This project addresses transparent Damage Quarantine and Recovery (DQR), an important problem faced by a large number of mission/life/business-critical applications and information systems that must manage risk, business continuity, and assurance in the presence of severe cyber attacks. Today, these critical applications still have a ?good? chance to suffer from a big ?hit? from attacks. Due to data sharing, interdependencies, and interoperability, the hit could greatly ?amplify? its damage by causing catastrophic cascading effects, which may ?force? an application to halt for hours or even days before the application is recovered.
Traditional failure recovery techniques, though mature in handling random failures, cannot solve the DQR problem due to several fundamental differences between failure recovery and attack recovery. DQR is not a new concept, but there is still a big gap in engineering practical DQR capabilities for real-world applications, and no prior DQR techniques address Web Services or Service-Oriented Architectures. In this project, we will take a holistic approach and make an integrated set of innovative contributions on four fundamental aspects of DQR: theories, mechanisms, applications, and systems. The proposed innovations include the first theory that integrates recoverability and quarantinability, the first DQR scheme that uses mark-based causality tracing to replace read-write-dependency analysis, a novel DQR scheme that does ?cleaning-free? recovery, and the first set of DQR theories and mechanisms for Web Services. In addition, complete open-source DQR tools and systems will be prototyped.
