DiveInto: Supporting Diversity in Intrusion-Tolerant Systems

Author

Antunes, João ; Neves, Nuno

Author_Institution

Dept. of Inf., Univ. of Lisboa, Lisbon, Portugal

fYear

2011

fDate

4-7 Oct. 2011

Firstpage

137

Lastpage

146

Abstract

Intrusion tolerant services are usually implemented as replicated systems. If replicas execute identical software, then they share the same vulnerabilities and the whole system can be easily compromised if a single flaw is found. One solution to this problem is to introduce diversity by using different server implementations, but this increases the chances of incompatibility between replicas. This paper studies various kinds incompatibilities and presents a new methodology to evaluate the compliance of diverse server replicas. The methodology collects network traces to identify syntax and semantic violations, and to assist in their resolution. A tool called DiveInto was developed based on the methodology and was applied to three replication scenarios. The experiments demonstrate that DiveInto is capable of discovering various sorts of violations, including problems related with nondeterministic execution.

Keywords

network servers; security of data; software tools; DiveInto tool; diverse server replica; intrusion tolerant service; intrusion-tolerant system; network trace; nondeterministic execution; replicated system; semantic violation identification; syntax violation identification; Correlation; Generators; Protocols; Semantics; Servers; Syntactics; Testing; diversity; intrusion tolerance; service replication;

fLanguage

English

Publisher

ieee

Conference_Titel

Reliable Distributed Systems (SRDS), 2011 30th IEEE Symposium on

Conference_Location

Madrid

ISSN

1060-9857

Print_ISBN

978-1-4577-1349-1

Type

conf

DOI

10.1109/SRDS.2011.25

Filename

6076771