Towards a Theory of Autonomous Reconstitution of Compromised Cyber-Systems   [open pdf - 295KB]

"In cyber systems, the distributed nature of the system poses serious difficulties in maintaining operations, in part because a centralized command and control apparatus is unlikely to provide a robust framework for resilience. Resilience in cyber-systems, in general, has several components, and requires the ability to anticipate and withstand attacks or faults, as well as recover from faults and evolve the system to improve future resilience. The recovery effort and any subsequent evolution may require significant reconfiguration of the system at all levels--hardware, software, services, permissions, etc.--if the system is to be made resilient to further attack or faults. This is especially important in the case of ongoing attacks, where reconfiguration decisions must be taken with care to avoid further compromising the system while maintaining continuity of operations. Collectively, we will label this recovery and evolution process as 'reconstitution.' Currently, reconstitution is performed manually, generally after-the-fact, and usually consists of either standing up redundant systems, check-points (rolling back the configuration to a 'clean' state), or re-creating the system using 'gold-standard' copies. For enterprise systems, such reconstitution may be performed either directly on hardware, or using virtual machines."

Report Number:
Homeland Security Affairs (April 2014), supplement 6
2014 by author(s). Posted here with permission. Documents are for personal use only and not for commercial profit.
Retrieved From:
Homeland Security Affairs Journal: http://www.hsaj.org/
Media Type:
Help with citations