Developing a heterogeneous intrusion tolerant CORBA system

Intrusion tolerant systems provide high-integrity and high-availability services to their clients in the face of successful attacks from an adversary. The Intrusion Tolerant Distributed Object Systems (ITDOS) research project is developing an architecture for a heterogeneous intrusion tolerant distributed object system. ITDOS integrates a Byzantine Fault Tolerant multicast protocol into an open-source CORBA ORB to provide intrusion tolerant middleware. This foundation allows up to f simultaneous Byzantine failures of replicated servers in a system of at least 3f+1 replicas. Voting on unmarshalled CORBA messages allows heterogeneous application implementations for a given service, allowing for greater diversity in implementation and greater survivability. Symmetric encryption session keys generated by distributed pseudo-random function techniques provide confidential client-server communications. This paper overviews the ITDOS architecture, discusses some of the challenging technical issues related to intrusion tolerance in heterogeneous middleware systems, and offers views on future areas of work.

[1]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[2]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[3]  Sam Toueg,et al.  Asynchronous consensus and broadcast protocols , 1985, JACM.

[4]  Ralph Howard,et al.  Data encryption standard , 1987 .

[5]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[6]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[7]  P. Reynier,et al.  Active replication in Delta-4 , 1992, [1992] Digest of Papers. FTCS-22: The Twenty-Second International Symposium on Fault-Tolerant Computing.

[8]  Behrooz Parhami Optimal algorithms for exact, inexact, and approval voting , 1992, [1992] Digest of Papers. FTCS-22: The Twenty-Second International Symposium on Fault-Tolerant Computing.

[9]  Robbert van Renesse,et al.  Reliable Distributed Computing with the Isis Toolkit , 1994 .

[10]  Michael K. Reiter,et al.  The Rampart Toolkit for Building High-Integrity Services , 1994, Dagstuhl Seminar on Distributed Systems.

[11]  Michael K. Reiter,et al.  Secure agreement protocols: reliable and atomic group multicast in rampart , 1994, CCS '94.

[12]  Louise E. Moser,et al.  Extended virtual synchrony , 1994, 14th International Conference on Distributed Computing Systems.

[13]  Michael K. Reiter,et al.  A high-throughput secure reliable multicast protocol , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[14]  Douglas C. Schmidt,et al.  A high-performance end system architecture for real-time CORBA , 1997, IEEE Commun. Mag..

[15]  Sean Landis,et al.  Building Reliable Distributed Systems with CORBA , 1997, Theory Pract. Object Syst..

[16]  Michael K. Reiter,et al.  A high-throughput secure reliable multicast protocol , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[17]  William C. Fenner Internet Group Management Protocol, Version 2 , 1997, RFC.

[18]  Walter R. Bischofberger,et al.  Building Reliable Distributed Systems with CORBA , 1997, Theory Pract. Object Syst..

[19]  William H. Sanders,et al.  AQuA: an adaptive architecture that provides dependable distributed objects , 1998, Proceedings Seventeenth IEEE Symposium on Reliable Distributed Systems (Cat. No.98CB36281).

[20]  Louise E. Moser,et al.  The SecureRing protocols for securing group communication , 1998, Proceedings of the Thirty-First Hawaii International Conference on System Sciences.

[21]  Louise E. Moser,et al.  A group communication protocol for CORBA , 1999, Proceedings of the 1999 ICPP Workshops on Collaboration and Mobile Computing (CMC'99). Group Communications (IWGC). Internet '99 (IWI'99). Industrial Applications on Network Computing (INDAP). Multime.

[22]  Priya Narasimhan,et al.  Providing support for survivable CORBA applications with the Immune system , 1999, Proceedings. 19th IEEE International Conference on Distributed Computing Systems (Cat. No.99CB37003).

[23]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[24]  Miguel Castro,et al.  Authenticated Byzantine Fault Tolerance Without Public-Key Cryptography , 1999 .

[25]  Miguel Castro,et al.  A Correctness Proof for a Practical Byzantine-Fault-Tolerant Replication Algorithm , 1999 .

[26]  Moni Naor,et al.  Distributed Pseudo-random Functions and KDCs , 1999, EUROCRYPT.

[27]  Dahlia Malkhi,et al.  Secure reliable multicast protocols in a WAN , 2000, Distributed Computing.

[28]  L.E. Moser,et al.  The SecureGroup group communication system , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[29]  J. H. Lala Intrusion tolerant systems , 2000, Proceedings. 2000 Pacific Rim International Symposium on Dependable Computing.

[30]  Miguel Castro,et al.  Proactive recovery in a Byzantine-fault-tolerant system , 2000, OSDI.

[31]  C. Cachin,et al.  Random oracles in constantipole: practical asynchronous Byzantine agreement using cryptography (extended abstract) , 2000, PODC '00.

[32]  Carlos O'Ryan,et al.  The Design and Performance of a Pluggable Protocols Framework for Real-Time Distributed Object Computing Middleware , 2000, Middleware.

[33]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[34]  P. Narasimhan,et al.  Eternal: fault tolerance and live upgrades for distributed object systems , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[35]  Miguel Castro,et al.  BASE: using abstraction to improve fault tolerance , 2001, SOSP.

[36]  Douglas M. Blough,et al.  A Preliminary Investigation of Precision vs. Fault Tolerance Trade-offs in Voting Algorithms , 2001 .

[37]  Louise E. Moser,et al.  The Eternal System , 2001 .

[38]  David E. Bakken,et al.  Middleware support for voting and data fusion , 2001, 2001 International Conference on Dependable Systems and Networks.

[39]  A. Watson,et al.  OMG (Object Management Group) architecture and CORBA (common object request broker architecture) specification , 2002 .

[40]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[41]  Massachusett Framingham,et al.  The Common Object Request Broker: Architecture and Specification Version 3 , 2003 .