Title :
Towards a Practical Survivable Intrusion Tolerant Replication System
Author :
Platania, Marco ; Obenshain, Daniel ; Tantillo, Thomas ; Sharma, Ritu ; Amir, Yair
Author_Institution :
Dept. of Comput. Sci. at Johns, Johns Hopkins Univ., Baltimore, MD, USA
Abstract :
The increasing number of cyber attacks against critical infrastructures, which typically require large state and long system lifetimes, necessitates the design of systems that are able to work correctly even if part of them is compromised. We present the first practical survivable intrusion tolerant replication system, which defends across space and time using compiler-based diversity and proactive recovery, respectively. Our system supports large-state applications, and utilizes the Prime BFT protocol (providing performance guarantees under attack) with a compiler-based diversification engine. We devise a novel theoretical model that computes how resilient the system is over its lifetime based on the rejuvenation rate and the number of replicas. This model shows that we can achieve a confidence in the system of 95% over 30 years even when we transfer a state of 1 terabyte after each rejuvenation.
Keywords :
cryptographic protocols; program compilers; Prime BFT protocol; compiler-based diversification engine; compiler-based diversity; cyber attacks; proactive recovery; rejuvenation rate; survivable intrusion tolerant replication system; Computational modeling; Computer crashes; Operating systems; Partitioning algorithms; Protocols; Public key;
Conference_Titel :
Reliable Distributed Systems (SRDS), 2014 IEEE 33rd International Symposium on
Conference_Location :
Nara
DOI :
10.1109/SRDS.2014.16
