Finite Memory: A Vulnerability of Intrusion-Tolerant Systems

In environments like the Internet, faults follow unusual patterns, dictated by the combination of malicious attacks with accidental faults such as long communication delays caused by temporary network partitions. In this scenario, attackers can force buffer overflows in order to leave the system in an inconsistent state or to prevent it from doing progress, causing a denial of service. This paper is about the effects that finite memory has on intrusion-tolerant protocols and systems. We present the problem and propose a generic mitigation technique based on repair nodes that reduces the buffer space requirements. An experimental evaluation of the buffer usage with and without this technique is presented, allowing to assess in practice the effects of finite memory in a real, albeit simple, intrusion-tolerant system.

[1]  Mike Hibler,et al.  An integrated experimental environment for distributed systems and networks , 2002, OSDI '02.

[2]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[3]  Jim Gray,et al.  Notes on Data Base Operating Systems , 1978, Advanced Course: Operating Systems.

[4]  Miguel Correia,et al.  How to tolerate half less one Byzantine nodes in practical distributed systems , 2004, Proceedings of the 23rd IEEE International Symposium on Reliable Distributed Systems, 2004..

[5]  Miguel Correia,et al.  Low complexity Byzantine-resilient consensus , 2005, Distributed Computing.

[6]  Michael K. Reiter,et al.  Secure agreement protocols: reliable and atomic group multicast in rampart , 1994, CCS '94.

[7]  Christian Cachin,et al.  Secure INtrusion-Tolerant Replication on the Internet , 2002, Proceedings International Conference on Dependable Systems and Networks.

[8]  Bev Littlewood,et al.  Redundancy and Diversity in Security , 2004, ESORICS.

[9]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[10]  Seif Haridi,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[11]  Louise E. Moser,et al.  The SecureRing group communication system , 2001, TSEC.

[12]  Butler W. Lampson,et al.  Reliable messages and connection establishment , 1993 .

[13]  Marcos K. Aguilera,et al.  On Quiescent Reliable Communication , 2000, SIAM J. Comput..

[14]  Miguel Correia,et al.  Intrusion-Tolerant Architectures: Concepts and Design , 2002, WADS.

[15]  E. A. Akkoyunlu,et al.  Some constraints and tradeoffs in the design of network communications , 1975, SOSP.

[16]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[17]  Martin P. Loeb,et al.  CSI/FBI Computer Crime and Security Survey , 2004 .

[18]  Sam Toueg,et al.  Randomized Byzantine Agreements , 1984, PODC '84.

[19]  Jaynarayan H. Lala,et al.  Foundations of Intrusion Tolerant Systems , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[20]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[21]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[22]  David Powell,et al.  A fault- and intrusion- tolerant file system , 1985 .

[23]  Yoram Moses,et al.  On reliable message diffusion , 1989, PODC '89.

[24]  Michael K. Reiter,et al.  Byzantine quorum systems , 1997, STOC '97.

[25]  R. Power CSI/FBI computer crime and security survey , 2001 .

[26]  Bernadette Charron-Bost,et al.  Simulating Reliable Links with Unreliable Links in the Presence of Process Crashes , 1996, WDAG.

[27]  Miguel Correia,et al.  Randomized Intrusion-Tolerant Asynchronous Services , 2006, International Conference on Dependable Systems and Networks (DSN'06).