Automated Resource Recovery Agent (ARRA)
Abstract
The goal of the Automated Resource Recovery Agent (ARRA) effort is to advance the state-of-the-art in recovery and defense of computer system resources after and during an information attack by developing techniques that bring systems back online quickly. Rather than focusing on plugging the latest holes discovered by hackers, SPS' approach focuses on maintaining system operation through monitoring and recovery of critical resources. While new security breaches will continue to be discovered, focusing on the recovery and defense of the targets of these attacks increases the chance of system survivability, shortens recovery time, and minimizes the impact of newly discovered methods of attack. In addition to automated resource recovery, the concept is to assume a defensive posture upon detection of malicious activity to help safeguard the system. Using heuristic methods to analyze system resources, we will focus not just on individual resources in isolation, but reason about the interrelationship of the various components and system operational concepts. By using generalized heuristics, an effective course of recovery and defensive action can be developed that addresses the source of the problem and not just the symptom.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jun 01, 2000
- Accession Number
- ADA380343
Entities
People
- Michael Winburn