The FOREVER service for fault/intrusion removal

This paper introduces FOREVER, a novel service that can be used to enhance the resilience of replicated systems, namely those exposed to malicious attacks. The main objective of FOREVER is to remove faults and intrusions that may happen during system execution, and such removal is done by combining both evolution and recovery techniques. The paper presents (i.) the challenges that systems exposed to malicious attacks need to address, and (ii.) how FOREVER can be used to tackle these challenges.

[1]  Ravishankar K. Iyer,et al.  Transparent runtime randomization for security , 2003, 22nd International Symposium on Reliable Distributed Systems, 2003. Proceedings..

[2]  Paulo Veríssimo,et al.  Hidden problems of asynchronous proactive recovery , 2007 .

[3]  Yennun Huang,et al.  Software Implemented Fault Tolerance Technologies and Experience , 1993, FTCS.

[4]  Rafail Ostrovsky,et al.  How To Withstand Mobile Virus Attacks , 1991, PODC 1991.

[5]  Ramakrishna Kotla,et al.  Zyzzyva , 2007, SOSP.

[6]  Robbert van Renesse,et al.  COCA: a secure distributed online certification authority , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[7]  Stephen T. Kent Protecting externally supplied software in small computers , 1980 .

[8]  Daniel C. DuVarney,et al.  Efficient Techniques for Comprehensive Protection from Memory Error Exploits , 2005, USENIX Security Symposium.

[9]  David H. Ackley,et al.  Building diverse computer systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).

[10]  Fred B. Schneider,et al.  COCA: a secure distributed online certification authority , 2002 .

[11]  Yennun Huang,et al.  Software rejuvenation: analysis, module and applications , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing. Digest of Papers.

[12]  E. Byres,et al.  The Myths and Facts behind Cyber Security Risks for Industrial Control Systems , 2004 .

[13]  Miguel Correia,et al.  Resilient Intrusion Tolerance through Proactive and Reactive Recovery , 2007, 13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007).

[14]  Philippe A. Palanque,et al.  From Resilience-Building to Resilience-Scaling Technologies: Directions -- ReSIST NoE Deliverable D13 , 2007 .

[15]  Miguel Correia,et al.  Randomized Intrusion-Tolerant Asynchronous Services , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[16]  Rachid Guerraoui,et al.  Muteness Failure Detectors: Specification and Implementation , 1999, EDCC.

[17]  Fred B. Schneider,et al.  Independence from obfuscation: a semantic framework for diversity , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[18]  Rafail Ostrovsky,et al.  How to withstand mobile virus attacks (extended abstract) , 1991, PODC '91.

[19]  Andreas Haeberlen,et al.  The Case for Byzantine Fault Detection , 2006, HotDep.

[20]  William H. Sanders,et al.  Automatic model-driven recovery in distributed systems , 2005, 24th IEEE Symposium on Reliable Distributed Systems (SRDS'05).

[21]  Noah Treuhaft,et al.  Recovery Oriented Computing (ROC): Motivation, Definition, Techniques, and Case Studies , 2002 .

[22]  Lorenzo Strigini,et al.  Fault Tolerance via Diversity for Off-the-Shelf Products: A Study with SQL Database Servers , 2007, IEEE Transactions on Dependable and Secure Computing.

[23]  Kishor S. Trivedi,et al.  Analysis of software rejuvenation using Markov Regenerative Stochastic Petri Net , 1995, Proceedings of Sixth International Symposium on Software Reliability Engineering. ISSRE'95.

[24]  Rüdiger Kapitza,et al.  Hypervisor-Based Efficient Proactive Recovery , 2007, 2007 26th IEEE International Symposium on Reliable Distributed Systems (SRDS 2007).

[25]  Paulo Veríssimo,et al.  Travelling through wormholes: a new look at distributed systems models , 2006, SIGA.

[26]  Miguel Correia,et al.  How Practical Are Intrusion-Tolerant Distributed Systems? , 2006 .

[27]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[28]  Daniel C. DuVarney,et al.  Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits , 2003, USENIX Security Symposium.