Worm-IT - A wormhole-based intrusion-tolerant group communication system

This paper presents Worm-IT, a new intrusion-tolerant group communication system with a membership service and a view-synchronous atomic multicast primitive. The system is intrusion-tolerant in the sense that it behaves correctly even if some nodes are corrupted and become malicious. It is based on a novel approach that enhances the environment with a special secure distributed component used by the protocols to execute securely a few crucial operations. Using this approach, we manage to bring together two important features: Worm-IT tolerates the maximum number of malicious members possible; it does not have to detect the failure of primary-members, a problem in previous intrusion-tolerant group communication systems.

[1]  Rachid Guerraoui,et al.  Encapsulating Failure Detection: From Crash to Byzantine Failures , 2002, Ada-Europe.

[2]  Louise E. Moser,et al.  Byzantine-Resistant Total Ordering Algorithms , 1999, Inf. Comput..

[3]  Louise E. Moser,et al.  Byzantine Fault Detectors for Solving Consensus , 2003, Comput. J..

[4]  Louise E. Moser,et al.  Extended virtual synchrony , 1994, 14th International Conference on Distributed Computing Systems.

[5]  Miguel Castro,et al.  BASE: Using abstraction to improve fault tolerance , 2003, TOCS.

[6]  Miguel Correia,et al.  Intrusion-Tolerant Architectures: Concepts and Design , 2002, WADS.

[7]  Michael K. Reiter,et al.  Secure agreement protocols: reliable and atomic group multicast in rampart , 1994, CCS '94.

[8]  Miguel Castro,et al.  Using abstraction to improve fault tolerance , 2001, Proceedings Eighth Workshop on Hot Topics in Operating Systems.

[9]  Christian Cachin,et al.  Secure INtrusion-Tolerant Replication on the Internet , 2002, Proceedings International Conference on Dependable Systems and Networks.

[10]  Michel Raynal,et al.  Consensus in Byzantine asynchronous systems , 2003, J. Discrete Algorithms.

[11]  Danny Dolev,et al.  The architecture and performance of security protocols in the ensemble group communication system: Using diamonds to guard the castle. , 2001 .

[12]  L.E. Moser,et al.  The SecureGroup group communication system , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[13]  Paulo Veríssimo Uncertainty and predictability: can they be reconciled? , 2003 .

[14]  Michael K. Reiter,et al.  Byzantine quorum systems , 1997, STOC '97.

[15]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1985, JACM.

[16]  Idit Keidar,et al.  Group communication specifications: a comprehensive study , 2001, CSUR.

[17]  Sam Toueg,et al.  Unreliable failure detectors for reliable distributed systems , 1996, JACM.

[18]  David Powell,et al.  A fault- and intrusion- tolerant file system , 1985 .

[19]  Michael K. Reiter,et al.  Unreliable intrusion detection in distributed computations , 1997, Proceedings 10th Computer Security Foundations Workshop.

[20]  Jean-Claude Laprie,et al.  Diversity against accidental and deliberate faults , 1998, Proceedings Computer Security, Dependability, and Assurance: From Needs to Solutions (Cat. No.98EX358).

[21]  Gene Tsudik,et al.  Secure spread: an integrated architecture for secure group communication , 2005, IEEE Transactions on Dependable and Secure Computing.

[22]  Miguel Correia,et al.  The Design of a COTSReal-Time Distributed Security Kernel , 2002, EDCC.

[23]  Sean W. Smith Magic Boxes and Boots: Security in Hardware , 2004, Computer.

[24]  Danny Dolev,et al.  The architecture and performance of security protocols in the ensemble group communication system , 2000, ACM Trans. Inf. Syst. Secur..

[25]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[26]  Kenneth P. Birman,et al.  Exploiting virtual synchrony in distributed systems , 1987, SOSP '87.

[27]  Jean-Philippe Martin,et al.  Fast Byzantine Consensus , 2006, IEEE Transactions on Dependable and Secure Computing.

[28]  Roy Friedman,et al.  Strong and weak virtual synchrony in Horus , 1996, Proceedings 15th Symposium on Reliable Distributed Systems.

[29]  Kenneth P. Birman,et al.  Reliable communication in the presence of failures , 1987, TOCS.

[30]  Sadie Creese,et al.  Conceptual Model and Architecture of MAFTIA , 2003 .

[31]  Louise E. Moser,et al.  The SecureRing group communication system , 2001, TSEC.

[32]  Nancy A. Lynch,et al.  Consensus in the presence of partial synchrony , 1988, JACM.

[33]  Algirdas Avizienis,et al.  The N-Version Approach to Fault-Tolerant Software , 1985, IEEE Transactions on Software Engineering.

[34]  Miguel Correia,et al.  Efficient Byzantine-resilient reliable multicast on a hybrid failure model , 2002, 21st IEEE Symposium on Reliable Distributed Systems, 2002. Proceedings..

[35]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[36]  Miguel Correia,et al.  Low complexity Byzantine-resilient consensus , 2005, Distributed Computing.

[37]  Fred B. Schneider,et al.  COCA: a secure distributed online certification authority , 2002 .

[38]  Miguel Correia,et al.  From Consensus to Atomic Broadcast: Time-Free Byzantine-Resistant Protocols without Signatures , 2006, Comput. J..

[39]  William H. Sanders,et al.  Quantifying the cost of providing intrusion tolerance in group communication systems , 2002, Proceedings International Conference on Dependable Systems and Networks.

[40]  William H. Sanders,et al.  CoBFIT: A component-based framework for intrusion tolerance , 2004 .

[41]  P. Verissimo,et al.  How to build a timely computing base using real-time Linux , 2000, 2000 IEEE International Workshop on Factory Communication Systems. Proceedings (Cat. No.00TH8531).

[42]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[43]  Antonio Casimiro,et al.  The Timely Computing Base Model and Architecture , 2002, IEEE Trans. Computers.