RITAS: Randomized Intrusion Tolerance for Asynchronous Systems

From Navigators

http://ritas.di.fc.ul.pt/

• Research Line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)
• Sponsor: FCT
• Project Number: POSC/EIA/60334/2004
• Total award amount: Expression error: Unrecognised word "keuro"warning.png"KEuro" is not declared as a valid unit of measurement for this property. Euros
• Coordinator: FCUL
• Partners: FCUL
• Start Date: Mar. 2005
• Duration: 24 months
• Keywords: intrusion tolerance, security, distributed systems, randomization
• Team at FCUL: 5 researchers, including Nuno Ferreira Neves, Paulo Verissimo, Miguel Correia, Paulo Sousa, Henrique Moniz

As society becomes more and more dependent on computer systems, attacks and intrusions perpetrated by malicious adversaries are important problems that need to be addressed in any IT infrastructure. Current experience, however, shows that it is extremely difficult to build completely secure applications. Security vulnerabilities can emerge due to different causes, such as ill-defined dependencies on third-party software components, bad programming habits, or obscure relations with the environment (e.g., network, input devices, OS). Statistics published by CERT show that these problems are not disappearing, as indicated by the exponential grow on the number of incidents reported during the last decade.

Consequently, prevention techniques per se will not enable us to attain the security goal, and intrusion tolerance strategies have to be employed in the construction of the applications.

In this project we want to develop a stack of protocols capable of tolerating intrusions. Distributed applications composed by a set of cooperating processes running on different nodes, can resort to these protocols for the implementation of interesting tasks. As a result, if applications are organized properly, they can continue to provide useful services even if a malicious adversary controls a number of the processes (and makes them fail in a Byzantine way) or attacks the network.

The types of networks considered in the project (LAN, WAN or Wireless) are particularly difficult to tackle because of their unpredictable timeliness (also called asynchronous systems). A well known result by Fischer et al indicates that consensus can not be deterministically solved in this setting if a single process is allowed to crash. Therefore, to be able to circumvent this result, we will use randomization techniques in the protocols.

Aims

In this project we want to make contributions in the following three important areas:

In the first place, the project will design a new stack of randomized protocols for a set of fundamental tasks such as reliable broadcast, atomic total order broadcast, and different forms of consensus (binary, multi-value, and vector).

In the second place, the project will implement and evaluate the stack of protocols on a network of PCs. Throughout the years several protocols capable of tolerating Byzantine failures were proposed, however almost all of them were never implemented. As a key result of this project, we want to get a better understanding about the behavior of the developed protocols on a LAN or WAN setting.

In the third place, we want to experiment with the protocols on a mobile environment. Mobile hosts and wireless networks impose new challenges due to their specific characteristics, e.g., a smaller processing capacity or power limitations. To our knowledge, the project will make the first attempt to design and implement intrusion tolerant protocols for this type of systems.

Publications

• Henrique Moniz, Nuno Ferreira Neves, Miguel Correia, Paulo Verissimo, “RITAS: Services for Randomized Intrusion Tolerance”, IEEE Transactions on Dependable and Secure Computing, vol. 8, n. 1, pp. 122-136, Jan.-Feb. 2011., Jan. 2011.

• Henrique Moniz, Nuno Ferreira Neves, Miguel Correia, António Casimiro, Paulo Verissimo, “Intrusion Tolerance in Wireless Environments: An Experimental Evaluation”, in Proceedings of the 13th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC 07), Dec. 2007.

• Alysson Bessani, Miguel Correia, Henrique Moniz, Nuno Ferreira Neves, Paulo Verissimo, “When 3f+1 is not Enough: Tradeoffs for Decentralized Asynchronous Byzantine Consensus”, in Proceedings of 21st International Symposium on Distributed Computing (DISC 07), Sept. 2007.

• Alysson Bessani, Paulo Sousa, Miguel Correia, Nuno Ferreira Neves, Paulo Verissimo, “Intrusion-Tolerant Protection for Critical Infrastructures”, Missing institution, Tech. Rep., Apr. 2007. Technical Report DI/FCUL TR-07-8. Department of Computer Science, University of Lisboa. April 2007.

• Miguel Correia, Nuno Ferreira Neves, Lau Cheuk Lung, Paulo Verissimo, “Worm-IT - A Wormhole-based Intrusion-Tolerant Group Communication System”, Journal of Systems & Software, vol. 80, n. 2, pages 178-197, Elsevier, February 2007, Feb. 2007.

• Paulo Sousa, “Proactive Resilience”, in In Sixth European Dependable Computing Conference (EDCC-6) Supplemental Volume. Coimbra, Portugal, pages 27-32, October 2006., Oct. 2006.

• Paulo Sousa, Nuno Ferreira Neves, Paulo Verissimo, William H. Sanders, “Proactive Resilience Revisited: The Delicate Balance Between Resisting Intrusions and Remaining Available”, in Proceedings of the 25th IEEE Symposium on Reliable Distributed Systems (SRDS), Leeds, UK, pages 71-80, October 2006., Oct. 2006.

• Henrique Moniz, Nuno Ferreira Neves, Miguel Correia, Paulo Verissimo, “Experimental Comparison of Local and Shared Coin Randomized Consensus Protocols”, in Proceedings of the 25th IEEE Symposium on Reliable Distributed Systems (SRDS), Leeds, UK, October 2006, Oct. 2006.

• Henrique Moniz, Nuno Ferreira Neves, Miguel Correia, Paulo Verissimo, “Randomized Intrusion-Tolerant Asynchronous Services”, in Proceedings of the International Conference on Dependable Systems and Networks (DSN), Philadelphia, USA, pages 568-577, June 2006, Jun. 2006.

• Paulo Sousa, Nuno Ferreira Neves, Paulo Verissimo, “Proactive Resilience through Architectural Hybridization”, in Proceedings of the 2006 ACM Symposium on Applied Computing (SAC), Dijon, France, pages 686-690, April 2006., Apr. 2006.

• Miguel Correia, Nuno Ferreira Neves, Paulo Verissimo, “From Consensus to Atomic Broadcast: Time-Free Byzantine-Resistant Protocols without Signatures”, Computer Journal. vol. 41, n. 1, pp 82-96, January 2006., Jan. 2006.

BibTeX

Navigators - RITAS project

Projects

Current projects:

VEDLIoT, SATO, ADMORPH, SEAL, AQUAMON, UPVN, REDBOOK, ThreatAdapt, SEL, Xivt

Past projects:

TCLOUDS, MASSIF, MAFTIA, RESIST NoE, DiSIEM, KARYON, HIDENETS, CORTEX, CRUTIAL, TRONE, SITAN, ReD, IRCoC, DIVERSE, CloudFIT, READAPT, REGENESYS, RC-Clouds, TACID, DARIO, RITAS, AJECT, MICRA, DEAR-COTS, COPE, DEFEATS, MOOSCO, TOPCOM, RE:DY, NORTH, Abyss, SUPERCLOUD, COST Action IC1402, SEGRID, BioBankCloud, PROPHECY, SAPIENT, SecFuNet, FTH-Grid, AIR-II, AIR, ESFORS, CaberNet, GODC, BROADCAST, CoDiCom, Delta-4, RAPTOR