Survivable Loosely Coupled Architectures

Abstract : The objective of this research was to develop mechanisms and methods of analysis to support construction of survivable systems where survivable means systems able to withstand multiple kinds of faults among their components, including those induced deliberately by an active attacker. One class of architectures for survivability builds on classical methods for fault tolerance, in which replication and voting are used to mask faults. An alternative class of methods requires less tight coordination, giving rise to loosely coupled architectures. Mechanisms that support survivability in loosely coupled architectures are typically based on cryptography, and much of the work performed in this project focused on development of suitable cryptographic protocols and on their formal verification. In the course of the project, the state of the art was advanced from one where formal verification of these protocols was a tour de force to one where it may be considered routine and available for general deployment. The outputs of this research are documented in a series of technical papers (with associated abstracts) that follow.

[1]  Catherine A. Meadows,et al.  The NRL Protocol Analyzer: An Overview , 1996, J. Log. Program..

[2]  Leslie Lamport,et al.  Concurrent reading and writing , 1977, Commun. ACM.

[3]  Owen Rees,et al.  Efficient and timely mutual authentication , 1987, OPSR.

[4]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[5]  John Rushby Model Checking Simpson's Four-Slot Fully Asynchronous Communication Mechanism , 2002 .

[6]  José Meseguer,et al.  Initiality, induction, and computability , 1986 .

[7]  Anish Arora,et al.  Component based design of fault-tolerance , 1999 .

[8]  John C. Mitchell,et al.  Undecidability of bounded security protocols , 1999 .

[9]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[10]  Ashish Tiwari,et al.  A Technique for Invariant Generation , 2001, TACAS.

[11]  Dale Skeen,et al.  The Information Bus: an architecture for extensible distributed systems , 1994, SOSP '93.

[12]  John C. Mitchell,et al.  A meta-notation for protocol analysis , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[13]  Kenneth L. McMillan,et al.  Circular Compositional Reasoning about Liveness , 1999, CHARME.

[14]  Nancy A. Lynch,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[15]  Natarajan Shankar,et al.  Formal Verification for Fault-Tolerant Architectures: Prolegomena to the Design of PVS , 1995, IEEE Trans. Software Eng..

[16]  John M. Rushby,et al.  Design and verification of secure systems , 1981, SOSP.

[17]  David Monniaux Decision procedures for the analysis of cryptographic protocols by logics of belief , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[18]  Li Gong,et al.  Enclaves: Enabling Secure Collaboration Over the Internet , 1996, IEEE J. Sel. Areas Commun..

[19]  John M. Rushby,et al.  Automated Deduction and Formal Methods , 1996, CAV.

[20]  Philip M. Thambidurai,et al.  Interactive consistency with multiple failure modes , 1988, Proceedings [1988] Seventh Symposium on Reliable Distributed Systems.

[21]  H. R. Simpson Four-slot fully asynchronous communication mechanism , 1990 .

[22]  Ben L. Di Vito,et al.  Formal Techniques for Synchronized Fault-Tolerant Systems , 1992 .

[23]  Kedar S. Namjoshi,et al.  On the Competeness of Compositional Reasoning , 2000, CAV.

[24]  John Rushby Formal Verification of McMillan's Compositional Assume-Guarantee Rule , 2001 .

[25]  John Rushby,et al.  Avionics Architectures: Mechanisms, and Assurance , 1999 .

[26]  Shmuel Katz,et al.  Low-Overhead Time-Triggered Group Membership , 1997, WDAG.

[27]  John Rushby A formally verified algorithm for clock synchronization under a hybrid fault model , 1994, PODC '94.

[28]  Wim H. Hesselink,et al.  An assertional criterion for atomicity , 2002, Acta Informatica.

[29]  Li Gong,et al.  Reasoning about belief in cryptographic protocols , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[30]  Ulrich Schmid,et al.  How to reconcile fault-tolerant interval intersection with the Lipschitz condition , 2001, Distributed Computing.

[31]  Natarajan Shankar,et al.  Combining Theorem Proving and Model Checking through Symbolic Analysis , 2000, CONCUR.

[32]  John Rushby A FAULT-MASKING AND TRANSIENT-RECOVERY MODEL FOR DIGITAL FLIGHT-CONTROL SYSTEMS , 1993 .

[33]  Jonathan K. Millen,et al.  Protocol-independent secrecy , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[34]  P. M. Melliar-Smith,et al.  Synchronizing clocks in the presence of faults , 1985, JACM.

[35]  Cliff B. Jones,et al.  Tentative steps toward a development method for interfering programs , 1983, TOPL.

[36]  John Rushby Formal Verification of Marzullo's Sensor Fusion Interval , 2002 .

[37]  Natarajan Shankar Mechanical Verification of a Generalized Protocol for Byzantine Fault Tolerant Clock Synchronization , 1992, FTRTFT.

[38]  Günter Grünsteidl,et al.  TTP - A Protocol for Fault-Tolerant Real-Time Systems , 1994, Computer.

[39]  A. W. Roscoe Modelling and verifying key-exchange protocols using CSP and FDR , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.

[40]  Yassine Lakhnech,et al.  A Transformational Approach for Generating Non-linear Invariants , 2000, SAS.

[41]  Ulrich Schmid How to model link failures: a perception-based fault model , 2001, 2001 International Conference on Dependable Systems and Networks.

[42]  Michael K. Reiter,et al.  Secure agreement protocols: reliable and atomic group multicast in rampart , 1994, CCS '94.

[43]  John Rushby,et al.  Formal Methods and the Certification of Critical Systems , 2004 .

[44]  Nancy A. Lynch,et al.  A new fault-tolerant algorithm for clock synchronization , 1984, PODC '84.

[45]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1985, JACM.

[46]  James H. Anderson Lamport on mutual exclusion: 27 years of planting seeds , 2001, PODC '01.

[47]  Lawrence C. Paulson,et al.  Proving properties of security protocols by induction , 1997, Proceedings 10th Computer Security Foundations Workshop.

[48]  Fred B. Schneider,et al.  Understanding Protocols for Byzantine Clock Synchronization , 1987 .

[49]  Hermann Kopetz,et al.  The non-blocking write protocol NBW: A solution to a real-time synchronization problem , 1993, 1993 Proceedings Real-Time Systems Symposium.

[50]  John M. Rushby,et al.  Systematic Formal Verification for Fault-Tolerant Time-Triggered Algorithms , 1999, IEEE Trans. Software Eng..

[51]  Hermann Kopetz,et al.  The time-triggered model of computation , 1998, Proceedings 19th IEEE Real-Time Systems Symposium (Cat. No.98CB36279).

[52]  Edmund M. Clarke,et al.  Compositional model checking , 1989, [1989] Proceedings. Fourth Annual Symposium on Logic in Computer Science.

[53]  Joshua D. Guttman,et al.  Honest ideals on strand spaces , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[54]  Nancy A. Lynch,et al.  Consensus in the presence of partial synchrony , 1988, JACM.

[55]  Holger Pfeifer Formal Verification of the TTP Group Membership Algorithm , 2000, FORTE.

[56]  Lawrence C. Paulson,et al.  Relations Between Secrets: Two Formal Analyses of the Yahalom Protocol , 2001, J. Comput. Secur..

[57]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[58]  Shlomi Dolev,et al.  Self Stabilization , 2004, J. Aerosp. Comput. Inf. Commun..

[59]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[60]  Karsten Stahl,et al.  Abstracting WS1S Systems to Verify Parameterized Networks , 2000, TACAS.

[61]  Christoph M. Kirsch,et al.  Giotto: a time-triggered language for embedded programming , 2003 .

[62]  Michael Paulitsch,et al.  An investigation of membership and clique avoidance in TTP/C , 2000, Proceedings 19th IEEE Symposium on Reliable Distributed Systems SRDS-2000.

[63]  John Rushby,et al.  A Comparison of Bus Architectures for Safety-Critical Embedded Systems , 2003 .

[64]  Nils Klarlund,et al.  MONA 1.x: New Techniques for WS1S and WS2S , 1998, CAV.

[65]  Hermann Kopetz,et al.  Real-time systems , 2018, CSC '73.

[66]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[67]  D.S. Hardin,et al.  Invariant performance: a statement of task isolation useful for embedded application integration , 1999, Dependable Computing for Critical Applications 7.

[68]  Kenneth P. Birman,et al.  The process group approach to reliable distributed computing , 1992, CACM.

[69]  Natarajan Shankar,et al.  Abstract and Model Check While You Prove , 1999, CAV.

[70]  Somesh Jha,et al.  Model Checking for Security Protocols , 1997 .

[71]  John Rushby,et al.  Dependable Computing for Critical Applications 7 , 1999, Dependable Computing for Critical Applications 7.

[72]  Friedrich W. von Henke,et al.  Mechanical Verification of Clock Synchronization Algorithms , 1998, FTRTFT.

[73]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[74]  John Rushby Formal Verification of Transmission Window Timing for the Time-Triggered Architecture , 2001 .

[75]  Anish Arora,et al.  Detectors and correctors: a theory of fault-tolerance components , 1998, Proceedings. 18th International Conference on Distributed Computing Systems (Cat. No.98CB36183).

[76]  S Miner Paul,et al.  Verification of Fault-Tolerant Clock Synchronization Systems , 2003 .

[77]  Keith Marzullo,et al.  Tolerating failures of continuous-valued sensors , 1990, TOCS.

[78]  Jonathan K. Millen,et al.  Proving secrecy is easy enough , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[79]  Hermann Kopetz,et al.  Temporal firewalls in large distributed real-time systems , 1997, Proceedings of the Sixth IEEE Computer Society Workshop on Future Trends of Distributed Computing Systems.

[80]  Michael Stonebraker,et al.  The Morgan Kaufmann Series in Data Management Systems , 1999 .

[81]  John Ulrich,et al.  Automated Analysis of Cryptographic Protocols Using Mur ' , 1997 .

[82]  Bill Roscoe TTP: A case study in combining induction and data independence , 1999 .

[83]  Natarajan Shankar,et al.  A case-study in component-based mechanical verification of fault-tolerant programs , 1999, Proceedings 19th IEEE International Conference on Distributed Computing Systems.

[84]  Steve A. Schneider Verifying Authentication Protocols in CSP , 1998, IEEE Trans. Software Eng..

[85]  Bernadette Charron-Bost,et al.  On the impossibility of group membership , 1996, PODC '96.

[86]  John Rushby,et al.  Formal verification of algorithms for critical systems , 1991 .

[87]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[88]  K. Mani Chandy,et al.  Proofs of Networks of Processes , 1981, IEEE Transactions on Software Engineering.

[89]  Gavin Lowe,et al.  Towards a completeness result for model checking of security protocols , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[90]  Michael Paulitsch,et al.  The transition from asynchronous to synchronous system operation: an approach for distributed fault-tolerant systems , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[91]  R. McAfee,et al.  Auctions and Bidding , 1986 .

[92]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[93]  John Rushby,et al.  An Introduction to Formal Specification and Verification using EHDM , 1991 .

[94]  Hermann Kopetz,et al.  Elementary versus composite interfaces in distributed real-time systems , 1999, Proceedings. Fourth International Symposium on Autonomous Decentralized Systems. - Integration of Heterogeneous Systems -.