Enhancing Fault / Intrusion Tolerance through Design and Configuration Diversity

Fault/intrusion tolerance is usually the only viable way of improving the system dependability and security in the presence of continuously evolving threats. Many of the solutions in the literature concern a specific snapshot in the production or deployment of a fault-tolerant system and no immediate considerations are made about how the system should evolve to deal with novel threats. In this paper we outline and evaluate a set of operating systems’ and applications’ reconfiguration rules which can be used to modify the state of a system replica prior to deployment or in between recoveries, and hence increase the replicas chance of a longer intrusion-free operation.

[1]  Andrea Bondavalli,et al.  Analysis of a Redundant Architecture for Critical Infrastructure Protection , 2007, WADS.

[2]  Bev Littlewood,et al.  Modeling Software Design Diversit y-AR eview , 2001 .

[3]  Jack W. Davidson,et al.  Security through redundant data diversity , 2008, 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN).

[4]  David H. Ackley,et al.  Building diverse computer systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).

[5]  Fred B. Schneider,et al.  COCA: a secure distributed online certification authority , 2002 .

[6]  Miguel Correia,et al.  Randomized Intrusion-Tolerant Asynchronous Services , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[7]  Andrea Bondavalli,et al.  Markov Regenerative Stochastic Petri Nets to Model and Evaluate Phased Mission Systems Dependability , 2001, IEEE Trans. Computers.

[8]  Lorenzo Strigini,et al.  Fault Tolerance Against Design Faults , 2005 .

[9]  Karl N. Levitt,et al.  The design and implementation of an intrusion tolerant system , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[10]  Ilir Gashi,et al.  Rephrasing Rules for Off-The-Shelf SQL Database Servers , 2006, 2006 Sixth European Dependable Computing Conference.

[11]  Daniel C. DuVarney,et al.  Efficient Techniques for Comprehensive Protection from Memory Error Exploits , 2005, USENIX Security Symposium.

[12]  Paul Ammann,et al.  Data Diversity: An Approach to Software Fault Tolerance , 1988, IEEE Trans. Computers.

[13]  Fred B. Schneider,et al.  Independence from obfuscation: A semantic framework for diversity , 2010, J. Comput. Secur..

[14]  Jim Gray,et al.  Why Do Computers Stop and What Can Be Done About It? , 1986, Symposium on Reliability in Distributed Software and Database Systems.

[15]  Alysson Bessani,et al.  On the Effects of Diversity on Intrusion Tolerance , 2008 .

[16]  Andrea Bondavalli,et al.  DEEM: a tool for the dependability modeling and evaluation of multiple phased systems , 2000, Proceeding International Conference on Dependable Systems and Networks. DSN 2000.

[17]  Ramakrishna Kotla,et al.  Zyzzyva: speculative byzantine fault tolerance , 2007, TOCS.

[18]  Alysson Neves Bessani,et al.  The FOREVER service for fault/intrusion removal , 2008, WRAITS '08.

[19]  Matti A. Hiltunen,et al.  Survivability through customization and adaptability: the Cactus approach , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[20]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[21]  Lorenzo Strigini,et al.  Protective Wrapping of Off-the-Shelf Components , 2005, ICCBSS.

[22]  Alessandro Daidone FOREVER assessment : modelling details Technical report RCL 081215 , 2009 .

[23]  Paulo Veríssimo,et al.  Travelling through wormholes: a new look at distributed systems models , 2006, SIGA.