21st Simpósio Brasileiro de Redes de Computadores, Natal, Brasil, May 2003.
Keywords: Intrusion Tolerance, Fault-Tolerant Protocols, Secure Systems, Distributed Fault-Tolerance, Byzantine Protocols, Security, Dependability
This paper proposes a simple reliable multicast protocol that tolerates
arbitrary faults, including malicious faults such as intrusions. The goal is to
show a novel way of designing intrusion-tolerant protocols based on a
wellfounded hybrid fault model. This model is based on a simple distributed
security kernel the TTCB which is used by the processes only to execute securely
critical steps of the protocol. Otherwise, the processes and their
communication can be attacked in unlimited ways. The TTCB provides only a few
basic
services, which allow our protocol to tolerate a number of faults similar to
accidental fault-tolerant protocols: for f faults, our protocol requires f + 2
processes, instead of 3f + 1 in typical intrusion-tolerant (or Byzantine)
protocols. The protocol exhibits fast termination in the presence of intrusions
and/or crash or malicious process failures, since it does not use any
cryptography in runtime.