Intrusion-tolerant middleware: the road to automatic security

The pervasive interconnection of systems throughout the world has given computer services a significant socioeconomic value that both accidental faults and malicious activity can affect. The classical approach to security has mostly consisted of trying to prevent bad things from happening-by developing systems without vulnerabilities, for example, or by detecting attacks and intrusions and deploying ad hoc countermeasures before any part of the system is damaged. Building an intrusion-tolerant system to arrive at some notion of intrusion-tolerant middleware for application support presents multiple challenges. Surprising as it might seem, intrusion tolerance isn't just another instantiation of accidental fault tolerance

[1]  Yongdae Kim,et al.  Secure group communication in asynchronous networks with failures: integration and experiments , 2000, Proceedings 20th IEEE International Conference on Distributed Computing Systems.

[2]  Miguel Correia,et al.  Intrusion-Tolerant Architectures: Concepts and Design , 2002, WADS.

[3]  Robbert van Renesse,et al.  COCA: a secure distributed online certification authority , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[4]  Miguel Correia,et al.  Solving vector consensus with a wormhole , 2005, IEEE Transactions on Parallel and Distributed Systems.

[5]  Miguel Correia,et al.  The Design of a COTSReal-Time Distributed Security Kernel , 2002, EDCC.

[6]  Miguel Correia,et al.  How to tolerate half less one Byzantine nodes in practical distributed systems , 2004, Proceedings of the 23rd IEEE International Symposium on Reliable Distributed Systems, 2004..

[7]  Miguel Correia,et al.  Low complexity Byzantine-resilient consensus , 2005, Distributed Computing.

[8]  Miguel Correia,et al.  Efficient Byzantine-resilient reliable multicast on a hybrid failure model , 2002, 21st IEEE Symposium on Reliable Distributed Systems, 2002. Proceedings..

[9]  Peter Y. A. Ryan,et al.  A qualitative analysis of the intrusion-tolerance capabilities of the MAFTIA architecture , 2004, International Conference on Dependable Systems and Networks, 2004.

[10]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1983, PODS '83.

[11]  Paulo Veríssimo,et al.  Intrusion-Tolerant Middleware: the MAFTIA approach , 2004 .

[12]  Michael K. Reiter,et al.  Distributing trust with the Rampart toolkit , 1996, CACM.

[13]  Victor Shoup,et al.  Random Oracles in Constantinople: Practical Asynchronous Byzantine Agreement Using Cryptography , 2000, Journal of Cryptology.

[14]  Victor Shoup,et al.  Secure and Efficient Asynchronous Broadcast Protocols , 2001, CRYPTO.

[15]  Christian Cachin,et al.  Secure INtrusion-Tolerant Replication on the Internet , 2002, Proceedings International Conference on Dependable Systems and Networks.

[16]  Paulo Veríssimo Uncertainty and predictability: can they be reconciled? , 2003 .