasks in a shared resource, multi- processor (MP) architecture. Our research explores ways in which this architecture offers improvements over the traditional uni-processor (UP) model of security. There are a number of areas to explore, one of which has a protected application running on one processor in a symmetric multiprocessing (SMP) system while a shadow process specific to that application runs on a different processor, monitoring its activity, ready to respond immediately if the application violates policy. Experiments with a prototype Cu- PIDS system demonstrate the feasibility of this approach. Fine-grained protection of the real-world application WU-FTP resulted in less than a ten percent slowdown while demonstrating CuPIDS' ability to quickly detect illegitimate behavior, raise an alarm, automatically repair the damage done by the fault or attack, allow the application to resume execution, and export a signature for the activity leading up to the error.