Toggle Main Menu Toggle Search

Open Access padlockePrints

FORTRESS: Adding Intrusion-Resilience to Primary-Backup Server Systems

Lookup NU author(s): Dr Dylan Clarke, Dr Paul Ezhilchelvan

Downloads


Abstract

Primary-backup replication enables arbitrary services, which need not be built as deterministic state machines, to be reliable against server crashes. Further, when the primary does not crash, the performance can be close to that of an un-replicated, 1-server system and is arguably far better than what state machine replication can offer. These advantages have made primary-backup replication a widely used technique in commercial provisioning of services, even though the technique assumes that residual software bugs in a server system can lead only to crashes and cannot result in state corruption. This assumption cannot hold against an attacker intent on exploiting vulnerabilities and corrupting the service state when attacks lead to intrusions. This paper presents a system, called FORTRESS, which can encapsulate a primary-backup system and safeguard it from being intruded. At its core, FORTRESS applies proactive obfuscation techniques in a manner appropriate to primary-backup replication and deploys proxy servers for additional defence. Gain in intrusion resilience is shown to be substantial when assessed through analytical evaluations and simulations for a range of attacker scenarios. Further, by implementing two web-based applications, the average performance drop is demonstrated to be in the order of tens of milliseconds even when obfuscation intervals are as small as tens of seconds.


Publication metadata

Author(s): Clarke D, Ezhilchelvan P

Publication type: Conference Proceedings (inc. Abstract)

Publication status: Published

Conference Name: 31st IEEE Symposium on Reliable Distributed Systems (SRDS)

Year of Conference: 2012

Pages: 121-130

Date deposited: 08/03/2013

ISSN: 1060-9857

Publisher: IEEE Press

URL: http://dx.doi.org/10.1109/SRDS.2012.32

DOI: 10.1109/SRDS.2012.32

Library holdings: Search Newcastle University Library for this item

ISBN: 9781467323970


Actions

Link to this publication


Share