Assessing the Attack Resilience Capabilities of a Fortified Primary Backup System

Dr Dylan Clarke; Dr Paul Ezhilchelvan

Assessing the Attack Resilience Capabilities of a Fortified Primary Backup System Lookup NU author(s) Dr Dylan Clarke Dr Paul Ezhilchelvan



Author(s)		Clarke D, Ezhilchelvan P
Editor(s)
Publication type		Conference Proceedings (inc. Abstract)
Conference Name		4th DSN Workshop on Recent Advances in Intrusion-Tolerant Systems (WRAITS)
Conference Location		Chicago, Illinois, USA
Year of Conference		2010
Date		28 June 2010
Volume
Pages		6pp



Full text is available for this publication: Full text file 1




Primary-Backup service replication does not constrain that theservice be built as a deterministic state machine. It is meant totolerate crashes, not intrusions. We consider an approach, calledFORTRESS, for adding intrusion-resilience capability to aprimary-backup server system. It involves using proxies that blockclients from directly accessing servers, and periodicallyrandomizing the executables of proxies and servers. We argue thatproxies and proactive randomization can offer sound defense againstattacks including de-randomization attacks. Using simulations, wethen compare the attack resilience that FORTRESS adds to aprimary-backup server system with that attainable through statemachine replication (SMR) that is fit only for deterministicservices. A significant observation is that FORTRESS emerges to bemore resilient than an SMR system of four server replicas that arediversely randomized at the start and are subject to proactiverecovery throughout.



URL		http://wraits10.di.fc.ul.pt/paper%207.pdf