Blog: MIT Researchers Tout Network Intrusion Recovery System [ ...makes repairs by selectively undoing the offending actions]

MIT Researchers Tout Network Intrusion Recovery System
Network World (09/29/10) Michael Cooney

Massachusetts Institute of Technology researchers are developing RETRO, a system designed to make it easier for organizations to recover from security breaches. RETRO lets administrators specify offending actions that they want to undo and makes repairs by selectively undoing the offending actions. "Since many adversaries go to great lengths to prevent the compromise from being discovered, it can take days or weeks for a user to discover that their machine has been broken into, resulting in a loss of all user work from that period of time," the researchers say. RETRO uses the action history graph to undo an unwanted action and its indirect effects by rolling back the direct effects. "An important assumption of RETRO is that the attacker does not compromise the kernel," the researchers note. However, security vulnerabilities are occasionally found in the kernel. To get around that problem, the researchers say one solution could be to use virtual machine-based techniques, which they plan to explore in the future.

View Full Article