Highly Available Intrusion-Tolerant Services with Proactive-Reactive Recovery

Authors:
Paulo Sousa;Alysson Neves Bessani;Miguel Correia;Nuno Ferreira Neves;Paulo Verissimo
Affiliations:
Ciencias da Univ. Lisboa, Lisboa;Ciencias da Univ. Lisboa, Lisboa;Ciencias da Univ. Lisboa, Lisboa;Ciencias da Univ. Lisboa, Lisboa;Ciencias da Univ. Lisboa, Lisboa
Venue:
IEEE Transactions on Parallel and Distributed Systems
Year:
2010

Citing 0
Cited 15

Proactive Byzantine Quorum Systems

OTM '09 Proceedings of the Confederated International Conferences, CoopIS, DOA, IS, and ODBASE 2009 on On the Move to Meaningful Internet Systems: Part I
The byzantine empire in the intercloud

ACM SIGACT News
The strategy of proactive-reactive intrusion tolerance recovery based on hierarchical model

WISM'11 Proceedings of the 2011 international conference on Web information systems and mining - Volume Part I
Fault-tolerant techniques and security mechanisms for model-based performance prediction of critical systems

Proceedings of the 3rd international ACM SIGSOFT symposium on Architecting Critical Systems
Proactive recovery approach for intrusion tolerance with dynamic configuration of physical and virtual replicas

Security and Communication Networks
Protecting the WSN zones of a critical infrastructure via enhanced SIEM technology

SAFECOMP'12 Proceedings of the 2012 international conference on Computer Safety, Reliability, and Security
Towards a secure and available smart grid using intrusion tolerance

IDCS'12 Proceedings of the 5th international conference on Internet and Distributed Computing Systems
Secure and efficient data retrieval over encrypted data using attribute-based encryption in cloud storage

Computers and Electrical Engineering
Architecture-based self-protecting software systems

Proceedings of the 9th international ACM Sigsoft conference on Quality of software architectures
Towards secure and dependable software-defined networks

Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
Assessing data availability of Cassandra in the presence of non-accurate membership

Proceedings of the 2nd International Workshop on Dependability Issues in Cloud Computing
On the efficiency of durable state machine replication

USENIX ATC'13 Proceedings of the 2013 USENIX conference on Annual Technical Conference
A survey of software aging and rejuvenation studies

ACM Journal on Emerging Technologies in Computing Systems (JETC) - Special Issue on Reliability and Device Degradation in Emerging Technologies and Special Issue on WoSAR 2011
A Systematic Survey of Self-Protecting Software Systems

ACM Transactions on Autonomous and Adaptive Systems (TAAS) - Special Section on Best Papers from SEAMS 2012
A novel Adaptive Cluster Transformation (ACT)-based intrusion tolerant architecture for hybrid information technology

The Journal of Supercomputing

Quantified Score

Hi-index	0.00

Visualization

Abstract

In the past, some research has been done on how to use proactive recovery to build intrusion-tolerant replicated systems that are resilient to any number of faults, as long as recoveries are faster than an upper bound on fault production assumed at system deployment time. In this paper, we propose a complementary approach that enhances proactive recovery with additional reactive mechanisms giving correct replicas the capability of recovering other replicas that are detected or suspected of being compromised. One key feature of our proactive-reactive recovery approach is that, despite recoveries, it guarantees the availability of a minimum number of system replicas necessary to sustain correct operation of the system. We design a proactive-reactive recovery service based on a hybrid distributed system model and show, as a case study, how this service can effectively be used to increase the resilience of an intrusion-tolerant firewall adequate for the protection of critical infrastructures.