Section: New Software and Platforms

Survivor

Keywords: Intrusion Response - Intrusion Recovery - Survivability - Resiliency - Linux - Checkpoint/Restore - Threat Mitigation

Functional Description: Survivor is a set of low-level components to design a Linux-based operating system able to withstand ongoing intrusions and to allow business continuity despite the presence of an active adversary. Survivor provides an Intrusion Response System (IRS) with the low-level components and interfaces needed to orchestrate a per-service checkpoint, recovery, and mitigation actions. It recovers infected services (i.e., their processes and their associated files) to a previous safe state and it protects their state by applying a set of mitigations (e.g., privilege restrictions and resource quotas) aimed at withstanding further reinfections.

• Participants: Ronny Chevalier, Guillaume Hiet, David Plaquin and Chris Dalton

• Partners: CentraleSupélec - HP Labs

• Contact: Ronny Chevalier