“DIVERSYS: DIVErse Rejuvenation SYStem”
in NFORUM 2012 - Simpósio de Informática, Lisbon, Portugal, Sept. 2012.
Abstract: Replication has been used to build intrusion-tolerant systems, which are able to tolerate a limited number intrusions before the system is compromised. An important limitation of intrusion-tolerant systems is that if the system's replicas are similar, once a flaw is discovered and exploited in one replica, then it is easy to replicate it on the other replicas, compromising the whole system. To circumvent this limitation one must find a way to make these exploits occur independently. We propose the deployment of different operating systems in order to avoid common failures, making a system correct unless $f+1$ replicas are compromised. However, if enough time is given to the adversary, then eventually $f+1$ different replicas will suffer an intrusion. Hence, to reduce the size of this time window, we introduce diversity on recoveries, where the system will replace the faulty replicas with fresh and different ones (therefore, cleaning their faulty state) as the adversary compromises the replicas. The remaining challenge is to manage the recoveries without violating the availability of the system. Our contribution is to assess the risk on replicated systems to trigger recoveries.