Intrusion-Resilient Middleware Design and Validation

Intrusion Tolerance has become a reference paradigm for dealing with intrusions and accidental faults, achieving security and dependability in an automatic way, much along the lines of classical fault tolerance. This chapter is an introduction to the design and validation of intrusion-tolerant middleware and systems.

[1]  John Johansen,et al.  PointGuard™: Protecting Pointers from Buffer Overflow Vulnerabilities , 2003, USENIX Security Symposium.

[2]  Paulo Veríssimo,et al.  Intrusion-tolerant middleware: the road to automatic security , 2006, IEEE Security & Privacy.

[3]  Tomas Olovsson,et al.  Data Collection for Security Fault Forecasting - Pilot Experiment , 1993 .

[4]  Eugene H. Spafford,et al.  The COPS Security Checker System , 1990, USENIX Summer.

[5]  L. Spitzner,et al.  Honeypots: Tracking Hackers , 2002 .

[6]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[7]  Miguel Correia,et al.  Using Attack Injection to Discover New Vulnerabilities , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[8]  Michel Cukier,et al.  An experimental evaluation to determine if port scans are precursors to an attack , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[9]  Paulo Veríssimo,et al.  How resilient are distributed f fault/intrusion-tolerant systems? , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[10]  Van-Hau Pham,et al.  Understanding threats: a prerequisite to enhance survivability of computing systems , 2008, Int. J. Crit. Infrastructures.

[11]  Paulo Veríssimo,et al.  Hidden problems of asynchronous proactive recovery , 2007 .

[12]  David Powell,et al.  Failure mode assumptions and assumption coverage , 1992, [1992] Digest of Papers. FTCS-22: The Twenty-Second International Symposium on Fault-Tolerant Computing.

[13]  Miguel Correia,et al.  Randomized Intrusion-Tolerant Asynchronous Services , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[14]  Paulo Veríssimo Thou Shalt Not Trust non-Trustworthy Systems , 2006, 26th IEEE International Conference on Distributed Computing Systems Workshops (ICDCSW'06).

[15]  Steven M. Bellovin,et al.  There Be Dragons , 1992, USENIX Summer.

[16]  Miguel Correia,et al.  Evaluating Byzantine Quorum Systems , 2007, 2007 26th IEEE International Symposium on Reliable Distributed Systems (SRDS 2007).

[17]  Radu Rugina,et al.  Memory Leak Analysis by Contradiction , 2006, SAS.

[18]  Marko Vukolic,et al.  Refined quorum systems , 2007, PODC '07.

[19]  Miguel Correia,et al.  Worm-IT - A wormhole-based intrusion-tolerant group communication system , 2007, J. Syst. Softw..

[20]  Thomas A. Henzinger,et al.  Checking Memory Safety with Blast , 2005, FASE.

[21]  Daniel P. Siewiorek,et al.  Reliable computer systems (2nd ed.): design and evaluation , 1992 .

[22]  Jean-Philippe Martin,et al.  A framework for dynamic Byzantine storage , 2004, International Conference on Dependable Systems and Networks, 2004.

[23]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[24]  Marc Dacier,et al.  Lessons learned from the deployment of a high-interaction honeypot , 2006, 2006 Sixth European Dependable Computing Conference.

[25]  Michael K. Reiter,et al.  Secure and scalable replication in Phalanx , 1998, Proceedings Seventeenth IEEE Symposium on Reliable Distributed Systems (Cat. No.98CB36281).

[26]  David A. Wagner,et al.  A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities , 2000, NDSS.

[27]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[28]  David Evans,et al.  Statically Detecting Likely Buffer Overflow Vulnerabilities , 2001, USENIX Security Symposium.

[29]  Rodrigo Rodrigues,et al.  Tolerating Byzantine Faulty Clients in a Quorum System , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[30]  Robert Meyer,et al.  Assessing the Attack Threat due to IRC Channels , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[31]  Fabien Pouget White paper: honeypot, honeynet, honeytoken: terminological issues , 2003 .

[32]  David H. Ackley,et al.  Randomized instruction set emulation to disrupt binary code injection attacks , 2003, CCS '03.

[33]  Fred B. Schneider,et al.  CODEX: a robust and secure secret distribution system , 2004, IEEE Transactions on Dependable and Secure Computing.

[34]  Miguel Correia,et al.  Intrusion-Tolerant Architectures: Concepts and Design , 2002, WADS.

[35]  William H. Sanders,et al.  The Möbius Framework and Its Implementation , 2002, IEEE Trans. Software Eng..

[36]  C. Stoll The Cuckoo's Egg : Tracking a Spy Through the Maze of Computer Espionage , 1990 .

[37]  Miguel Correia,et al.  Efficient Byzantine-resilient reliable multicast on a hybrid failure model , 2002, 21st IEEE Symposium on Reliable Distributed Systems, 2002. Proceedings..

[38]  Hugo Krawczyk,et al.  Proactive Secret Sharing Or: How to Cope With Perpetual Leakage , 1995, CRYPTO.

[39]  Alexander Aiken,et al.  Flow-sensitive type qualifiers , 2002, PLDI '02.

[40]  Peter Oehlert,et al.  Violating Assumptions with Fuzzing , 2005, IEEE Secur. Priv..

[41]  Algirdas Avizienis,et al.  A fault tolerance approach to computer viruses , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[42]  Michael Dahlin,et al.  Minimal Byzantine Storage , 2002, DISC.

[43]  Marc Dacier,et al.  Honeypots: practical means to validate malicious fault assumptions , 2004, 10th IEEE Pacific Rim International Symposium on Dependable Computing, 2004. Proceedings..

[44]  Ravishankar K. Iyer,et al.  Transparent runtime randomization for security , 2003, 22nd International Symposium on Reliable Distributed Systems, 2003. Proceedings..

[45]  Avishai Wool,et al.  The load and availability of Byzantine quorum systems , 1997, PODC '97.

[46]  Stefano Tessaro,et al.  Optimal Resilience for Erasure-Coded Byzantine Distributed Storage , 2005, International Conference on Dependable Systems and Networks (DSN'06).

[47]  Michael K. Reiter,et al.  Secure agreement protocols: reliable and atomic group multicast in rampart , 1994, CCS '94.

[48]  Miguel Castro,et al.  Using abstraction to improve fault tolerance , 2001, Proceedings Eighth Workshop on Hot Topics in Operating Systems.

[49]  Miguel Castro,et al.  BASE: using abstraction to improve fault tolerance , 2001, SOSP.

[50]  H. Venkateswaran,et al.  Responsive Security for Stored Data , 2003, IEEE Trans. Parallel Distributed Syst..

[51]  Robbert van Renesse,et al.  COCA: a secure distributed online certification authority , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[52]  Liuba Shrira,et al.  HQ replication: a hybrid quorum protocol for byzantine fault tolerance , 2006, OSDI '06.

[53]  Paulo Veríssimo,et al.  On the Resilience of Intrusion-Tolerant Distributed Systems , 2006 .

[54]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[55]  Michael K. Reiter,et al.  Byzantine quorum systems , 1997, STOC '97.

[56]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[57]  Liming Chen,et al.  N-VERSION PROGRAMMINC: A FAULT-TOLERANCE APPROACH TO RELlABlLlTY OF SOFTWARE OPERATlON , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995, ' Highlights from Twenty-Five Years'..

[58]  Nuno Ferreira Neves,et al.  Robustness Testing of the Windows DDK , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).

[59]  Daniel P. Siewiorek,et al.  Reliable Computer Systems: Design and Evaluation, Third Edition , 1998 .

[60]  Robbert van Renesse,et al.  APSS: proactive secret sharing in asynchronous systems , 2005, TSEC.

[61]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[62]  Michael O. Rabin,et al.  Efficient dispersal of information for security, load balancing, and fault tolerance , 1989, JACM.

[63]  Clifford Stoll,et al.  Stalking the wily hacker , 1988, CACM.

[64]  David Powell,et al.  A fault- and intrusion- tolerant file system , 1985 .

[65]  Miguel Correia,et al.  How to tolerate half less one Byzantine nodes in practical distributed systems , 2004, Proceedings of the 23rd IEEE International Symposium on Reliable Distributed Systems, 2004..

[66]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1983, PODS '83.

[67]  John Lane,et al.  Customizable Fault Tolerance forWide-Area Replication , 2007, 2007 26th IEEE International Symposium on Reliable Distributed Systems (SRDS 2007).

[68]  Paulo Veríssimo,et al.  Proactive resilience through architectural hybridization , 2006, SAC.

[69]  Yves Deswarte,et al.  An intrusion tolerant architecture for dynamic content internet servers , 2003, SSRS '03.

[70]  Arun Venkataramani,et al.  Separating agreement from execution for byzantine fault tolerant services , 2003, SOSP '03.

[71]  Philip Koopman,et al.  The Exception Handling Effectiveness of POSIX Operating Systems , 2000, IEEE Trans. Software Eng..

[72]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[73]  HariGovind V. Ramasamy,et al.  Parsimonious Asynchronous Byzantine-Fault-Tolerant Atomic Broadcast , 2005, OPODIS.

[74]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[75]  Robin Berthier,et al.  Profiling Attacker Behavior Following SSH Compromises , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).

[76]  Miguel Correia,et al.  Low complexity Byzantine-resilient consensus , 2005, Distributed Computing.

[77]  Dhiraj K. Pradhan,et al.  Consensus With Dual Failure Modes , 1991, IEEE Trans. Parallel Distributed Syst..

[78]  Gary McGraw,et al.  ITS4: a static vulnerability scanner for C and C++ code , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[79]  Paulo Veríssimo,et al.  Resilient state machine replication , 2005, 11th Pacific Rim International Symposium on Dependable Computing (PRDC'05).

[80]  Jean-Philippe Martin,et al.  Fast Byzantine Consensus , 2006, IEEE Transactions on Dependable and Secure Computing.

[81]  Robert S. Swarz,et al.  Reliable Computer Systems: Design and Evaluation , 1992 .

[82]  Stefano Tessaro,et al.  Asynchronous verifiable information dispersal , 2005, 24th IEEE Symposium on Reliable Distributed Systems (SRDS'05).

[83]  Paulo Veríssimo,et al.  Travelling through wormholes: a new look at distributed systems models , 2006, SIGA.

[84]  Gary McGraw,et al.  Static Analysis for Security , 2004, IEEE Secur. Priv..

[85]  Miguel Correia,et al.  How Practical Are Intrusion-Tolerant Distributed Systems? , 2006 .

[86]  Miguel Correia,et al.  Decoupled Quorum-Based Byzantine-Resilient Coordination in Open Distributed Systems , 2006, Sixth IEEE International Symposium on Network Computing and Applications (NCA 2007).

[87]  Nancy A. Lynch,et al.  Consensus in the presence of partial synchrony , 1988, JACM.

[88]  Markus Jakobsson,et al.  Proactive public key and signature systems , 1997, CCS '97.

[89]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[90]  Fabien Pouget White paper: honeypot, honeynet: a comparative survey , 2003 .

[91]  B. Cheswick An Evening with Berferd In Which a Cracker is Lured, Endured, and Studied , 1997 .

[92]  David H. Ackley,et al.  Building diverse computer systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).

[93]  William H. Sanders,et al.  Dependability and Performance Evaluation of Intrusion-Tolerant Server Architectures , 2003, LADC.

[94]  Miguel Correia,et al.  From Consensus to Atomic Broadcast: Time-Free Byzantine-Resistant Protocols without Signatures , 2006, Comput. J..

[95]  Brian Randell,et al.  System structure for software fault tolerance , 1975, IEEE Transactions on Software Engineering.

[96]  Jonathan Kirsch,et al.  Scaling Byzantine Fault-Tolerant Replication toWide Area Networks , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[97]  Daniel C. DuVarney,et al.  Efficient Techniques for Comprehensive Protection from Memory Error Exploits , 2005, USENIX Security Symposium.

[98]  Dawn Song,et al.  Mitigating buffer overflows by operating system randomization , 2002 .

[99]  Rafail Ostrovsky,et al.  How to withstand mobile virus attacks (extended abstract) , 1991, PODC '91.

[100]  Bev Littlewood,et al.  Redundancy and Diversity in Security , 2004, ESORICS.

[101]  Barton P. Miller,et al.  An empirical study of the reliability of UNIX utilities , 1990, Commun. ACM.

[102]  Charles P. Shelton,et al.  Robustness testing of the Microsoft Win32 API , 2000, Proceeding International Conference on Dependable Systems and Networks. DSN 2000.

[103]  Brian Chess,et al.  Improving computer security using extended static checking , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[104]  Gabriel Bracha,et al.  An asynchronous [(n - 1)/3]-resilient consensus protocol , 1984, PODC '84.

[105]  Fred B. Schneider,et al.  Independence from obfuscation: a semantic framework for diversity , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[106]  Leslie Lamport,et al.  The part-time parliament , 1998, TOCS.

[107]  Jean Arlat,et al.  Dependability of COTS Microkernel-Based Systems , 2002, IEEE Trans. Computers.

[108]  Nuno Ferreira Neves,et al.  Fuzzing Wi-Fi Drivers to Locate Security Vulnerabilities , 2007, 2008 Seventh European Dependable Computing Conference.

[109]  Matt Bishop,et al.  Testing C Programs for Buffer Overflow Vulnerabilities , 2003, NDSS.

[110]  Michael K. Reiter,et al.  Efficient Byzantine-tolerant erasure-coded storage , 2004, International Conference on Dependable Systems and Networks, 2004.

[111]  Michael K. Reiter,et al.  An Architecture for Survivable Coordination in Large Distributed Systems , 2000, IEEE Trans. Knowl. Data Eng..

[112]  Piotr Zieliński,et al.  Paxos at war , 2004 .

[113]  Henrique Madeira,et al.  Characterization of operating systems behavior in the presence of faulty drivers through software fault emulation , 2002, 2002 Pacific Rim International Symposium on Dependable Computing, 2002. Proceedings..

[114]  Daniel C. DuVarney,et al.  Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits , 2003, USENIX Security Symposium.

[115]  Sam Toueg,et al.  Unreliable failure detectors for reliable distributed systems , 1996, JACM.

[116]  Anna Lysyanskaya,et al.  Asynchronous verifiable secret sharing and proactive cryptosystems , 2002, CCS '02.

[117]  Daniel P. Siewiorek,et al.  Robustness testing and hardening of CORBA ORB implementations , 2001, 2001 International Conference on Dependable Systems and Networks.

[118]  Matt Bishop,et al.  Checking for Race Conditions in File Accesses , 1996, Comput. Syst..

[119]  Michael K. Reiter,et al.  The Rampart Toolkit for Building High-Integrity Services , 1994, Dagstuhl Seminar on Distributed Systems.

[120]  Moti Yung,et al.  Optimal-resilience proactive public-key cryptosystems , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[121]  Marc Dacier,et al.  Empirical analysis and statistical modeling of attack processes based on honeypots , 2007, ArXiv.

[122]  Tal Rabin,et al.  Secure distributed storage and retrieval , 1997, Theor. Comput. Sci..

[123]  Jean Arlat,et al.  Dependability of CORBA systems: service characterization by fault injection , 2002, 21st IEEE Symposium on Reliable Distributed Systems, 2002. Proceedings..

[124]  William H. Sanders,et al.  Proactive Resilience Revisited: The Delicate Balance Between Resisting Intrusions and Remaining Available , 2006, 2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06).

[125]  Angelos D. Keromytis,et al.  Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.

[126]  Miguel Correia,et al.  The CRUTIAL reference critical information infrastructure architecture: a blueprint , 2008, Int. J. Syst. Syst. Eng..

[127]  Jean Arlat,et al.  Characterization of the impact of faulty drivers on the robustness of the Linux kernel , 2004, International Conference on Dependable Systems and Networks, 2004.

[128]  Tomas Olovsson,et al.  A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior , 1997, IEEE Trans. Software Eng..

[129]  David K. Gifford,et al.  Weighted voting for replicated data , 1979, SOSP '79.

[130]  Franklin Webber,et al.  The DPASA Survivable JBI — A High-Water Mark in Intrusion-Tolerant Systems , 2007 .

[131]  Paulo Veríssimo Uncertainty and predictability: can they be reconciled? , 2003 .

[132]  Miguel Correia,et al.  Resilient Intrusion Tolerance through Proactive and Reactive Recovery , 2007, 13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007).

[133]  Sadie Creese,et al.  Conceptual Model and Architecture of MAFTIA , 2003 .

[134]  Yves Deswarte,et al.  Intrusion tolerance in distributed computing systems , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[135]  Tomas Olovsson,et al.  Towards operational measures of computer security: Experimentation and modelling , 1995 .

[136]  William H. Sanders,et al.  Model-based validation of an intrusion-tolerant information system , 2004, Proceedings of the 23rd IEEE International Symposium on Reliable Distributed Systems, 2004..

[137]  Hugo Krawczyk Distributed fingerprints and secure information dispersal , 1993, PODC '93.