Survivability through customization and adaptability: the Cactus approach

Survivability, the ability of a system to tolerate intentional attacks or accidental failures or errors, is becoming increasingly important with the extended use of computer systems in society. While techniques such as cryptographic methods, intrusion detection, and traditional fault tolerance are currently being used to improve the survivability of such systems, new approaches are needed to help reach the levels that will be required in the near future. This paper proposes the use of fine-grain customization and dynamic adaptation as key enabling technologies in a new approach designed to achieve this goal. Customization not only supports software diversity, but also allows customized tradeoffs to be made between different QoS attributes including performance, security, reliability and survivability. Dynamic adaptation allows survivable services to change their behavior at runtime as a reaction to anticipated or detected intrusions or failures. The Cactus system provides support for both fine-grain customization and dynamic adaptation, thereby offering a potential solution for building survivable software in networked systems.

[1]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[2]  Eugene H. Spafford,et al.  A PATTERN MATCHING MODEL FOR MISUSE INTRUSION DETECTION , 1994 .

[3]  Calton Pu,et al.  Immunix: Survivability Through Specialization , 1997 .

[4]  Nathaniel Sammons,et al.  Multi-platform Interrogation and Reporting with Rscan , 1995, LISA.

[5]  Matti A. Hiltunen,et al.  Supporting customized failure models for distributed software , 1999, Distributed Syst. Eng..

[6]  Hervé Debar,et al.  A neural network component for an intrusion detection system , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[7]  S. O'Malley,et al.  THE ROAD TO NETWORK SECURITY OR THE VALUE OF SMALL COBBLESTONES , 1994 .

[8]  Bharat K. Bhargava,et al.  Adaptability experiments in the RAID distributed database system , 1990, Proceedings Ninth Symposium on Reliable Distributed Systems.

[9]  Yves Deswarte,et al.  SATURNE: a distributed computing system which tolerates faults and intrusions , 1988, [1988] Proceedings. Workshop on the Future Trends of Distributed Computing Systems in the 1990s.

[10]  Robbert van Renesse,et al.  Building Adaptive Systems Using Ensemble , 1998, Softw. Pract. Exp..

[11]  V. Jacobson,et al.  Congestion avoidance and control , 1988, CCRV.

[12]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[13]  Robbert van Renesse,et al.  Horus: a flexible group communication system , 1996, CACM.

[14]  Robbert van Renesse,et al.  Building adaptive systems using ensemble , 1998 .

[15]  John H. Hartman,et al.  Scout: A Communications-Oriented Operating System (Abstract) , 1994, OSDI.

[16]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[17]  Wietse Z. Venema,et al.  TCP Wrapper: Network Monitoring, Access Control, and Booby Traps , 1992, USENIX Summer.

[18]  Eric Rescorla,et al.  The Secure HyperText Transfer Protocol , 1999, RFC.

[19]  Mark Garland Hayden,et al.  The Ensemble System , 1998 .

[20]  Josef Pieprzyk,et al.  Intrusion Detection: A Survey , 1996 .

[21]  Franco Travostino,et al.  Paths: programming with system resources in support of real-time distributed applications , 1996, Proceedings of WORDS'96. The Second Workshop on Object-Oriented Real-Time Dependable Systems.

[22]  Bhavani M. Thuraisingham,et al.  Adaptable object request brokers for information survivability of evolvable real-time command and control systems , 1999, Proceedings 7th IEEE Workshop on Future Trends of Distributed Computing Systems.

[23]  Peter G. Neumann,et al.  Experience with EMERALD to Date , 1999, Workshop on Intrusion Detection and Network Monitoring.

[24]  Mario Barbacci Survivability in the age of vulnerable systems , 1996 .

[25]  Alan O. Freier,et al.  The SSL Protocol Version 3.0 , 1996 .

[26]  Larry L. Peterson,et al.  The x-Kernel: An Architecture for Implementing Network Protocols , 1991, IEEE Trans. Software Eng..

[27]  C. M. Krishna,et al.  An adaptive algorithm to ensure differential service in a token ring network , 1988, Seventh Annual International Phoenix Conference on Computers an Communications. 1988 Conference Proceedings.

[28]  John Linn,et al.  Privacy enhancement for Internet electronic mail: Part I: Message encipherment and authentication procedures , 1989, RFC.

[29]  Matti A. Hiltunen,et al.  Real-Time Dependable Channels: Customizing QoS Attributes for Distributed Systems , 1999, IEEE Trans. Parallel Distributed Syst..

[30]  Rangaswamy Jagannathan,et al.  SYSTEM DESIGN DOCUMENT: NEXT-GENERATION INTRUSION DETECTION EXPERT SYSTEM (NIDES) , 1993 .

[31]  Matti A. Hiltunen,et al.  Coyote: a system for constructing fine-grain configurable communication services , 1998, TOCS.

[32]  Matti A. Hiltunen,et al.  A Configurable Membership Service , 1998, IEEE Trans. Computers.

[33]  Nancy R. Mead,et al.  Survivable Network Systems: An Emerging Discipline , 1997 .

[34]  Douglas C. Schmidt,et al.  ADAPTIVE: A dynamically assembled protocol transformation, integration and evaluation environment , 1993, Concurr. Pract. Exp..

[35]  Matti A. Hiltunen Configuration management for highly-customisable software , 1998, IEE Proc. Softw..

[36]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[37]  Eric Anderson,et al.  Extensible, Scalable Monitoring for Clusters of Computers , 1997, LISA.

[38]  John Linn,et al.  Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures , 1987, RFC.

[39]  C. Pu,et al.  Survivability From a Sow ’ s Ear : The Retrofit Security Requirement , 1998 .

[40]  Don S. Batory,et al.  GENESIS: An Extensible Database Management System , 1988, IEEE Trans. Software Eng..

[41]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[42]  Brian Randell,et al.  Designing Secure and Reliable Applications using Fragmentation-Redundancy-Scattering: An Object-Oriented Approach , 1994, EDCC.

[43]  Evi Nemeth,et al.  satool - A System Administrator's Cockpit, An Implementation , 1993, LISA.

[44]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[45]  Gary McGraw,et al.  Reducing uncertainty about survivability , 1997 .

[46]  Dawson R. Engler,et al.  Exokernel: an operating system architecture for application-level resource management , 1995, SOSP.

[47]  Richard D. Schlichting,et al.  Exploiting Fine-Grain Config-urability for Secure Communication , 1999 .

[48]  David Powell Failure mode assumptions and assumption coverage , 1992 .

[49]  Brian N. Bershad,et al.  Extensibility safety and performance in the SPIN operating system , 1995, SOSP.

[50]  Raphael A. Finkel,et al.  Pulsar: an extensible tool for monitoring large Unix sites , 1997, Softw. Pract. Exp..

[51]  Larry L. Peterson,et al.  Scout: a communications-oriented operating system , 1995, Proceedings 5th Workshop on Hot Topics in Operating Systems (HotOS-V).

[52]  Matti A. Hiltunen,et al.  Affordable Fault Tolerance Through Adaptation , 1998, IPPS/SPDP Workshops.

[53]  Danny Dolev,et al.  The architecture and performance of security protocols in the ensemble group communication system , 2000, ACM Trans. Inf. Syst. Secur..

[54]  Armando Fox,et al.  Adapting to network and client variation via on-demand dynamic distillation , 1997, SOSP 1997.

[55]  P. R. Bell,et al.  Review of point-to-point network routing algorithms , 1986, IEEE Communications Magazine.