Intrusion-Tolerant Middleware: the MAFTIA approach

The pervasive interconnection of systems all over the world has given computer services a significant socio-economic value, which can be affected both by accidental faults and by malicious activity. It would be appealing to address both problems in a seamless manner, through a common approach to security and dependability. This is the proposal of ’intrusion tolerance’, where it is assumed that systems remain to some extent faulty and/or vulnerable and subject to attacks that can be successful, the idea being to ensure that the overall system nevertheless remains secure and operational. In this paper, we report some of the advances made in the European project MAFTIA, namely in what concerns a basis of concepts unifying security and dependability, and a modular and versatile architecture, featuring several intrusion-tolerant middleware building blocks. We describe new architectural constructs and algorithmic strategies, such as: the use of trusted components at several levels of abstraction; new randomization techniques; new replica control and access control algorithms. The paper concludes by exemplifying the construction of intrusion-tolerant applications on the MAFTIA middleware, through a transaction support service.

[1]  Ran Canetti,et al.  Fast asynchronous Byzantine agreement with optimal resilience , 1993, STOC.

[2]  Sam Toueg,et al.  Asynchronous consensus and broadcast protocols , 1985, JACM.

[3]  Miguel Correia,et al.  The Design of a COTSReal-Time Distributed Security Kernel , 2002, EDCC.

[4]  Sam Toueg,et al.  Unreliable failure detectors for reliable distributed systems , 1996, JACM.

[5]  Vincent Nicomette,et al.  Specification of Authorisation Services , 2001 .

[6]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1983, PODS '83.

[7]  Yves Deswarte,et al.  An Internet Authorization Scheme Using Smart-Card-Based Security Kernels , 2001, E-smart.

[8]  Victor Shoup,et al.  Random Oracles in Constantinople: Practical Asynchronous Byzantine Agreement Using Cryptography , 2000, Journal of Cryptology.

[9]  Yves Deswarte,et al.  Symbolic Rights and Vouchers for Access Control in Distributed Object Systems , 1996, ASIAN.

[10]  Anna Lysyanskaya,et al.  Asynchronous verifiable secret sharing and proactive cryptosystems , 2002, CCS '02.

[11]  Marc Dacier,et al.  Towards a taxonomy of intrusion-detection systems , 1999, Comput. Networks.

[12]  Michael O. Rabin,et al.  Randomized byzantine generals , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[13]  André Schiper,et al.  From group communication to transactions in distributed systems , 1996, CACM.

[14]  Ran Canetti,et al.  Proactive Security: Long-term protection against break-ins , 1997 .

[15]  Rachid Guerraoui,et al.  Transaction Model vs. Virtual Synchrony Model: Bridging the Gap , 1994, Dagstuhl Seminar on Distributed Systems.

[16]  Ricardo Jiménez-Peris,et al.  An Integrated Approach to Transactions and Group Communication , 2000 .

[17]  Michael K. Reiter,et al.  Secure agreement protocols: reliable and atomic group multicast in rampart , 1994, CCS '94.

[18]  Gustavo Alonso,et al.  Understanding replication in databases and distributed systems , 2000, Proceedings 20th IEEE International Conference on Distributed Computing Systems.

[19]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[20]  Michael K. Reiter,et al.  Distributing trust with the Rampart toolkit , 1996, CACM.

[21]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[22]  Victor Shoup,et al.  Secure and efficient asynchronous broadcast protocols : (Extended abstract) , 2001, CRYPTO 2001.

[23]  Sam Toueg,et al.  A Modular Approach to Fault-Tolerant Broadcasts and Related Problems , 1994 .

[24]  Harold Joseph Highland,et al.  AIN'T misbehaving—A taxonomy of anti-intrusion techniques , 1995 .

[25]  Miguel Correia,et al.  Efficient Byzantine-resilient reliable multicast on a hybrid failure model , 2002, 21st IEEE Symposium on Reliable Distributed Systems, 2002. Proceedings..

[26]  Paulo Veríssimo,et al.  Distributed Systems for System Architects , 2001, Advances in Distributed Computing and Middleware.

[27]  Carl E. Landwehr,et al.  A taxonomy of computer program security flaws , 1993, CSUR.

[28]  Christian Cachin,et al.  Secure INtrusion-Tolerant Replication on the Internet , 2002, Proceedings International Conference on Dependable Systems and Networks.

[29]  Fred B. Schneider,et al.  COCA: a secure distributed online certification authority , 2002 .

[30]  Yves Deswarte,et al.  An authorization scheme for distributed object systems , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[31]  Brian Randell,et al.  Coordinated Atomic Actions: from Concept to Implementation , 1997 .

[32]  Antonio Casimiro,et al.  The timely computing base: Timely actions in the presence of uncertain timeliness , 2000, Proceeding International Conference on Dependable Systems and Networks. DSN 2000.

[33]  J-C. Laprie,et al.  DEPENDABLE COMPUTING AND FAULT TOLERANCE : CONCEPTS AND TERMINOLOGY , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995, ' Highlights from Twenty-Five Years'..

[34]  Miguel Correia,et al.  Intrusion-Tolerant Architectures: Concepts and Design , 2002, WADS.

[35]  Robbert van Renesse,et al.  COCA: a secure distributed online certification authority , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[36]  David Powell,et al.  A fault- and intrusion- tolerant file system , 1985 .

[37]  Michael K. Reiter,et al.  How to securely replicate services , 1992, TOPL.

[38]  Antonio Casimiro,et al.  Using the timely computing base for dependable QoS adaptation , 2001, Proceedings 20th IEEE Symposium on Reliable Distributed Systems.

[39]  Dhiraj K. Pradhan,et al.  Consensus With Dual Failure Modes , 1991, IEEE Trans. Parallel Distributed Syst..

[40]  Rosario Gennaro,et al.  Securing Threshold Cryptosystems against Chosen Ciphertext Attack , 1998, Journal of Cryptology.

[41]  Cecília M. F. Rubira,et al.  Fault tolerance in concurrent object-oriented software through coordinated error recovery , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing. Digest of Papers.

[42]  Louise E. Moser,et al.  The SecureRing protocols for securing group communication , 1998, Proceedings of the Thirty-First Hawaii International Conference on System Sciences.

[43]  Luís E. T. Rodrigues,et al.  Appia, a flexible protocol kernel supporting multiple coordinated channels , 2001, Proceedings 21st International Conference on Distributed Computing Systems.

[44]  Antonio Casimiro,et al.  The Timely Computing Base Model and Architecture , 2002, IEEE Trans. Computers.

[45]  Paulo Veríssimo,et al.  The Delta-4 approach to dependability in open distributed computing systems , 1988, [1988] The Eighteenth International Symposium on Fault-Tolerant Computing. Digest of Papers.

[46]  Paulo Veríssimo Uncertainty and predictability: can they be reconciled? , 2003 .

[47]  David Powell,et al.  Group communication , 1996, CACM.

[48]  Sadie Creese,et al.  Conceptual Model and Architecture of MAFTIA , 2003 .

[49]  Brian Randell,et al.  Fundamental Concepts of Dependability , 2000 .

[50]  P. Verissimo,et al.  How to build a timely computing base using real-time Linux , 2000, 2000 IEEE International Workshop on Factory Communication Systems. Proceedings (Cat. No.00TH8531).

[51]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .