How Practical Are Intrusion-Tolerant Distributed Systems?

Building secure, inviolable systems using traditional mechanisms is becoming increasingly an unattainable goal. The recognition of this fact has fostered the interest in alternative approaches to security such as intrusion tolerance, which applies fault tolerance concepts and techniques to security problems. Albeit this area is quite promising, intrusion-tolerant distributed systems typically rely on the assumption that the system components fail or are compromised independently. This is a strong assumption that has been repeatedly questioned. In this paper we discuss how this assumption can be implemented in practice using diversity of system components. We present a taxonomy of axes of diversity and discuss how they provide failure independence. Furthermore, we provide a practical example of an intrusion-tolerant system built using diversity.

[1]  Ira S. Winkler,et al.  Information Security Technology? Don't Rely on It. A Case Study in Social Engineering , 1995, USENIX Security Symposium.

[2]  Ravishankar K. Iyer,et al.  Transparent runtime randomization for security , 2003, 22nd International Symposium on Reliable Distributed Systems, 2003. Proceedings..

[3]  David Powell,et al.  A fault- and intrusion- tolerant file system , 1985 .

[4]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[5]  Anura Gurugé,et al.  Universal Description, Discovery, and Integration , 2004 .

[6]  Miguel Correia,et al.  An Intrusion-Tolerant Web Server based on the DISTRACT Architecture , 2004 .

[7]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[8]  William H. Sanders,et al.  Model-based validation of an intrusion-tolerant information system , 2004, Proceedings of the 23rd IEEE International Symposium on Reliable Distributed Systems, 2004..

[9]  Miguel Correia,et al.  Intrusion-Tolerant Architectures: Concepts and Design , 2002, WADS.

[10]  Colin Percival CACHE MISSING FOR FUN AND PROFIT , 2005 .

[11]  Yvo Desmedt,et al.  Some Recent Research Aspects of Threshold Cryptography , 1997, ISW.

[12]  Miguel Castro,et al.  Using abstraction to improve fault tolerance , 2001, Proceedings Eighth Workshop on Hot Topics in Operating Systems.

[13]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[14]  B SchneiderFred Implementing fault-tolerant services using the state machine approach: a tutorial , 1990 .

[15]  Jean-Philippe Martin,et al.  Fast Byzantine Consensus , 2006, IEEE Transactions on Dependable and Secure Computing.

[16]  Christian Cachin,et al.  Secure INtrusion-Tolerant Replication on the Internet , 2002, Proceedings International Conference on Dependable Systems and Networks.

[17]  David A. Wheeler,et al.  Countering trusting trust through diverse double-compiling , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[18]  Piotr Zieliński,et al.  Paxos at war , 2004 .

[19]  Miguel Castro,et al.  BASE: Using abstraction to improve fault tolerance , 2003, TOCS.

[20]  Nancy G. Leveson,et al.  An experimental evaluation of the assumption of independence in multiversion programming , 1986, IEEE Transactions on Software Engineering.

[21]  Hovav Shacham,et al.  On the effectiveness of address-space randomization , 2004, CCS '04.

[22]  Gary McGraw,et al.  Exploiting Software: How to Break Code , 2004 .

[23]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[24]  Jaynarayan H. Lala,et al.  Foundations of Intrusion Tolerant Systems , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[25]  Matt Bishop,et al.  Checking for Race Conditions in File Accesses , 1996, Comput. Syst..

[26]  Michael K. Reiter,et al.  The Rampart Toolkit for Building High-Integrity Services , 1994, Dagstuhl Seminar on Distributed Systems.

[27]  Bev Littlewood,et al.  Redundancy and Diversity in Security , 2004, ESORICS.

[28]  David H. Ackley,et al.  Building diverse computer systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).

[29]  Michael K. Reiter,et al.  Byzantine quorum systems , 1997, STOC '97.

[30]  Roy T. Fielding,et al.  Hypertext Transfer Protocol - HTTP/1.0 , 1996, RFC.

[31]  Fred B. Schneider,et al.  COCA: a secure distributed online certification authority , 2002 .

[32]  Brian Randell,et al.  System structure for software fault tolerance , 1975, IEEE Transactions on Software Engineering.

[33]  Bev Littlewood,et al.  Modeling Software Design Diversit y-AR eview , 2001 .

[34]  Sam Toueg,et al.  Randomized Byzantine Agreements , 1984, PODC '84.

[35]  Steven Cheung,et al.  Denial of service against the Domain Name System , 2006, IEEE Security & Privacy Magazine.

[36]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[37]  K. Thompson Reflections on trusting trust , 1984, CACM.

[38]  Miguel Correia,et al.  Randomized Intrusion-Tolerant Asynchronous Services , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[39]  Ravishankar K. Iyer,et al.  Security Vulnerabilities: From Analysis to Detection and Masking Techniques , 2006, Proceedings of the IEEE.

[40]  Algirdas Avizienis,et al.  A fault tolerance approach to computer viruses , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[41]  Calton Pu,et al.  Buffer overflows: attacks and defenses for the vulnerability of the decade , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[42]  Miguel Correia,et al.  How to tolerate half less one Byzantine nodes in practical distributed systems , 2004, Proceedings of the 23rd IEEE International Symposium on Reliable Distributed Systems, 2004..

[43]  Salim Hariri,et al.  Randomized Instruction Set Emulation To Disrupt Binary Code Injection Attacks , 2003 .

[44]  Jean-Claude Laprie,et al.  Diversity against accidental and deliberate faults , 1998, Proceedings Computer Security, Dependability, and Assurance: From Needs to Solutions (Cat. No.98EX358).

[45]  Robert H. Deng,et al.  Book: Distributed systems, second edition , 1995 .

[46]  Bernard P. Zajac Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[47]  Matti A. Hiltunen,et al.  Building Survivable Services Using Redundancy and Adaptation , 2003, IEEE Trans. Computers.

[48]  Sadie Creese,et al.  Conceptual Model and Architecture of MAFTIA , 2003 .

[49]  Yves Deswarte,et al.  Intrusion tolerance in distributed computing systems , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.