Architecture, Services and Protocols for CRUTIAL

Project co-funded by the European Commission within the Sixth Frame-work Programme (2002-2006)

[1]  Hector Garcia-Molina,et al.  Elections in a Distributed Computing System , 1982, IEEE Transactions on Computers.

[2]  Rachid Guerraoui,et al.  Muteness Failure Detectors: Specification and Implementation , 1999, EDCC.

[3]  Alex C. Snoeren,et al.  Mesh-based content routing using XML , 2001, SOSP.

[4]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1985, JACM.

[5]  Kotagiri Ramamohanarao,et al.  Protection from distributed denial of service attacks using history-based IP filtering , 2003, IEEE International Conference on Communications, 2003. ICC '03..

[6]  Michel Raynal,et al.  Consensus in Byzantine asynchronous systems , 2003, J. Discrete Algorithms.

[7]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[8]  Dan Schnackenberg,et al.  Statistical approaches to DDoS attack detection and response , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[9]  Michael K. Reiter,et al.  Byzantine quorum systems , 1997, STOC '97.

[10]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[11]  Andrea Bondavalli,et al.  Threshold-Based Mechanisms to Discriminate Transient from Intermittent Faults , 2000, IEEE Trans. Computers.

[12]  Sam Toueg,et al.  Unreliable failure detectors for reliable distributed systems , 1996, JACM.

[13]  C. M. Sperberg-McQueen,et al.  Extensible Markup Language (XML) , 1997, World Wide Web J..

[14]  R. Power CSI/FBI computer crime and security survey , 2001 .

[15]  Miguel Correia,et al.  Intrusion-Tolerant Protection for Critical Infrastructures , 2007 .

[16]  Stephen T. Kent,et al.  IP Authentication Header , 1995, RFC.

[17]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[18]  Anas Abou El Kalam,et al.  Critical Infrastructures Security Modeling, Enforcement and Runtime Checking , 2009, CRITIS.

[19]  Miguel Correia,et al.  From Consensus to Atomic Broadcast: Time-Free Byzantine-Resistant Protocols without Signatures , 2006, Comput. J..

[20]  Krishna P. Gummadi,et al.  Improving the Reliability of Internet Paths with One-hop Source Routing , 2004, OSDI.

[21]  Ju Wang,et al.  Understanding when location-hiding using overlay networks is feasible , 2006, Comput. Networks.

[22]  Christian Cachin,et al.  Secure distributed DNS , 2004, International Conference on Dependable Systems and Networks, 2004.

[23]  Paulo Veríssimo,et al.  Intrusion-tolerant middleware: the road to automatic security , 2006, IEEE Security & Privacy.

[24]  Wenke Lee,et al.  Proactive detection of distributed denial of service attacks using MIB traffic variables-a feasibility study , 2001, 2001 IEEE/IFIP International Symposium on Integrated Network Management Proceedings. Integrated Network Management VII. Integrated Management Strategies for the New Millennium (Cat. No.01EX470).

[25]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[26]  Paulo Veríssimo Lessons Learned with NavTech: a Framework for Reliable Large-Scale Applications , 2002 .

[27]  Geert Deconinck,et al.  An overlay protection layer against Denial-of-Service attacks , 2008, 2008 IEEE International Symposium on Parallel and Distributed Processing.

[28]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[29]  K. Carlsen,et al.  Operating under stress and strain [electrical power systems control under emergency conditions] , 1978, IEEE Spectrum.

[30]  Nora Cuppens-Boulahia,et al.  O2O: Virtual Private Organizations to Manage Security Policy Interoperability , 2006, ICISS.

[31]  Miguel Correia,et al.  The Crutial Way of Critical Infrastructure Protection , 2008, IEEE Security & Privacy Magazine.

[32]  Hari Balakrishnan,et al.  Improving web availability for clients with MONET , 2005, NSDI.

[33]  Steven M. Bellovin,et al.  Implementing Pushback: Router-Based Defense Against DDoS Attacks , 2002, NDSS.

[34]  Kotagiri Ramamohanarao,et al.  Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.

[35]  Mario Gerla,et al.  D-ward: source-end defense against distributed denial-of-service attacks , 2003 .

[36]  David Watson,et al.  Topology aware overlay networks , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[37]  Mooi Choo Chuah,et al.  Packetscore: statistics-based overload control against distributed denial-of-service attacks , 2004, IEEE INFOCOM 2004.

[38]  Anna van Raaphorst OASIS (Organization for the Advancement of Structured Information Standards) , 2006 .

[39]  Angelos D. Keromytis,et al.  SOS: an architecture for mitigating DDoS attacks , 2004, IEEE Journal on Selected Areas in Communications.

[40]  Arun Venkataramani,et al.  Separating agreement from execution for byzantine fault tolerant services , 2003, SOSP '03.

[41]  Rafail Ostrovsky,et al.  How to withstand mobile virus attacks (extended abstract) , 1991, PODC '91.

[42]  Anees Shaikh,et al.  A measurement-based analysis of multihoming , 2003, SIGCOMM '03.

[43]  Miguel Correia,et al.  Resilient Intrusion Tolerance through Proactive and Reactive Recovery , 2007 .

[44]  Christian Cachin,et al.  Secure INtrusion-Tolerant Replication on the Internet , 2002, Proceedings International Conference on Dependable Systems and Networks.

[45]  Wa Halang,et al.  REAL-TIME SYSTEMS .1. , 1990 .

[46]  Heejo Lee,et al.  On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets , 2001, SIGCOMM 2001.

[47]  Paulo Veríssimo,et al.  How resilient are distributed f fault/intrusion-tolerant systems? , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[48]  Sam Toueg,et al.  Randomized Byzantine Agreements , 1984, PODC '84.

[49]  Frédéric Cuppens,et al.  Organization based access control , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[50]  Jun Li,et al.  SAVE: source address validity enforcement protocol , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[51]  Marcos K. Aguilera,et al.  On Quiescent Reliable Communication , 2000, SIAM J. Comput..

[52]  Hari Balakrishnan,et al.  Best-path vs. multi-path overlay routing , 2003, IMC '03.

[53]  Wang Yi,et al.  Uppaal in a nutshell , 1997, International Journal on Software Tools for Technology Transfer.

[54]  Miguel Correia,et al.  How to tolerate half less one Byzantine nodes in practical distributed systems , 2004, Proceedings of the 23rd IEEE International Symposium on Reliable Distributed Systems, 2004..

[55]  Andrew A. Chien,et al.  Tolerating denial-of-service attacks using overlay networks: impact of topology , 2003, SSRS '03.

[56]  Miguel Correia,et al.  The CRUTIAL Architecture for Critical Information Infrastructures , 2008, WADS.

[57]  Andreas Haeberlen,et al.  The Case for Byzantine Fault Detection , 2006, HotDep.

[58]  Vern Paxson,et al.  Computing TCP's Retransmission Timer , 2000, RFC.

[59]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[60]  David Powell,et al.  A fault- and intrusion- tolerant file system , 1985 .

[61]  Anas Abou El Kalam,et al.  Access Control for Collaborative Systems: A Web Services Based Approach , 2007, IEEE International Conference on Web Services (ICWS 2007).

[62]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[63]  Nancy A. Lynch,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[64]  Leonardo Mariani,et al.  Dependability in Peer-to-Peer Systems , 2004, IEEE Internet Comput..

[65]  Anura Gurugé,et al.  Universal Description, Discovery, and Integration , 2004 .

[66]  Neeraj Suri,et al.  Formally Verified On-Line Diagnosis , 1997, IEEE Trans. Software Eng..

[67]  Paulo Veríssimo,et al.  Distributed Systems for System Architects , 2001, Advances in Distributed Computing and Middleware.

[68]  Thomas P. von Hoff,et al.  Security for Industrial Communication Systems , 2005, Proceedings of the IEEE.

[69]  Fred B. Schneider,et al.  CODEX: a robust and secure secret distribution system , 2004, IEEE Transactions on Dependable and Secure Computing.

[70]  Miguel Correia,et al.  Intrusion-Tolerant Architectures: Concepts and Design , 2002, WADS.

[71]  Domenico Cotroneo,et al.  Effective fault treatment for improving the dependability of COTS and legacy-based applications , 2004, IEEE Transactions on Dependable and Secure Computing.

[72]  Jelena Mirkovic,et al.  Attacking DDoS at the source , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[73]  Sonia Fahmy,et al.  Analysis of vulnerabilities in Internet firewalls , 2003, Comput. Secur..

[74]  Kang G. Shin,et al.  Hop-count filtering: an effective defense against spoofed DDoS traffic , 2003, CCS '03.

[75]  Lui Sha,et al.  Aperiodic task scheduling for Hard-Real-Time systems , 2006, Real-Time Systems.

[76]  Paulo Veríssimo,et al.  On the Resilience of Intrusion-Tolerant Distributed Systems , 2006 .

[77]  Geert Deconinck,et al.  Dependable Overlay Networks , 2008, 2008 14th IEEE Pacific Rim International Symposium on Dependable Computing.

[78]  Hari Balakrishnan,et al.  Resilient overlay networks , 2001, SOSP.

[79]  Geert Deconinck,et al.  Analysis of Peer-to-Peer networks from a dependability perspective , 2008, 2008 Third International Conference on Risks and Security of Internet and Systems.

[80]  Chen-Nee Chuah,et al.  Characterization of Failures in an Operational IP Backbone Network , 2008, IEEE/ACM Transactions on Networking.

[81]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[82]  Rachid Guerraoui,et al.  Encapsulating Failure Detection: From Crash to Byzantine Failures , 2002, Ada-Europe.

[83]  Y. Tipsuwan,et al.  Network-based control systems: a tutorial , 2001, IECON'01. 27th Annual Conference of the IEEE Industrial Electronics Society (Cat. No.37243).

[84]  Risto Vaarandi,et al.  SEC - a lightweight event correlation tool , 2002, IEEE Workshop on IP Operations and Management.

[85]  Paulo Veríssimo,et al.  Travelling through wormholes: a new look at distributed systems models , 2006, SIGA.

[86]  Miguel Correia,et al.  How Practical Are Intrusion-Tolerant Distributed Systems? , 2006 .

[87]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[88]  Domenico Cotroneo,et al.  Implementation of threshold-based diagnostic mechanisms for COTS-based applications , 2002, 21st IEEE Symposium on Reliable Distributed Systems, 2002. Proceedings..

[89]  Andrea Bondavalli,et al.  Hidden Markov Models as a Support for Diagnosis: Formalization of the Problem and Synthesis of the Solution , 2006, 2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06).

[90]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[91]  Kang G. Shin,et al.  Detecting SYN flooding attacks , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[92]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[93]  Chen-Nee Chuah,et al.  Analysis of link failures in an IP backbone , 2002, IMW '02.

[94]  Ratul Mahajan,et al.  Controlling high bandwidth aggregates in the network , 2002, CCRV.

[95]  Miguel Correia,et al.  CRUTIAL: The Blueprint of a Reference Critical Information Infrastructure Architecture , 2006, CRITIS.

[96]  Ju Wang,et al.  Empirical Study of Tolerating Denial-of-Service Attacks with a Proxy Network , 2005, USENIX Security Symposium.

[97]  Aikaterini Mitrokotsa,et al.  DDoS attacks and defense mechanisms: classification and state-of-the-art , 2004, Comput. Networks.

[98]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[99]  Matthew K. Franklin,et al.  The Omega Key Management Service , 1996, J. Comput. Secur..

[100]  Angelos D. Keromytis,et al.  WebSOS: an overlay-based system for protecting web servers from denial of service attacks , 2005, Comput. Networks.

[101]  Fred B. Schneider,et al.  Implementing trustworthy services using replicated state machines , 2005, IEEE Security & Privacy Magazine.