We give a comprehensive overview of information assurance technologies, with a focus on the emerging third generation information assurance technologies and their relation with more established intrusion detection and prevention Information Assurance technologies.
In general, existing Information Assurance technologies can be “clustered” into three generations as shown below. There is a natural evolution or maturing that has occurred in the IA community, and these generations offer evidence of the evolution.
First generation: intrusion prevention systems. The goal is to prevent attacks from succeeding. The representative technologies are trusted computing base, access control and physical security, multiple levels of security, and cryptography.
Second generation: intrusion detection systems. Because not all attacks can be prevented, intrusions will occur. Hence, the goal of second generation Information Assurance technologies is to detect intrusions. Some representative technologies are firewalls, intrusion detection systems, and boundary controllers.
Third generation: operate through attacks (or survivability). Because some attacks will succeed, we need the third generation Information Assurance technologies. The goal is to enable information systems to continue delivering essential services with security assurance in the presence of sustained attacks. Some representative technologies are real-time situation awareness and response, real-time trade-off of performance, functionality and security, intrusion tolerance, and graceful degradation. It should be noticed that the third generation Information Assurance technologies are not simply focusing on the availability domain; their dimensions are much broader. In particular, without delivering such security assurance as confidentiality (privacy), integrity, authenticity and non repudiation, essential services cannot be continuously delivered under sustained attacks. In general, survivability means not only availability under attacks but also confidentiality (privacy), integrity, authenticity, and non repudiation under attacks. Moreover, in many situations, survivability implies reliability.
It should be noticed that among the three generations of Information Assurance technologies, each generation is crucial in achieving the goals of information assurance, and no one can replace another. (The second generation IA technologies do not subsume the first generation Information Assurance technologies, and the third generation Information Assurance technologies do not subsume the second generation IA technologies either.) In particular, the first generation IA technologies build the foundation for information assurance because without strong protection of information confidentiality, privacy, integrity, authenticity, and non repudiation, there can be too many successful attacks for the information system to survive, which in fact makes survivability infeasible. Moreover intrusion prevention systems, intrusion detection system, and intrusion tolerance (or survivability) actually share primarily the same goal (i.e., to ensure the information confidentiality, privacy, integrity, availability, authenticity and non repudiation in the face of attacks). A highly trusted and assured information system should be able to prevent as many attacks as possible from breaking into the system, detect the attacks that could not be prevented with accuracy and agility, and robustly operate through and recover from these successful attacks without losing availability, reliability, and accountability. Second, the third generation Information Assurance technologies are largely dependent on the second generation IA technologies, because many third generation Information Assurance technologies assume that the intrusions can be detected in a timely manner with good accuracy (e.g., low false positive rate and false negative rate).
Nevertheless, in this chapter we focus on the third generation IA technologies, because the first and second generation IA technologies are well covered by the other chapters of this handbook. In particular, we survey the technologies for developing survivable (networked) information systems. Readers can refer to Secure Public Networks, IPsec, SSL/TLS, Secret Key Cryptography, Database Security, Medical Record Security, Access Control: Principles and Solutions, PGP (Pretty Good Privacy), P3P (Platform for Privacy Preferences Project), Anonymity and Identity in the Internet, Privacy Law, Privacy Issues in Wired and Wireless Networks, and Medical Record Security for detailed discussions of first generation IA technologies. You can refer to Intrusion Detection: Detection Technology and Techniques, Intrusion Detection Systems Basics, Host-Based Intrusion Detection Systems, and Network-Based Intrusion Detection Systems for detailed discussions of second generation Information Assurance technologies.
