Hosts connected to the Internet continue to suffer attacks with high frequency. The use of an intrusion detector allows potential threats to be flagged. When an alarm is raised, preventive action can be taken. A primary goal of such action is to assure the security of the data stored in the system. If this operation is effected manually, the delay between the alarm and the response may be enough for an intruder to cause significant damage.The alternative proposed in this paper is to provide a response primitive for intrusion detectors to utilize in automating the response. We describe RICE, a modification to the Java file subsystem that provides such functionality for data that is deemed to be threatened by an attack. If it is activated when an intrusion appears likely to succeed, it guarantees the confidentiality, integrity and availability of the protected data even after a system is compromised.In particular, RICE allows cryptographic encapsulation of data to be reduced to simple key deletion so that it can be effected rapidly. Further, it uses digitally signed hashes of file deltas to allow untained data to be distinguished from the rest. Finally, file deltas are replicated at a remote node to ensure that changes made by an attacker can be undone using the remote replicas.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Matt Blaze, A cryptographic file system for UNIX, Proceedings of the 1st ACM conference on Computer and communications security, p.9-16, November 03-05, 1993, Fairfax, Virginia, United States  [doi>10.1145/168588.168590]
	2	Giuseppe Cattaneo , Luigi Catuogno , Aniello Del Sorbo , Pino Persiano, The Design and Implementation of a Transparent Cryptographic File System for UNIX, Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, p.199-212, June 25-30, 2001
	3	K. Fu, Group Sharing and Random Access in Cryptographic Storage Filesystems, MIT Master's Thesis, 1999.
	4	K. Fu, M. F. Kaashoek and D. Mazieres, Fast and Secure Distributed Read-only Filesystem, Proceedings of the 4th USENIX Symposium on Operating Systems Design and Implementation, 2000.
	5	A. Gehani and G. Kedem, RheoStat: Real-time Risk Management, Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection, 2004.
	6	J. Hughes et al, A Universal Access, Smart-Card-Based, Secure File System, 9th USENIX Security Symposium, 2000.
	7	http://icat.nist.gov
	8	http://www.w3.org/Jigsaw
	9	David Mazières , Michael Kaminsky , M. Frans Kaashoek , Emmett Witchel, Separating key management from file system security, Proceedings of the seventeenth ACM symposium on Operating systems principles, p.124-139, December 12-15, 1999, Charleston, South Carolina, United States
	10	Encrypting File System for Windows 2000, Microsoft, 1999.
	11	P.A. Porras, STAT - A state transition analysis tool for intrusion detection, Master's Theisis, University of California Santa Barbara, June 1992.
	12	http://www.specbench.org/osg/jvm98/
	13	E. Zadok, I. Badulescu and A. Shender, Cryptfs: A Stackable Vnode Level Encryption Filesystem, Columbia University Technical Report CUCS-012-98, 1998.