Toggle Main Menu Toggle Search

Open Access padlockePrints

Proactive Fortification of Fault-Tolerant Services

Lookup NU author(s): Dr Paul Ezhilchelvan, Dr Dylan Clarke, Emeritus Professor Isi Mitrani, Emeritus Professor Santosh Shrivastava

Downloads

Full text for this publication is not currently held within this repository. Alternative links are provided below where available.


Abstract

We present an approach for incorporating intrusion resilience to replicated services, irrespective of the service replication used and of the fault types tolerated. The approach, termed as FORTRESS, involves fortifying a fault-tolerant service using proxies that block clients from accessing the servers directly, and periodically refreshing proxies and servers with diverse executables generated using code randomization. These two features make it hard for an attacker to compromise a server when no proxy has been compromised. An analytical evaluation establishes that if attackers cannot intrude servers without first having compromised a proxy, fortifying even a passively replicated service can offer greater resilience than building that service as a deterministic state machine and actively replicating it over diverse platforms. Finally, the FORTRESS architecture is presented where proactive code randomization is achieved by proactive replacement of server and proxy nodes. Examining the state transfer protocol executed during node replacement shows that the processing overhead per replacement is no more than the overhead for changing the leader or the primary replica in replication management.


Publication metadata

Author(s): Ezhilchelvan P, Clarke D, Mitrani I, Shrivastava S

Editor(s): Abdelzaher, TF; Raynal, M; Santoro, N

Publication type: Conference Proceedings (inc. Abstract)

Publication status: Published

Conference Name: 13th International Conference on Principles of Distributed Systems

Year of Conference: 2009

Pages: 330-344

ISSN: 0302-9743 (Print) 1611-3349 (Online)

Publisher: Springer

URL: http://dx.doi.org/10.1007/978-3-642-10877-8_26

DOI: 10.1007/978-3-642-10877-8_26

Library holdings: Search Newcastle University Library for this item

Series Title: Lecture Notes in Computer Science

ISBN: 9783642108761


Actions

Find at Newcastle University icon    Link to this publication


Share