Application-level survivability: resumable FTP

Internet attacks are moving up the protocol stack to the application layer, effectively blinding lower-layer security prevention and detection techniques. It has been estimated that 40% of unplanned system downtime is due to software application failures. This paper describes a project to demonstrate survivability at the application layer. The goal is to replace a lost essential service by another service that supports mission fulfillment in a different but equivalent way. Application-level survivability, the ability to reconfigure an application to transparently maintain services when part of a system becomes unavailable, is the most flexible and comprehensive approach to supporting mission fulfillment since it can provide assurance over all lower layers within a networked system. We have developed resumable FTP, an application based on RFC 959, which has the ability to resume the download of a file after the download has been interrupted by users or by lower layers (loss of connection). FTP continues to be the most common method for bulk data transfer across networks and as high-performance network infrastructures have become established, default implementations of FTP have not kept pace. More importantly, FTP is similar to a class of future applications that use separate channels for data and control enabling long-lasting sessions. We present the design and use of rFTP and conclude with future architectures for providing application-layer survivability in other domains.