Information Assurance

As society increasingly relies on digitally stored and accessed information, applications have increasingly higher requirements on supporting the availability, integrity, and confidentiality of this information. However, as the quantity and severity of cyber vulnerabilities and attacks continuously increase, traditional information security technologies are increasingly limited in satisfying the security requirements of applications due to their inability to survive successful attacks. As a result, Information Assurance (IA) technologies are introduced to not only prevent information from being disclosed, modified or destroyed, but also detect intrusions and operate through attacks in such a way that a certain level of information security can be ensured in the presence of attacks. In this article, we survey the natural evolution of information assurance technologies. Three generations of IA technologies are summarized, namely the technologies to prevent intrusions, the technologies to detect intrusions, and the technologies to operate through attacks, and the newest generation of IA technologies are discussed in detail. In particular, we survey intrusion masking technologies and defensein-depth technologies in the context of survivable information storage systems, intrusion masking distributed computing, attack resistant certification authority, survivable network systems, and survivable of database systems.