Implementando Diversidade em Replicação Máquina de Estados
Resumo
Vulnerabilidades podem comprometer as propriedades de segurança de um sistema quando adequadamente exploradas por um atacante. Uma alternativa para mitigar este risco é a implementação de sistemas tolerantes a intrusões. Uma abordagem muito utilizada para estas implementações é a replicação Máquina de Estados (RME). Porém, as soluções existentes não suportam diversidade na implementação das réplicas, de forma que um mesmo ataque pode comprometer todo o sistema. Neste sentido, este trabalho propõe uma arquitetura para fornecer suporte à diversidade de implementação em RMEs e mostra como a mesma foi integrada no BFT-SMART. Um conjunto de experimentos mostra o comportamento prático das soluções propostas.
Referências
Amir, Y., Coan, B., Kirsch, J., and Lane, J. (2011). Prime: Byzantine replication under attack. IEEE Transactions on Dependable and Secure Computing, 8(4):564–577.
Antunes, J. and Neves, N. (2011). DiveInto: Supporting diversity in intrusion-tolerant systems. In 30th IEEE Symposium on Reliable Distributed Systems.
Avizienis, A., Laprie, J.-C., Randell, B., and Landwehr, C. (2004). Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing, 1(1):11–33.
Avizienis, A. and Chen, L. (1977). On the implementation of n-version programming for software fault tolerance during execution. In International Computer Software and Applications Conference.
Bessani, A., Daidone, A., Gashi, I., Obelheiro, R., Sousa, P., and Stankovic, V. (2009). Enhancing fault / intrusion tolerance through design and configuration diversity. In Proceedings of the 3rd Workshop on Recent Advances on Intrusion-Tolerant Systems.
Bessani, A., Sousa, J., and Alchieri, E. (2014). State machine replication for the masses with BFT-SMaRt. In Proceedings of the International Conference on Dependable Systems and Networks.
Castro, M. and Liskov, B. (2002). Practical Byzantine fault-tolerance and proactive recovery. ACM Transactions on Computer Systems, 20(4):398–461.
Castro, M., Rodrigues, R., and Liskov, B. (2003). BASE: Using abstraction to improve fault tolerance. ACM Transactions Computer Systems, 21(3):236–269.
Clement, A., Kapritsos, M., Lee, S., Wang, Y., Alvisi, L., Dahlin, M., and Riché, T. (2009a). UpRight cluster services. In Proceedings of the ACM Symposium on Operating Systems Principles.
Clement, A., Wong, E., Alvisi, L., Dahlin, M., and Marchetti, M. (2009b). Making byzantine fault tolerant systems tolerate byzantine faults. In Proceedings of the 6th USENIX symposium on Networked systems design and implementation.
Fraga, J. and Powell, D. (1985). A fault- and intrusion-tolerant file system. In Proceedings of the 3rd Int. Conference on Computer Security, pages 203–218.
Garcia, M., Bessani, A., Gashi, I., Neves, N., and Obelheiro, R. (2011). Os diversity for intrusion tolerance: Myth or reality? In Proceedings of the IEEE/IFIP 41st International Conference on Dependable Systems&Networks, DSN ’11.
Garcia, M., Bessani, A., Gashi, I., Neves, N., and Obelheiro, R. (2014). Analysis of operating system diversity for intrusion tolerance. Software: Practice and Experience, 44(6):735–770.
Guerraoui, R., Knežević, N., Quéma, V., and Vukolić, M. (2010). The next 700 BFT protocols. In Proceedings of the ACM SIGOPS/EuroSys European Systems Conference.
Hadzilacos, V. and Toueg, S. (1994). A modular approach to the specification and implementation of fault-tolerant broadcasts. Technical report, Department of Computer Science, Cornell.
Kotla, R., Alvisi, L., Dahlin, M., Clement, A., and Wong, E. (2009). Zyzzyva: Speculative Byzantine fault tolerance. ACM Transactions on Computer Systems, 27(4):7:1–7:39.
Obelheiro, R. R., Bessani, A. N., and Lung, L. C. (2005). Analisando a viabilidade da implementação prática de sistemas tolerantes a intrusões. In Anais do V Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais - SBSeg 2005.
Platania, M., Obenshain, D., Tantillo, T., Sharma, R., and Amir, Y. (2014). Towards a practical survivable intrusion tolerant replication system. In 33rd IEEE International Symposium on Reliable Distributed Systems, pages 242–252.
Protocol Buffers (2016). Protocol buffers developers. Disponível em https://developers.google.com/protocol-buffers/. Último acesso em Abril de 2016.
Randell, B. (1975). System structure for software fault tolerance. In Proceedings of the International Conference on Reliable Software.
Schneider, F. B. (1990). Implementing fault-tolerant service using the state machine aproach: A tutorial. ACM Computing Surveys, 22(4):299–319.
Veronese, G., Correia, M., Bessani, A., Lung, L., and Verissimo, P. (2013). Efficient Byzantine fault tolerance. IEEE Transactions on Computers, 62(1).
Veríssimo, P., Neves, N. F., and Correia, M. P. (2003). Intrusion-tolerant architectures: Concepts and design. In Architecting Dependable Systems, volume 2677 of Lecture Notes in Computer Science. Springer-Verlag.
White, B., Lepreau, J., Stoller, L., Ricci, R., Guruprasad, S., Newbold, M., Hibler, M., Barb, C., and Joglekar, A. (2002). An Integrated Experimental Environment for Distributed Systems and Networks. In Proc. of 5th Symp. on Operating Systems Design and Implementations.