DEFEATS: Distributed Fault and Attack Tolerant Systems Configuration
- Research Line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)
- Sponsor: FCT
- Project Number: POSI/1999/CHS/33996
- Total award amount: 29.5K Euros
- Coordinator: FCUL
- Partners: FCUL
- Start Date: Jan. 2001
- Duration: 36 months
- Keywords: Distributed systems, Configuration, Intrusion tolerance, Fault tolerance, Security, Reflection, Groups
- Team at FCUL: 5 researchers, including Paulo Veríssimo, Nuno Ferreira Neves, Miguel Correia
With the increasing experience with applications running in a large-scale asynchronous network such as the Internet, the need for dependability properties in that environment has become evident. For example, E-commerce services have to be secure, reliable and available. There has been research in those properties for a couple of decades now, but their implementation is still not simple for the average system architect.
Faults in critical systems have been handled by a number of techniques, from prevention to fault tolerance mechanisms based on replication. On the other hand, security is still mostly obtained through prevention, although it is possible to characterize the malicious faults involved in attacks, which can then be handled using fault-tolerance techniques. This issue, attack tolerance, only recently started to receive attention.
The composition of medium/large software systems from smaller components has also been an area of research in the last years. The application of these ideas to configuration of distributed systems and processes is a powerful framework. The basic principle is the separation between systems architecture and computation. Computation is done by the components. The architecture of the system can be defined using configuration languages or graphic tools, and changed using a configuration platform.
Project DEFEATS is concerned with studying a configurable framework to build attack and intrusion tolerant systems.
Project DEFEATS aims to develop: (1) a framework for the configuration of dependable distributed services (including attack tolerance); and (2) a decomposition of attack tolerance mechanisms in reusable blocks and a set of guidelines for their composition. Other contributions will be the integration of a meta-level scheme with configuration, and the design of a dependable configuration platform. Comprehensive approaches to this set of problems are not known in the literature.
Approach and Methods
Project DEFEATS has two lines of work. In the first place, the project will research mechanisms to build attack tolerant services and define a set of building blocks and guidelines to compose such services. The set of blocks will include attack-tolerant intrusion detection and attack-tolerant authentication services. Communication will be based on a group communication system, since such systems are particularly well suited for replicated services.
In the second place, the project will define a framework for the configuration of dependable systems resilient to both accidental and intentional malicious faults, using the defined building blocks. There are several issues that will be considered: (1) the definition of a meta-level scheme to transparently configure a service in order that it is dependable; (2) the dependability of the configuration platform itself (including attack tolerance); (3) the interference between the dependability of the platform and the services that run over it. A demonstration prototype of an instantiation of the framework will be implemented and feedback will be taken for its further refinement.
- Miguel Correia, Nuno Ferreira Neves, Paulo Verissimo, Lau Cheuk Lung, “Low Complexity Byzantine-Resilient Consensus”, Distributed Computing, vol. 17, n. 3, pp. 237--249, March 2005. http://www.springerlink.com/index/10.1007/s00446-004-0110-7, Oct. 2005.
- Miguel Correia, Nuno Ferreira Neves, Paulo Verissimo, “How to Tolerate Half Less One Byzantine Nodes in Practical Distributed Systems”, in In Proceedings of the 23rd IEEE Symposium on Reliable Distributed Systems. Florianopolis, Brasil, pages 174-183, October 2004, Oct. 2004.
- Rafael Ferraz, João Sequeira, Bruno Gonçalves, Miguel Correia, Nuno Ferreira Neves, Paulo Verissimo, “An Intrusion-Tolerant Web Server based on the DISTRACT Architecture”, in In Workshop on Dependable Distributed Data Management, Florianopolis, Brasil, pages 45-50, October 2004., Oct. 2004.
- Tiago Jorge, José Pascoal, Miguel Correia, Nuno Ferreira Neves, Paulo Verissimo, “Concretização de um Sistema de Comunicação em Grupo Tolerante a Intrusões”, in In 7ª Conferência sobre Redes de Computadores. Leiria, Portugal, pages 111-122, October 2004., Oct. 2004.
- Miguel Correia, Nuno Ferreira Neves, Paulo Verissimo, “How to Tolerate Half Less One Byzantine Nodes in Practical Distributed Systems”, Missing institution, Tech. Rep., Sept. 2004. Technical Report DI/FCUL TR-04-6. Department of Computer Science, University of Lisbon. July 2004.
- Miguel Correia, Nuno Ferreira Neves, Paulo Verissimo, “From Consensus to Atomic Broadcast: Time-Free Byzantine-Resistant Protocols without Signatures”, Missing institution, Tech. Rep., Jun. 2004. Technical Report DI/FCUL TR-04-5. Department of Computer Science, University of Lisbon. June 2004.
- Paulo Verissimo, Jörg Kaiser, António Casimiro, “An architecture to support interaction via Generic Events”, in 24th IEEE Real-time Systems Symposium, Work in Progress Proceedings, Cancun, Mexico, December 2003, Dec. 2003.
- Miguel Correia, Nuno Ferreira Neves, Lau Cheuk Lung, Paulo Verissimo, “Low Complexity Byzantine-Resilient Consensus”, Missing institution, Tech. Rep., Oct. 2003. Technical Report DI/FCUL TR-03-25, Department of Computer Science, University of Lisbon. August 2003
- Paulo Verissimo, Nuno Ferreira Neves, Miguel Correia, “Intrusion-Tolerant Architectures: Concepts and Design”, in Architecting Dependable Systems, ser. LNCS. Springer-Verlag, Jun. 2003, vol. 2677, pp. 3–36. Extended version in http://hdl.handle.net/10455/2954
- Miguel Correia, Lau Cheuk Lung, Nuno Ferreira Neves, Paulo Verissimo, “A Simple Intrusion-Tolerant Reliable Multicast Protocol using the TTCB Model”, in Proceedings of the 21st Simpósio Brasileiro de Redes de Computadores, Natal, Brasil, May 2003, May 2003.
- Paulo Verissimo, “Uncertainty and Predictability: Can they be reconciled?”, in Future Directions in Distributed Computing, pp. 108-113, Springer Verlag LNCS 2584, May, 2003, Jan. 2003.
- Miguel Correia, Paulo Verissimo, Nuno Ferreira Neves, “The Design of a COTS Real-Time Distributed Security Kernel”, in Fourth European Dependable Computing Conference, Toulouse, France, October 2002© Springer-Verlag, http://www.springer.de/comp/lncs/, Oct. 2002.
- Miguel Correia, Lau Cheuk Lung, Nuno Ferreira Neves, Paulo Verissimo, “Efficient Byzantine-Resilient Reliable Multicast on a Hybrid Failure Model”, in Proceedings of the 21st Symposium on Reliable Distributed Systems (SRDS'2002), Suita, Japan, October 2002, Sept. 2002.
- Paulo Verissimo, “Intrusion Tolerance: Concepts and Design Principles. A Tutorial”, Missing institution, Tech. Rep., Jul. 2002. Technical Report DI/FCUL TR-02-6, Department of Computer Science, University of Lisbon. July 2002.
- Miguel Correia, Paulo Verissimo, Nuno Ferreira Neves, “The Architecture of a Secure Group Communication System Based on Intrusion Tolerance”, in in Proceedings of the International Workshop on Applied Reliable Group Communication, Phoenix, Arizona, USA, April 2001., Apr. 2001.
BibTeXNavigators - DEFEATS project
|Current projects:||DiSIEM, SEAL, AQUAMON, UPVN, IRCoC, Xivt, Abyss|
|Past projects:||TCLOUDS, MASSIF, MAFTIA, RESIST NoE, KARYON, HIDENETS, CORTEX, CRUTIAL, TRONE, SITAN, ReD, DIVERSE, CloudFIT, READAPT, REGENESYS, RC-Clouds, TACID, DARIO, RITAS, AJECT, MICRA, DEAR-COTS, COPE, DEFEATS, MOOSCO, TOPCOM, NORTH, SUPERCLOUD, COST Action IC1402, SEGRID, BioBankCloud, SAPIENT, PROPHECY, SecFuNet, FTH-Grid, AIR-II, AIR, ESFORS, CaberNet, GODC, BROADCAST, CoDiCom, Delta-4, RAPTOR|