Provendo Confidencialidade em Espaços de Tuplas Tolerantes a Intrusões
Resumo
A coordenação por espaços de tuplas é um dos mais interessantes modelos de comunicação para sistemas distribuídos abertos, devido as suas características de desacoplamento espacial e temporal e ao seu poder de sincronização. Muitos destes sistemas estão sujeitos a faltas, ataques e intrusões, porém é fundamental que a estrutura de comunicação neles empregada permaneça provendo seu serviço corretamente mesmo na presença desses eventos. Para fornecer este nível de qualidade de serviço uma abordagem interessante é a tolerância a intrusões, onde o sistema é implementado por um conjunto de réplicas que provêm o serviço corretamente mesmo que uma parte delas sejam controladas por um adversário. Este trabalho apresenta um esquema de confidencialidade para espaços de tuplas tolerantes a intrusões baseado em compartilhamento de segredo, onde uma tupla (unidade de dados armazenada no espaço) não é revelada a partes não autorizadas mesmo que algumas das réplicas do espaço sejam faltosas. Visando validar este esquema, alguns experimentos que medem o impacto da inclusão do esquema em um espaço de tuplas tolerante a intrusões são apresentados.Referências
Avizienis, A., Laprie, J.-C., Randell, B., and Landwehr, C. (2004). Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing, 1(1):11–33.
Bellare, M. and Rogaway, P. (1993). Random oracles are practical: A paradigm for designing efficient protocols. In Proc. of the 1st ACM Conference on Computer and Communications Security, pages 62–73.
Bessani, A. N., Correia, M., Fraga, J., and Lung, L. C. (2006a). Sharing memory between Byzantine processes using a policy-enforced tuple spaces. In Proceedings of 26th IEEE International Conference on Distributed Computing Systems ICDCS 2006.
Bessani, A. N., Fraga, J., and Lung, L. C. (2006b). BTS: A Byzantine fault-tolerant tuple space. In Proc. of the 21st ACM Symposium on Applied Computing SAC 2006.
Busi, N., Gorrieri, R., Lucchi, R., and Zavattaro, G. (2003). SecSpaces: a data-driven coordination model for environments open to untrusted agents. In Electronic Notes in Theoretical Computer Science, volume 68.
Cachin, C. and Tessaro, S. (2006). Optimal resilience for erasure-coded Byzantine distributed storage. In Proc. of Dependable Systems and Networks, DSN 06.
Castro, M. and Liskov, B. (2002). Practical Byzantine fault-tolerance and proactive recovery. ACM Transactions Computer Systems, 20(4):398–461.
De Nicola, R., Ferrari, G. L., and Pugliese, R. (1998). Klaim: A kernel language for agents interaction and mobility. IEEE Transactions on Software Engineering, 24(5):315–330.
Diffie, W. and Hellman, M. E. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22(6):644–654.
Fraga, J. and Powell, D. (1985). A faultand intrusion-tolerant file system. In Proceedings of the 3rd Int. Conference on Computer Security, pages 203–218.
Gelernter, D. (1985). Generative communication in Linda. ACM Transactions on Programing Languages and Systems, 7(1):80–112.
Gelernter, D. and Carriero, N. (1992). Coordination languages and their significance. Communications of ACM, 35(2):96–107.
Goldereich, O. (2001). Fundamentals of Criptography: Basic Tools, volume 1. Cambridge Press, Cambridge Massachussets.
Lamport, L., Shostak, R., and Pease, M. (1982). The Byzantine generals problem. ACM Transactions on Programing Languages and Systems, 4(3):382–401.
Rabin, M. (1989). Efficient dispersal of information for security, load balancing, and fault tolerance. Journal of the ACM, 36(2):335–348.
Schneider, F. and Zhou, L. (2005). Implementing trustworthy services using replicate state machines. IEEE Security & Privacy, 3(5):34–43.
Schoenmakers, B. (1999). A simple publicly verifiable secret sharing scheme and its application to electronic voting. In Advances in Cryptology CRYPTO’99, volume 1666 of LNCS, pages 148–164.
Urbán, P., Défago, X., and Schiper, A. (2002). Neko: A single environment to simulate and prototype distributed algorithms. Journal of Information Science and Engineering, 18(6):981– 997.
Veríssimo, P., Neves, N. F., and Correia, M. P. (2003). Intrusion-tolerant architectures: Concepts and design. In Architecting Dependable Systems, volume 2677 of Lecture Notes in Computer Science. Springer-Verlag.
Vitek, J., Bryce, C., and Oriol, M. (2003). Coordination processes with Secure Spaces. Science of Computer Programming, 46(1-2):163–193.
Bellare, M. and Rogaway, P. (1993). Random oracles are practical: A paradigm for designing efficient protocols. In Proc. of the 1st ACM Conference on Computer and Communications Security, pages 62–73.
Bessani, A. N., Correia, M., Fraga, J., and Lung, L. C. (2006a). Sharing memory between Byzantine processes using a policy-enforced tuple spaces. In Proceedings of 26th IEEE International Conference on Distributed Computing Systems ICDCS 2006.
Bessani, A. N., Fraga, J., and Lung, L. C. (2006b). BTS: A Byzantine fault-tolerant tuple space. In Proc. of the 21st ACM Symposium on Applied Computing SAC 2006.
Busi, N., Gorrieri, R., Lucchi, R., and Zavattaro, G. (2003). SecSpaces: a data-driven coordination model for environments open to untrusted agents. In Electronic Notes in Theoretical Computer Science, volume 68.
Cachin, C. and Tessaro, S. (2006). Optimal resilience for erasure-coded Byzantine distributed storage. In Proc. of Dependable Systems and Networks, DSN 06.
Castro, M. and Liskov, B. (2002). Practical Byzantine fault-tolerance and proactive recovery. ACM Transactions Computer Systems, 20(4):398–461.
De Nicola, R., Ferrari, G. L., and Pugliese, R. (1998). Klaim: A kernel language for agents interaction and mobility. IEEE Transactions on Software Engineering, 24(5):315–330.
Diffie, W. and Hellman, M. E. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22(6):644–654.
Fraga, J. and Powell, D. (1985). A faultand intrusion-tolerant file system. In Proceedings of the 3rd Int. Conference on Computer Security, pages 203–218.
Gelernter, D. (1985). Generative communication in Linda. ACM Transactions on Programing Languages and Systems, 7(1):80–112.
Gelernter, D. and Carriero, N. (1992). Coordination languages and their significance. Communications of ACM, 35(2):96–107.
Goldereich, O. (2001). Fundamentals of Criptography: Basic Tools, volume 1. Cambridge Press, Cambridge Massachussets.
Lamport, L., Shostak, R., and Pease, M. (1982). The Byzantine generals problem. ACM Transactions on Programing Languages and Systems, 4(3):382–401.
Rabin, M. (1989). Efficient dispersal of information for security, load balancing, and fault tolerance. Journal of the ACM, 36(2):335–348.
Schneider, F. and Zhou, L. (2005). Implementing trustworthy services using replicate state machines. IEEE Security & Privacy, 3(5):34–43.
Schoenmakers, B. (1999). A simple publicly verifiable secret sharing scheme and its application to electronic voting. In Advances in Cryptology CRYPTO’99, volume 1666 of LNCS, pages 148–164.
Urbán, P., Défago, X., and Schiper, A. (2002). Neko: A single environment to simulate and prototype distributed algorithms. Journal of Information Science and Engineering, 18(6):981– 997.
Veríssimo, P., Neves, N. F., and Correia, M. P. (2003). Intrusion-tolerant architectures: Concepts and design. In Architecting Dependable Systems, volume 2677 of Lecture Notes in Computer Science. Springer-Verlag.
Vitek, J., Bryce, C., and Oriol, M. (2003). Coordination processes with Secure Spaces. Science of Computer Programming, 46(1-2):163–193.
Publicado
28/08/2006
Como Citar
BESSANI, Alysson Neves; ALCHIERI, Eduardo Adílio Pelison; CORREIA, Miguel; FRAGA, Joni da Silva; LUNG, Lau Cheuk.
Provendo Confidencialidade em Espaços de Tuplas Tolerantes a Intrusões. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 6. , 2006, Santos.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2006
.
p. 236-249.
DOI: https://doi.org/10.5753/sbseg.2006.20952.
