FTP Tolerante a Intrusões

A seguranca de servicos distribuidos na Internet e uma preocupacao constante dos administradores de sistemas. Uma abordagem recente denominada tolerância a intrusoes pretende aplicar o paradigma da tolerância a faltas no dominio da seguranca. O objectivo e o de procurar nao apenas prevenir a ocorrencia de intrusoes, mas criar mecanismos que mantenham o sistema operacional mesmo que estas sucedam. Este artigo apresenta o projecto de um servico de FTP tolerante a intrusoes. Este servico utiliza um componente distribuido da classe dos wormholes para tolerar intrusoes em alguns servidores. O numero de servidores necessarios e inferior ao de outros sistemas semelhantes na literatura, o que tem um importante impacto no custo da solucao. O desempenho do servico e medido.

[1]  André Schiper Early consensus in an asynchronous system with a weak failure detector , 1997, Distributed Computing.

[2]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[3]  Algirdas Avizienis,et al.  The N-Version Approach to Fault-Tolerant Software , 1985, IEEE Transactions on Software Engineering.

[4]  Miguel Correia Serviços Distribuídos Tolerantes a Intrusões: resultados recentes e problemas abertos , 2005 .

[5]  Paulo Veríssimo Uncertainty and predictability: can they be reconciled? , 2003 .

[6]  Michael Dahlin,et al.  Minimal Byzantine Storage , 2002, DISC.

[7]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[8]  H. Venkateswaran,et al.  Responsive Security for Stored Data , 2003, IEEE Trans. Parallel Distributed Syst..

[9]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[10]  Miguel Correia,et al.  Intrusion-Tolerant Architectures: Concepts and Design , 2002, WADS.

[11]  Miguel Correia,et al.  Efficient Byzantine-resilient reliable multicast on a hybrid failure model , 2002, 21st IEEE Symposium on Reliable Distributed Systems, 2002. Proceedings..

[12]  Michael K. Reiter,et al.  Secure and scalable replication in Phalanx , 1998, Proceedings Seventeenth IEEE Symposium on Reliable Distributed Systems (Cat. No.98CB36281).

[13]  Michael K. Reiter,et al.  Byzantine quorum systems , 1997, STOC '97.

[14]  Stefano Tessaro,et al.  Asynchronous Verifiable Information Dispersal , 2005, DISC.

[15]  David Evans,et al.  Improving Security Using Extensible Lightweight Static Analysis , 2002, IEEE Softw..

[16]  권태경,et al.  SSL Protocol 기반의 서버인증 , 2003 .

[17]  Michael Hohmuth The Fiasco Kernel: Requirements Definition , 1998 .

[18]  Paulo Veríssimo,et al.  Uncertainty and Predictability: Can They Be Reconciled? , 2003, Future Directions in Distributed Computing.

[19]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1985, JACM.

[20]  Sam Toueg,et al.  Unreliable failure detectors for reliable distributed systems , 1996, JACM.

[21]  Michael K. Reiter,et al.  The Rampart Toolkit for Building High-Integrity Services , 1994, Dagstuhl Seminar on Distributed Systems.

[22]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[23]  Miguel Correia,et al.  Low complexity Byzantine-resilient consensus , 2005, Distributed Computing.

[24]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[25]  Morrie Gasser,et al.  Building a Secure Computer System , 1988 .

[26]  Miguel Correia,et al.  The Design of a COTSReal-Time Distributed Security Kernel , 2002, EDCC.

[27]  Miguel Correia,et al.  How to tolerate half less one Byzantine nodes in practical distributed systems , 2004, Proceedings of the 23rd IEEE International Symposium on Reliable Distributed Systems, 2004..

[28]  David Powell,et al.  A fault- and intrusion- tolerant file system , 1985 .

[29]  Jean-Claude Laprie,et al.  Diversity against accidental and deliberate faults , 1998, Proceedings Computer Security, Dependability, and Assurance: From Needs to Solutions (Cat. No.98EX358).