DEFEATS: Distributed Fault and Attack Tolerant Systems Configuration

From Navigators

Jump to: navigation, search

http://defeats.di.fc.ul.pt/

With the increasing experience with applications running in a large-scale asynchronous network such as the Internet, the need for dependability properties in that environment has become evident. For example, E-commerce services have to be secure, reliable and available. There has been research in those properties for a couple of decades now, but their implementation is still not simple for the average system architect.

Faults in critical systems have been handled by a number of techniques, from prevention to fault tolerance mechanisms based on replication. On the other hand, security is still mostly obtained through prevention, although it is possible to characterize the malicious faults involved in attacks, which can then be handled using fault-tolerance techniques. This issue, attack tolerance, only recently started to receive attention.

The composition of medium/large software systems from smaller components has also been an area of research in the last years. The application of these ideas to configuration of distributed systems and processes is a powerful framework. The basic principle is the separation between systems architecture and computation. Computation is done by the components. The architecture of the system can be defined using configuration languages or graphic tools, and changed using a configuration platform.

Project DEFEATS is concerned with studying a configurable framework to build attack and intrusion tolerant systems.

Aims

Project DEFEATS aims to develop: (1) a framework for the configuration of dependable distributed services (including attack tolerance); and (2) a decomposition of attack tolerance mechanisms in reusable blocks and a set of guidelines for their composition. Other contributions will be the integration of a meta-level scheme with configuration, and the design of a dependable configuration platform. Comprehensive approaches to this set of problems are not known in the literature.

Approach and Methods

Project DEFEATS has two lines of work. In the first place, the project will research mechanisms to build attack tolerant services and define a set of building blocks and guidelines to compose such services. The set of blocks will include attack-tolerant intrusion detection and attack-tolerant authentication services. Communication will be based on a group communication system, since such systems are particularly well suited for replicated services.

In the second place, the project will define a framework for the configuration of dependable systems resilient to both accidental and intentional malicious faults, using the defined building blocks. There are several issues that will be considered: (1) the definition of a meta-level scheme to transparently configure a service in order that it is dependable; (2) the dependability of the configuration platform itself (including attack tolerance); (3) the interference between the dependability of the platform and the services that run over it. A demonstration prototype of an instantiation of the framework will be implemented and feedback will be taken for its further refinement.

Publications

  • Miguel Correia, Nuno Ferreira Neves, Lau Cheuk Lung, Paulo Verissimo, “Low Complexity Byzantine-Resilient Consensus”, Missing institution, Tech. Rep., Oct. 2003. Technical Report DI/FCUL TR-03-25, Department of Computer Science, University of Lisbon. August 2003

BibTeX

Navigators - DEFEATS project
Personal tools
Navigators toolbox