Development of Intrusion-Tolerant Services Using Virtual Machines
Abstract
Much research aiming to design practical algorithms to support Byzantine Fault-Tolerant distributed applications has been made in recent years. These solutions are designed to make the applications resistant to successful attacks against the system, thereby making services tolerant to intrusions. Recently, some of these studies have considered the use of virtual machines for building an environment of trusted computing. These proposals aim to implement service and operating system diversity at virtual machine level. This paper presents VMBFT, an architecture for Byzantine Fault-Tolerance using virtual machines.
References
Avizienis, A., Laprie, J.-C., Randell, B., and Landwehr, C. (2004). Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing, 1(1):11–33.
Bessani, A. N., Sousa, P., Correia, M., Neves, N. F. and Veríssimo, P. (2007). IntrusionTolerant Protection for Critical Infrastructures. DI/FCUL. Tech. Report 07-8, 2007.
Camargos, F. L., Girard, G. and Ligneris, B. d. (2008). Virtualization of Linux Servers: a comparative study. Linux Symposium, Ottawa, Canada.
Castro, M. and Liskov, B. (1999). Practical Byzantine Fault Tolerance. Proceedings of the third Symposium on Operating Systems Design and Implementation. New Orleans, Louisiana, United States, USENIX Association.
Castro, M. and Liskov, B. (2002). "Practical byzantine fault tolerance and proactive recovery." ACM Transactions on Computer Systems (TOCS) 20(4):398-461.
Chun, B., Maniatis, P. and Shenker, S. (2008). Diverse Replication for Single-Machine Byzantine-Fault Tolerance. USENIX Annual Technical Conference.
Chun, B., Maniatis, P., Shenker, S. and Kubiatowicz, J. (2007). Attested Append-Only Memory: Making Adversaries Stick to their Word. Proceedings of 21st ACM Symposium on Operating Systems Principles, ACM Press New York, NY, USA.
Correia, Miguel P. (2005) Serviços Distribuídos Tolerantes a Intrusões: resultados recentes e problemas abertos. V Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais - Livro Texto de Mini-cursos, pp. 113-162.
Correia, M., Neves, N., Lung, L. and Veríssimo, P. (2007). "Worm-IT–A wormholebased intrusion-tolerant group communication system." The Journal of Systems & Software 80(2):178-197.
Correia, M., Neves, N. and Verissimo, P. (2004). How to tolerate half less one Byzantine nodes in practical distributed systems. Proceedings of the 23rd IEEE International Symposium on Reliable Distributed Systems.
Fischer, M., Lynch, N. and Paterson, M. (1985). "Impossibility of distributed consensus with one faulty process." Journal of the ACM (JACM) 32(2):374-382.
Hiltunen, M., Schlichting, R. and Ugarte, C. (2003). "Building Survivable Services Using Redundancy and Adaptation." IEEE Transactions on Computers:181-194.
Kotla, R., Alvisi, L., Dahlin, M., Clement, A. and Wong, E. (2007). "Zyzzyva: speculative byzantine fault tolerance." Proceedings of twenty-first ACM SIGOPS Symposium on Operating Systems Principles:45-58.
Lamport, L., Shostak, R. and Pease, M. (1982). "The Byzantine Generals Problem." ACM Transactions on Programming Languages and Systems 4(3):382-401.
Luiz, A., Bessani, A., Lung, L. and Filgueiras, T. (2008). "RePEATS-Uma Arquitetura para Replicação Tolerante a Faltas Bizantinas baseada em Espaço de Tuplas." XXVI Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, 2008.
Lung, L. C. (2009). Tolerância a Intrusões em Sistemas de Computação Distribuída. In II Seminário sobre Grandes Desafios da Computação no Brasil, pág. 13–16.
Reiser, H. and Kapitza, R. (2007). Hypervisor-Based Efficient Proactive Recovery. Proceeding of the 26th IEEE International Symposium on Reliable Distributed Systems (SRDS'07), Beijing, China.
Reiser, H. P. and Kapitza, R. (2008). Fault and Intrusion Tolerance on the Basis of Virtual Machines. Tagungsband des 1. Fachgespräch Virtualisierung. Germany.
Schneider, F. (1990). "Implementing fault-tolerant services using the state machine approach: a tutorial." ACM Computing Surveys (CSUR) 22(4):299-319.
Tsudik, G. (1992). "Message authentication with one-way hash functions." ACM SIGCOMM Computer Communication Review 22(5):29-38.
Veronese, G. S., et al. (2008). Minimal Byzantine Faul Tolerance. DI/FCUL Technical Report 08-30, December 2008.
Yin, J., Martin, J., Venkataramani, A., Alvisi, L. and Dahlin, M. (2003). "Separating agreement from execution for byzantine fault tolerant services." ACM SIGOPS Operating Systems Review 37(5):253-267.
Bessani, A. N., Sousa, P., Correia, M., Neves, N. F. and Veríssimo, P. (2007). IntrusionTolerant Protection for Critical Infrastructures. DI/FCUL. Tech. Report 07-8, 2007.
Camargos, F. L., Girard, G. and Ligneris, B. d. (2008). Virtualization of Linux Servers: a comparative study. Linux Symposium, Ottawa, Canada.
Castro, M. and Liskov, B. (1999). Practical Byzantine Fault Tolerance. Proceedings of the third Symposium on Operating Systems Design and Implementation. New Orleans, Louisiana, United States, USENIX Association.
Castro, M. and Liskov, B. (2002). "Practical byzantine fault tolerance and proactive recovery." ACM Transactions on Computer Systems (TOCS) 20(4):398-461.
Chun, B., Maniatis, P. and Shenker, S. (2008). Diverse Replication for Single-Machine Byzantine-Fault Tolerance. USENIX Annual Technical Conference.
Chun, B., Maniatis, P., Shenker, S. and Kubiatowicz, J. (2007). Attested Append-Only Memory: Making Adversaries Stick to their Word. Proceedings of 21st ACM Symposium on Operating Systems Principles, ACM Press New York, NY, USA.
Correia, Miguel P. (2005) Serviços Distribuídos Tolerantes a Intrusões: resultados recentes e problemas abertos. V Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais - Livro Texto de Mini-cursos, pp. 113-162.
Correia, M., Neves, N., Lung, L. and Veríssimo, P. (2007). "Worm-IT–A wormholebased intrusion-tolerant group communication system." The Journal of Systems & Software 80(2):178-197.
Correia, M., Neves, N. and Verissimo, P. (2004). How to tolerate half less one Byzantine nodes in practical distributed systems. Proceedings of the 23rd IEEE International Symposium on Reliable Distributed Systems.
Fischer, M., Lynch, N. and Paterson, M. (1985). "Impossibility of distributed consensus with one faulty process." Journal of the ACM (JACM) 32(2):374-382.
Hiltunen, M., Schlichting, R. and Ugarte, C. (2003). "Building Survivable Services Using Redundancy and Adaptation." IEEE Transactions on Computers:181-194.
Kotla, R., Alvisi, L., Dahlin, M., Clement, A. and Wong, E. (2007). "Zyzzyva: speculative byzantine fault tolerance." Proceedings of twenty-first ACM SIGOPS Symposium on Operating Systems Principles:45-58.
Lamport, L., Shostak, R. and Pease, M. (1982). "The Byzantine Generals Problem." ACM Transactions on Programming Languages and Systems 4(3):382-401.
Luiz, A., Bessani, A., Lung, L. and Filgueiras, T. (2008). "RePEATS-Uma Arquitetura para Replicação Tolerante a Faltas Bizantinas baseada em Espaço de Tuplas." XXVI Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, 2008.
Lung, L. C. (2009). Tolerância a Intrusões em Sistemas de Computação Distribuída. In II Seminário sobre Grandes Desafios da Computação no Brasil, pág. 13–16.
Reiser, H. and Kapitza, R. (2007). Hypervisor-Based Efficient Proactive Recovery. Proceeding of the 26th IEEE International Symposium on Reliable Distributed Systems (SRDS'07), Beijing, China.
Reiser, H. P. and Kapitza, R. (2008). Fault and Intrusion Tolerance on the Basis of Virtual Machines. Tagungsband des 1. Fachgespräch Virtualisierung. Germany.
Schneider, F. (1990). "Implementing fault-tolerant services using the state machine approach: a tutorial." ACM Computing Surveys (CSUR) 22(4):299-319.
Tsudik, G. (1992). "Message authentication with one-way hash functions." ACM SIGCOMM Computer Communication Review 22(5):29-38.
Veronese, G. S., et al. (2008). Minimal Byzantine Faul Tolerance. DI/FCUL Technical Report 08-30, December 2008.
Yin, J., Martin, J., Venkataramani, A., Alvisi, L. and Dahlin, M. (2003). "Separating agreement from execution for byzantine fault tolerant services." ACM SIGOPS Operating Systems Review 37(5):253-267.
Published
2009-07-20
How to Cite
STUMM JÚNIOR, Valdir; LUNG, Lau Cheuk; CORREIA, Miguel; FRAGA, Joni da Silva; LAU, Jim.
Development of Intrusion-Tolerant Services Using Virtual Machines. In: INTEGRATED SOFTWARE AND HARDWARE SEMINAR (SEMISH), 36. , 2009, Bento Gonçalves/RS.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2009
.
p. 265-279.
ISSN 2595-6205.
