An Infrastructure Based in Virtualization for Intrusion Tolerant Services

This paper presents an infrastructure based in virtualization which provides support to intrusion tolerance (Byzantine or malicious faults) for Web Services. The introduced approach makes extensive use of virtualization technology and shared memory in order to tolerate intrusions at a low cost of messages. The intrusion tolerance is typically achieved using state machine replication (SMR). Our approach allows client requests to be performed with a variable number (between f + 1 and 2f + 1) of execution replicas which is different from more classical implementations of SMR. This paper describes the algorithms, presents details of a prototype, testing and a comparative study with the related work in the literature.

[1]  Wenbing Zhao,et al.  BFT-WS: A Byzantine Fault Tolerance Framework for Web Services , 2007, 2007 Eleventh International IEEE EDOC Conference Workshop.

[2]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[3]  Arun Venkataramani,et al.  Separating agreement from execution for byzantine fault tolerant services , 2003, SOSP '03.

[4]  Arun Venkataramani,et al.  ZZ and the art of practical BFT execution , 2011, EuroSys '11.

[5]  Miguel Correia,et al.  Intrusion-Tolerant Architectures: Concepts and Design , 2002, WADS.

[6]  Subasish Mohapatra,et al.  Virtualization: A Survey on Concepts, Taxonomy and Associated Security Issues , 2010, 2010 Second International Conference on Computer and Network Technology.

[7]  Michel Raynal,et al.  Electing an Eventual Leader in an Asynchronous Shared Memory System , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).

[8]  Priya Narasimhan,et al.  Thema: Byzantine-fault-tolerant middleware for Web-service applications , 2005, 24th IEEE Symposium on Reliable Distributed Systems (SRDS'05).

[9]  Scott Shenker,et al.  Diverse Replication for Single-Machine Byzantine-Fault Tolerance , 2008, USENIX Annual Technical Conference.

[10]  Sunil Chandra,et al.  Decentralized orchestration of composite web services , 2004, WWW Alt. '04.

[11]  Nancy A. Lynch,et al.  Consensus in the presence of partial synchrony , 1988, JACM.

[12]  J-C. Laprie,et al.  DEPENDABLE COMPUTING AND FAULT TOLERANCE : CONCEPTS AND TERMINOLOGY , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995, ' Highlights from Twenty-Five Years'..

[13]  Miguel Correia,et al.  Intrusion Tolerant Services Through Virtualization: A Shared Memory Approach , 2010, 2010 24th IEEE International Conference on Advanced Information Networking and Applications.

[14]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[15]  Andrew Warfield,et al.  Xen and the art of virtualization , 2003, SOSP '03.

[16]  Rüdiger Kapitza,et al.  VM-FIT: Supporting Intrusion Tolerance with Virtualisation Technology , 2007 .

[17]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.