Toggle Main Menu Toggle Search

ePrints

Assessing the Attack Resilience Capabilities of a Fortified Primary Backup System

Lookup NU author(s): Dr Dylan Clarke, Dr Paul Ezhilchelvan

Downloads


Abstract

Primary-Backup service replication does not constrain that theservice be built as a deterministic state machine. It is meant totolerate crashes, not intrusions. We consider an approach, calledFORTRESS, for adding intrusion-resilience capability to aprimary-backup server system. It involves using proxies that blockclients from directly accessing servers, and periodicallyrandomizing the executables of proxies and servers. We argue thatproxies and proactive randomization can offer sound defense againstattacks including de-randomization attacks. Using simulations, wethen compare the attack resilience that FORTRESS adds to aprimary-backup server system with that attainable through statemachine replication (SMR) that is fit only for deterministicservices. A significant observation is that FORTRESS emerges to bemore resilient than an SMR system of four server replicas that arediversely randomized at the start and are subject to proactiverecovery throughout.


Publication metadata

Author(s): Clarke D, Ezhilchelvan P

Publication type: Conference Proceedings (inc. Abstract)

Conference Name: 4th DSN Workshop on Recent Advances in Intrusion-Tolerant Systems (WRAITS)

Year of Conference: 2010

Pages: 6pp

URL: http://wraits10.di.fc.ul.pt/paper%207.pdf


Share