SCIT Labs

Products

admin — Tue, 06 Dec 2011 03:34:57 +0000

Learn more about protecting your company with SCIT software appliances and SCIT services.

SCIT Labs offers software appliances for the following:

SCIT Web server (information only)
SCIT E-Commerce server
SCIT DNS server

SCIT Labs also offers highly targeted courses to support in-house training of software developers, testers, and security system designers and operators. Two sample courses are:

Security Architecture – Reactive and proactive security subsystems and how to combine these for best results.
Software Assurance – How to write and test code to capture and fix problems early in the software development life cycle?

Additionally, SCIT Labs provides consulting services for the design and evaluation of security system acquisition and operations.

How SCIT Technology Works

The variety and complexity of cyber attacks is increasing. The attackers have a strong economic and political motivation thus leading to organized and targeted attacks. We have concluded that intrusions are inevitable, and have focused on strategies to work through the attack while limiting the losses. Our approach, called Self Cleansing Intrusion Tolerance (SCIT), leads to the next generation of secure servers. SCIT shifts the focus from intrusion avoidance to reducing the losses resulting from an intrusion. SCIT servers are available for pilot projects and incorporation into your production enterprise systems.

From reports of recent breaches, it has become clear that intruders were in the system for long periods. Not only did the IDS/IPS fail to prevent the intrusion, these systems were not able to detect the presence of the intruder. To illustrate this point, we refer to the following data breach reports:

Verizon DBIR focuses on 90 studies conducted in 2008. 285 million consumer records were compromised. The average Intruder Residence Time (time between system compromise and breach containment) was more than 28 days.

Network Solutions breach was investigated in June – July 2009 resulted in 600,000 records compromised and the data loss took place between March 12, 2009 and June 8, 2009.

Wyndham Hotels breach was detected in January 2010, with an estimated start date of October 2009.

From these incidents, we conclude that the current cyber defenses cannot protect against customized malware and other zero day attacks and intruders are resident for many weeks. Any strategy that will mitigate the effects of the attack would be useful, and if the breach duration is reduced it would lead to reduced data loss. SCIT deliberately focuses on reducing the data loss and we dramatically reduce the records ex-filtrated because of malicious activity.

Here’s how:

Using virtualization technology, SCIT rotates pristine virtual servers and applications every sixty seconds or so. In the graphic above, five online virtual servers (shown in red) are processing transactions while three offline servers are being cleaned and restored to a pristine state. Every minute a pristine “green” server is swapped out with a “red” server and the SCIT process begins again.

Awards, Publications, & Patents

admin — Wed, 16 Nov 2011 03:37:38 +0000

Since launching in 2007, SCIT has won awards for its innovative security solutions. Here are SCIT’s awards, accolades in the media, publications, and patents.

Awards

June 2010
SCIT Labs is the overall winner of the Global Security Challenge and CNI-Expo sponsored Security Technologies of Tomorrow Challenge. This competition for security start-ups was only open to finalists from previous GSC competitions. “This competition brings together the best entrants from various challenges to compete against each other in a race to be crowned the Best Security Technology of Tomorrow.”

November 2009
SCIT Labs was awarded 2nd place in the 2009 GSC Cyber Security Challenge at GSC Summit held at London Business School in November 2009. GSC = Global Security Challenge.

October 2008
SCIT Labs was winner of the TIE-DC Elevator Pitch competition.

Media Reports

Kelly Jackson Higgins, “Dark Reading News Analysis: New Intrusion Tolerance Technology Treats Attacks as Inevitable”, http://www.darkreading.com/document.asp?doc_id=153621 12 May 2008
Kelly Jackson Higgins, “Dark Reading Port In A Storm: Are Security Breaches Inevitable?”, http://www.darkreading.com/document.asp?doc_id=154016 15 May 2008
Jennifer Edgerly, “New Intrusion Tolerance Software Fortifies Server Security”, http://gazette.gmu.edu/articles/12128/ , 18 June 2008 (abridged version at http://www.physorg.com/news132846874.html and http://www.sciencedaily.com/releases/2008/06/080616144905.htm )
“La tol鲡nce aux intrusions profite de la virtualisation”, http://www.atelier.fr/securite/10/18062008/tolerance-aux-intrusions-virtualisation-36715-.html 18 June 2008
Tim Greene, “Software makes virtual servers a moving target”, Network World, http://www.networkworld.com/news/2008/061908-scit.html?page=1 , 19 June 2008 (also in http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9101418&source=rss_news50; http://www.pcworld.com/businesscenter/article/147406/limit_internet_attacks_with_virtual_servers.html)

Patents

“Self-Cleaning System”, US 7549167. Issued 6/16/2009. Inventors: Yih Huang and Arun Sood
“SCIT-DNS: Critical Infrastructure Protection through Secure DNS Server Dynamic Updates”, US 7680955. Issued 03/16/2010. Inventors: David Arsenault, Yih Huang and Arun Sood.
“Single Use Server System”, US 7725531. Issued May 25, 2010 Inventors: David Arsenault, Yih Huang and Arun Sood.

Pending Patents

Regular US Patent Application # 11,419,832, Data Alteration Prevention System, Filed 5/23/2006.
Regular US Patent Application # 12,695,710, Self-Cleansing Secure DNS Server
Regular US Patent Application # 12,695,686, Cache Validating SCIT DNS Server

Publications

Ajay Nagarajan, Quyen Nguyen, Robert Banks and Arun Sood, “Combining Intrusion Detection and Recovery for Enhancing System Dependability”, 5th Workshop on Recent Advances in Intrusion-Tolerant Systems, in conjunction with 41st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2011), Hong Kong, 28 June, 2011. [WRAITS-2011.pdf]
Quyen Nguyen, Arun Sood, “Designing SCIT Architecture Pattern in a Cloud-based Environment”, The First International Workshop on Dependability of Clouds, Data Centers and Virtual Computing Environments (DCDV 2011) in conjunction with 41st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2011), Hong Kong, 28 June, 2011.[DCDV-2011.pdf]
Quyen L. Nguyen and Arun Sood, “Comparative Analysis of Intrusion-Tolerant System Architectures”, IEEE Security and Privacy. Preprint. Accepted for publication August 2010. [SP-PrePrint.pdf]
Quyen L. Nguyen and Arun Sood, “Multiclass S-Reliability for Services in SOA”, accepted for The Fifth International Conference on Software Engineering Advances, ICSEA 2010, Nice, France, August 22-27, 2010.
David Pham and Arun K Sood, “An Intrusion Tolerance Approach to Enhance Single Sign On Server Protection”, Proc The Third International Conference on Dependability (DEPEND 2010)July 18-25, 2010 – Venice/Mestre, Italy..[DEPEND2010_SSO.pdf]
Ajay Nagarajan and Arun Sood, “SCIT and IDS Architectures for Reduced Data Ex-filtration” 4th Workshop on Recent Advances in Intrusion-Tolerant Systems, Chicago,IL, USA, June 28 2010[WRAITS2010_Des_Trees.pdf]
Quyen L. Nguyen and Arun Sood, “Realizing S-Reliability for Services via Recovery-driven Intrusion Tolerance Mechanism”, 4th Workshop on Recent Advances in Intrusion-Tolerant Systems, Chicago,IL, USA, June 28 2010. [WRAITS2010_sreliability.pdf]
Quyen Nguyen and Arun Sood, Quantitative Approach to Tuning of a Time-Based Intrusion-Tolerant System Architecture, 3rd Workshop on Recent Advances in Intrusion Tolerant Systems, Portugal, June 29, 2009.[WRAITS2009.pdf]
Anantha K. Bangalore and Arun K Sood, Securing Web Servers Using Self Cleansing Intrusion Tolerance (SCIT), Proc The Second International Conference on Dependability (DEPEND 2009)June 18-23, 2009 – Athens/Vouliagmeni, Greece. [DEPEND2009.pdf]
Arsenault, D., and Sood, A.(2007). “Resilience: A Systems Design Imperative.” CIPP Working Paper 02-07.Arlington, VA: George Mason University. [CIPP2007.pdf]
David Arsenault, Arun Sood, and Yih Huang, “Secure, Resilient Computing Clusters: Self-Cleansing Intrusion Tolerance with Hardware Enforced Security (SCIT/HES)” Proceedings Second International Conference on Availability, Reliability and Security (ARES 2007), Vienna, Austria, April 2007. [ARES2007.pdf]
Yih Huang, David Arsenault, and Arun Sood, “Incorruptible Self-Cleansing Intrusion Tolerance and Its Application to DNS Security” Journal of Networks, Academy Press, vol 1 No 5, pp 21 – 30, September/October 2006. [Network06.pdf]
Yih Huang, David Arsenault, and Arun Sood, “Closing Cluster Attack Windows through Server Redundancy and Rotations” Proceedings of the Second International Workshop on Cluster Security (Cluster-Sec06),Singapore, May 2006.[CSEC06.pdf]
Yih Huang, David Arsenault, and Arun Sood, “SCIT-DNS: Critical Infrastructure Protection through Secure DNS Server Dynamic Updates”, Journal of High Speed Networking, vol 15 No 1, pp 5 19, 2006.
Yih Huang, David Arsenault, and Arun Sood, “Securing DNS Services through System Self Cleansing and Hardware Enhancements”, Proceedings First International Conference on Availability, Reliability and Security (ARES 2006), Vienna, Austria, April 2006. [ARES06.pdf]
Yih Huang, David Arsenault, and Arun Sood, ?Incorruptible System Self-Cleansing for Intrusion Tolerance”, Proceedings Workshop on Information Assurance (WIA 2006), Phoenix, AZ, April 2006 (in press). [WIA2006.pdf]
Yih Huang, David Arsenault, and Arun Sood, “SCIT-DNS: Critical Infrastructure Protection through Secure DNS Server Dynamic Updates”, Proceedings of 3rd International Trusted Internet Workshop (TIW), /Bangalore,INDIA, December 2004. [SCIT-DNS-TIW04.pdf]
Yih Huang, Arun Sood, and Ravi K. Bhaskar, ?Countering Web Defacing Attacks with System Self-Cleansing ,? /Proceedings of 7^th Word Multiconference on Systemics, Cybernetics and Informatics/, pp. 12?16, Orlando,Florida, July 2003. [defacing.pdf]
Yih Huang and Arun Sood, “Self-Cleansing Systems for Intrusion Containment”, Proceedings of Workshop on Self-Healing, Adaptive, and Self-Managed Systems (SHAMAN), New York City, June 2002. [shaman02.pdf]

Online Articles

Arun Sood, ” Exposure Time – A Metric For Proactive Security Risk Management”, http://www.riskbloggers.com/arunsood/2007/07/exposure-time-a-metric-for-proactive-security-risk-management/ , 23 July 2007.
Naresh Verma, Yih Huang, and Arun Sood, “Proactively Managing Security Risk”, http://www.securityfocus.com/infocus/1896 , 07 November 2007.

White Papers (for download)

SCIT Datasheet

SCIT Concept of Operations

Case Study: Continuous Monitoring, Compromised Server Handling and Forensics

SCIT and Lockheed Clear Sky Integration

Please contact us for additional application targeted SCIT white papers.

Partners

admin — Wed, 16 Nov 2011 03:10:03 +0000

SCIT Labs has partnered with system integrators and other organizations with specialized knowledge base to develop joint proposals submitted to federal agencies. We have also developed a network of national and international of sales and marketing efforts.

SCIT has submitted joint proposals with:

SCIT’s partners in systems integration, sales, and marketing are:

About Us

admin — Wed, 16 Nov 2011 02:48:03 +0000

SCIT Labs, Inc was incorporated in 2007. SCIT is a university spin off, licensing the technology from GMIP – the IP licensing affiliate of George Mason University. Our initial effort was in defining and building servers that demonstrate the effectiveness of the SCIT technology.

Staff

Arun Sood
Dr. Sood is CEO of SCIT Labs Inc, a startup that is licensing SCIT technology from George Mason University. He has published more than 150 papers and edited two books. Three SCIT patents have been issued, and three patent applications are pending. A list of his publications and detailed resume can be found at http://cs.gmu.edu/~asood. He has a BTech (1966) from the Indian Institute of Technology, Delhi, and an MS (1967) and PhD (1971) from Carnegie Mellon University. All of his degrees are in electrical engineering.

Arleen Zank
Arleen Malley Zank is Program Director and Solutions Architect with over 25 years of experience in technology commercialization and product development and designing, developing and delivering complex large-scale enterprise solutions. Ms Zank has extensive experience integrating new and emerging technology to solve mission critical information infrastructure challenges and the scientific and technical challenges of integrating new technology into existing standards-based IT environments. In particular, she has experience developing and deploying FISMA, NIST and Classified secure systems. Ms. Zank is Co-Founder and President of Coronado Group, Ltd. a specialized systems integration and technology advisory firm focused on emerging and disruptive technology, technology strategy, intellectual property, and commercialization. Prior to founding Coronado Group, Ltd. in 1991, Ms. Zank served as a Program Director responsible for program capture and management, pricing strategies, and product development for a Fortune 200 information technology company.

Anantha Bangalore
Mr. Bangalore is Chief Systems Architect. Anantha has a proven 18-year track record of leading, managing and developing on time and quality solutions in Health Information, Security, E-Commerce and Financial domains. He has published many papers in national and international conferences.

Lee Mericle
Ms. Mericle is Chief Software Engineer. Lee has broad experience in software design and development and in formal Government testing management. She has worked with systems ranging from large computer-based training (CBT) systems to a cellular telephone antenna system. She works on various research projects for the National Library of Medicine’s (NLM) Lister Hill National Center for Biomedical Communications (LHNCBC) and served as Aquilent’s program manager for NLM projects.

Protect Yourself with SCIT

admin — Mon, 14 Nov 2011 23:41:19 +0000

Businesses are increasingly vulnerable to security breaches.

The current reactive systems lead to many alerts and require extensive alert (incident) management costs. Furthermore, many of the alerts are false positives, and thus an extensive amount of effort is wasted.

SCIT technology is threat independent. It reduces the impact of zero day attacks, thus providing protection while the manufacturer develops and distributes a patch. In this way even the small retailer is protected – there maybe undetected intrusions but the losses are contained. Further, SCIT servers do not generate alerts and this reduces the need for alert processing. Without SCIT, effective alert processing is essential, to avoid the long term (days, weeks and months) residency of the bad guys in the system. For this reason, SCIT servers reduce the cost of operations.

SCIT Benefits

Current servers are online for very long times. This gives the attacker ample time to scan the server and understand the server vulnerabilities, thus increasing the likelihood of a successful attack. On the other hand, SCIT servers are online for short periods (a few minutes), thereby reducing the time an attacker has to do damage.In effect SCIT strategy converts static servers into dynamic servers. In this way, the temporal dimension of security is emphasized. This has the added advantage of enabling the use of diversity principles. Randomization of address space, application or operating system will increase the attacker difficulty.

The SCIT servers have the following advantages:

SCIT removes malware every minute without detection.
SCIT reduces data ex-filtration.
SCIT does not rely on signatures and is threat independent.
SCIT automatically recovers from defacement or software deletion attacks.
SCIT addition enhances the value of investment in legacy systems.
SCIT hot patches do not require online server reboot.
SCIT increases the security of virtualized systems.

SCIT’s ECommerce Demo Video

Video is available for download in .wmv formats and can be viewed in streaming video mode.

ECommerce SCIT demo video in wmv format is about 280 MB and can be downloaded from http://cs.gmu.edu/~asood/scit/SCIT-ECommerce-Demo.wmv.

The Digital Vaccine

admin — Sun, 13 Nov 2011 05:34:08 +0000

How does SCIT work like a vaccine?

Vaccines have been successfully used to significantly reduce the risk of certain diseases. For example, the small pox vaccine has eliminated small pox. Polio vaccine is another success story. In both cases the vaccines, with requisite boosters, immunize the patient for life and are very successful.

On the other hand there are vaccines that have limited goals but are still very useful. The flu vaccine provides immunity against three specific strains and has to be applied every year. From among the many strains, the vaccine manufacturer research estimates the three strains that will be most prevalent and develops protection against these strains. In general the flu vaccine reduces infections and speeds recovery.

Typically, vaccines are effective for a time period and often booster shots are needed. Further, the vaccination not only protects the individual and also the community. For example, the flu vaccine is recommended by the CDC not only to protect individuals, but also to prevent the spread of the flu (fewer people getting the flu = fewer people spreading the flu) each season. In addition to the vaccine, everyone is encouraged to obey simple rules (wash your hands often) so as to frequently restore the system to a clean state, thus prevent spread of infection.

SCIT is a digital vaccine that removes the malware and viruses every cycle. Like the flu, new variants of the malware continuously appear, and restoring systems to a clean state (like washing hands) reduces the chance of infection. The cycle duration is chosen by the user – one minute cycles have been achieved. SCIT servers are protected from long presence of the malware or virus on the servers – thus making it difficult to infect other servers in the system. SCIT server damage is limited by the duration of exposure time of the server to the internet, and the automatic recovery to a pristine state is included in the SCIT server cycle. SCIT technology complements the current reactive systems like firewalls, IDS and IPS; and leads to further reduction in malicious data ex-filtration.

$6,000,000

admin — Wed, 09 Nov 2011 01:46:04 +0000

The Ponemon Institute reports that in the large breaches, the cost of handling a security breach is $6.4 million, and the average cost per customer record maliciously ex-filtrated is $214.

SCIT’s virtual servers are killed every cycle, thus forcibly breaking the connection from the server to the bad guys every cycle – maybe every minute. This implies that the attacker has to make repeated attempts to download large files. Repeated attempts increase the attacker exposure. By restoring the SCIT servers to a pristine state, the number of records lost per breach is reduced by several orders of magnitude. When the SCIT technology is integrated with current reactive approaches the data ex-filtration per cycle is further reduced.

Protect Yourself with SCIT

admin — Tue, 01 Nov 2011 16:56:11 +0000

Businesses are increasingly vulnerable to security breaches.

SCIT Benefits

The SCIT servers have the following advantages:

SCIT removes malware every minute without detection.
SCIT reduces data ex-filtration.
SCIT does not rely on signatures and is threat independent.
SCIT automatically recovers from defacement or software deletion attacks.
SCIT addition enhances the value of investment in legacy systems.
SCIT hot patches do not require online server reboot.
SCIT increases the security of virtualized systems.

SCIT’s ECommerce Demo Video

Video is available for download in .wmv formats and can be viewed in streaming video mode.

ECommerce SCIT demo video in wmv format is about 280 MB and can be downloaded from http://cs.gmu.edu/~asood/scit/SCIT-ECommerce-Demo.wmv.

The Digital Vaccine

admin — Sat, 10 Sep 2011 22:17:48 +0000

How does SCIT work like a vaccine?

Vaccines have been used to significantly reduce the risk of certain diseases. The small pox vaccine has eliminated small pox. The polio vaccine is another success story. Both these cases the vaccines immunize the patient for life and are very successful.

Other vaccines have limited goals but are still very useful. The flu vaccine provides immunity against three specific strains and must be applied every year. In general, the flu vaccine reduces infections and speeds recovery. In Fall 2011, there have been reports of success with the malaria vaccine. The developers, GlaxoSmithKline and the PATH Malaria Vaccine Initiative, which receives funding from the Bill and Melinda Gates Foundation, said it showed roughly a 50% reduction in malaria cases in a 12 month period following vaccination. “Such a vaccine would not replace proven malaria control interventions such as insecticide-treated bed nets,” the CDC’s Hamel said, “but could be an important addition to those interventions.”

SCIT is a digital vaccine that removes the malware and viruses every cycle. The cycle duration is chosen by the user – one minute cycles have been achieved. SCIT servers are protected from long presence of the malware or virus on the servers – thus making it difficult to infect other servers in the system. SCIT server damage is limited by the duration of exposure time of the server to the internet, and the automatic recovery to a pristine state is included in the SCIT server cycle. SCIT technology complements the current reactive systems like firewalls, IDS and IPS; and leads to further reduction in malicious data ex-filtration.

[[[EMBEDED SCIT VIDEO ?????? ]]]