Intrusion Tolerance based on Architectural Hybridization

Bibliographic Details
Main Author: Correia, Miguel
Publication Date: 2003
Language: por
Source: Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
Download full: http://hdl.handle.net/10451/14292
Summary: Security in distributed computing systems is usually based on the idea of prevention. The usual approach consists in trying to design perfect systems, with no vulnerabilities to be exploited by potential attackers. Reality shows that this is impossible and that systems live in a permanent cycle: vulnerability discovered systems attacked patch published some systems patched new vulnerability discovered etc. Fault-tolerance or, more generically, dependability, takes a different approach. This discipline also tries to build systems as reliable as possible. However, components are assumed to fail, and systems that do not fail have to be built using fallible components. Although the two approaches seem almost opposite, attacks and intrusions can be considered to be faults. The problem of tolerance of these kinds of faults has been receiving much attention in recent years, and gained a new momentum under the designation of intrusion tolerance. This thesis appears in the context of research on intrusion tolerance in distributed systems. One of the problems with this approach, studied in the thesis, is the design of systems that are simultaneously efficient and secure, given the difficulty of making assumptions about the failure modes caused by the attacker. The thesis is based on an architectural-hybrid fault model. This model assumes that most of the system can fail arbitrarily, even maliciously, with the exception of a few components that are by construction secure and real-time. The component studied in depth in the thesis is called Trusted Timely Computing Base (TTCB). The TTCB is a component with novel characteristics. In the first place, it is a distributed subsystem with its own secure network. Secondly, it is real-time, i.e., a synchronous subsystem capable of timely behavior. Thirdly, it can be implemented using only COTS components. The first part of the thesis presents the TTCB model, its implementation based on COTS components and its services functionality. Once the TTCB introduced, the thesis describes the design of several intrusiontolerant middleware components with the objective of validating the proposed ap- proach. Note that the TTCB is used architecturally as a runtime support component, not as a layer of the usual stack of protocols. This makes the architecture very versatile since the TTCB can be used indiscriminately by all or just some of the system layers. Then, the thesis presents a first protocol based on the hybrid fault model, a reliable multicast protocol. This protocol is efficient and tolerates any number of malicious processes, contrary to similar protocols in the literature that tolerate less than one third. A classical problem in distributed systems consensus is used to show another way of using the TTCB to support intrusion-tolerant protocols. The protocol is efficient in terms of message and time complexities. It also shows how the FLP impossibility result relates to systems based on the TTCB. Group communication is an important paradigm for the implementation of faulttolerant distributed systems. The final part of the thesis presents an intrusion-tolerant group communication system. The system includes a membership service and an atomic multicast primitive. This system has an arguably superior performance in relation to similar systems in the literature.
id RCAP_5ab0803c865b3373a0548ae7449acbe7
oai_identifier_str oai:repositorio.ulisboa.pt:10455/3119
network_acronym_str RCAP
network_name_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository_id_str https://opendoar.ac.uk/repository/7160
spelling Intrusion Tolerance based on Architectural Hybridizationdistributed systemsintrusion tolerancegroup communicationdependability, securityByzantine fault toleranceSecurity in distributed computing systems is usually based on the idea of prevention. The usual approach consists in trying to design perfect systems, with no vulnerabilities to be exploited by potential attackers. Reality shows that this is impossible and that systems live in a permanent cycle: vulnerability discovered systems attacked patch published some systems patched new vulnerability discovered etc. Fault-tolerance or, more generically, dependability, takes a different approach. This discipline also tries to build systems as reliable as possible. However, components are assumed to fail, and systems that do not fail have to be built using fallible components. Although the two approaches seem almost opposite, attacks and intrusions can be considered to be faults. The problem of tolerance of these kinds of faults has been receiving much attention in recent years, and gained a new momentum under the designation of intrusion tolerance. This thesis appears in the context of research on intrusion tolerance in distributed systems. One of the problems with this approach, studied in the thesis, is the design of systems that are simultaneously efficient and secure, given the difficulty of making assumptions about the failure modes caused by the attacker. The thesis is based on an architectural-hybrid fault model. This model assumes that most of the system can fail arbitrarily, even maliciously, with the exception of a few components that are by construction secure and real-time. The component studied in depth in the thesis is called Trusted Timely Computing Base (TTCB). The TTCB is a component with novel characteristics. In the first place, it is a distributed subsystem with its own secure network. Secondly, it is real-time, i.e., a synchronous subsystem capable of timely behavior. Thirdly, it can be implemented using only COTS components. The first part of the thesis presents the TTCB model, its implementation based on COTS components and its services functionality. Once the TTCB introduced, the thesis describes the design of several intrusiontolerant middleware components with the objective of validating the proposed ap- proach. Note that the TTCB is used architecturally as a runtime support component, not as a layer of the usual stack of protocols. This makes the architecture very versatile since the TTCB can be used indiscriminately by all or just some of the system layers. Then, the thesis presents a first protocol based on the hybrid fault model, a reliable multicast protocol. This protocol is efficient and tolerates any number of malicious processes, contrary to similar protocols in the literature that tolerate less than one third. A classical problem in distributed systems consensus is used to show another way of using the TTCB to support intrusion-tolerant protocols. The protocol is efficient in terms of message and time complexities. It also shows how the FLP impossibility result relates to systems based on the TTCB. Group communication is an important paradigm for the implementation of faulttolerant distributed systems. The final part of the thesis presents an intrusion-tolerant group communication system. The system includes a membership service and an atomic multicast primitive. This system has an arguably superior performance in relation to similar systems in the literature.Department of Informatics, University of LisbonVeríssimo, Paulo Jorge EstevesRepositório da Universidade de LisboaCorreia, Miguel2009-02-10T13:13:34Z2003-122003-12-01T00:00:00Zdoctoral thesisinfo:eu-repo/semantics/publishedVersionapplication/pdfhttp://hdl.handle.net/10451/14292porinfo:eu-repo/semantics/openAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2025-03-17T13:13:06Zoai:repositorio.ulisboa.pt:10455/3119Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-29T02:37:40.483411Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse
dc.title.none.fl_str_mv Intrusion Tolerance based on Architectural Hybridization
title Intrusion Tolerance based on Architectural Hybridization
spellingShingle Intrusion Tolerance based on Architectural Hybridization
Correia, Miguel
distributed systems
intrusion tolerance
group communication
dependability, security
Byzantine fault tolerance
title_short Intrusion Tolerance based on Architectural Hybridization
title_full Intrusion Tolerance based on Architectural Hybridization
title_fullStr Intrusion Tolerance based on Architectural Hybridization
title_full_unstemmed Intrusion Tolerance based on Architectural Hybridization
title_sort Intrusion Tolerance based on Architectural Hybridization
author Correia, Miguel
author_facet Correia, Miguel
author_role author
dc.contributor.none.fl_str_mv Veríssimo, Paulo Jorge Esteves
Repositório da Universidade de Lisboa
dc.contributor.author.fl_str_mv Correia, Miguel
dc.subject.por.fl_str_mv distributed systems
intrusion tolerance
group communication
dependability, security
Byzantine fault tolerance
topic distributed systems
intrusion tolerance
group communication
dependability, security
Byzantine fault tolerance
description Security in distributed computing systems is usually based on the idea of prevention. The usual approach consists in trying to design perfect systems, with no vulnerabilities to be exploited by potential attackers. Reality shows that this is impossible and that systems live in a permanent cycle: vulnerability discovered systems attacked patch published some systems patched new vulnerability discovered etc. Fault-tolerance or, more generically, dependability, takes a different approach. This discipline also tries to build systems as reliable as possible. However, components are assumed to fail, and systems that do not fail have to be built using fallible components. Although the two approaches seem almost opposite, attacks and intrusions can be considered to be faults. The problem of tolerance of these kinds of faults has been receiving much attention in recent years, and gained a new momentum under the designation of intrusion tolerance. This thesis appears in the context of research on intrusion tolerance in distributed systems. One of the problems with this approach, studied in the thesis, is the design of systems that are simultaneously efficient and secure, given the difficulty of making assumptions about the failure modes caused by the attacker. The thesis is based on an architectural-hybrid fault model. This model assumes that most of the system can fail arbitrarily, even maliciously, with the exception of a few components that are by construction secure and real-time. The component studied in depth in the thesis is called Trusted Timely Computing Base (TTCB). The TTCB is a component with novel characteristics. In the first place, it is a distributed subsystem with its own secure network. Secondly, it is real-time, i.e., a synchronous subsystem capable of timely behavior. Thirdly, it can be implemented using only COTS components. The first part of the thesis presents the TTCB model, its implementation based on COTS components and its services functionality. Once the TTCB introduced, the thesis describes the design of several intrusiontolerant middleware components with the objective of validating the proposed ap- proach. Note that the TTCB is used architecturally as a runtime support component, not as a layer of the usual stack of protocols. This makes the architecture very versatile since the TTCB can be used indiscriminately by all or just some of the system layers. Then, the thesis presents a first protocol based on the hybrid fault model, a reliable multicast protocol. This protocol is efficient and tolerates any number of malicious processes, contrary to similar protocols in the literature that tolerate less than one third. A classical problem in distributed systems consensus is used to show another way of using the TTCB to support intrusion-tolerant protocols. The protocol is efficient in terms of message and time complexities. It also shows how the FLP impossibility result relates to systems based on the TTCB. Group communication is an important paradigm for the implementation of faulttolerant distributed systems. The final part of the thesis presents an intrusion-tolerant group communication system. The system includes a membership service and an atomic multicast primitive. This system has an arguably superior performance in relation to similar systems in the literature.
publishDate 2003
dc.date.none.fl_str_mv 2003-12
2003-12-01T00:00:00Z
2009-02-10T13:13:34Z
dc.type.driver.fl_str_mv doctoral thesis
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10451/14292
url http://hdl.handle.net/10451/14292
dc.language.iso.fl_str_mv por
language por
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv Department of Informatics, University of Lisbon
publisher.none.fl_str_mv Department of Informatics, University of Lisbon
dc.source.none.fl_str_mv reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron:RCAAP
instname_str FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron_str RCAAP
institution RCAAP
reponame_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
collection Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository.name.fl_str_mv Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
repository.mail.fl_str_mv info@rcaap.pt
_version_ 1833601432928911360

Similar Items