Abstract
We present an approach for incorporating intrusion resilience to replicated services, irrespective of the service replication used and of the fault types tolerated. The approach, termed as FORTRESS, involves fortifying a fault-tolerant service using proxies that block clients from accessing the servers directly, and periodically refreshing proxies and servers with diverse executables generated using code randomization. These two features make it hard for an attacker to compromise a server when no proxy has been compromised. An analytical evaluation establishes that if attackers cannot intrude servers without first having compromised a proxy, fortifying even a passively replicated service can offer greater resilience than building that service as a deterministic state machine and actively replicating it over diverse platforms. Finally, the FORTRESS architecture is presented where proactive code randomization is achieved by proactive replacement of server and proxy nodes. Examining the state transfer protocol executed during node replacement shows that the processing overhead per replacement is no more than the overhead for changing the leader or the primary replica in replication management.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Agbaria, A., Friedman, R.: A replication- and checkpoint-based approach for anomaly-based intrusion detection and recovery. In: ICDCS Workshop on Security in Distributed Computing Systems, pp. 137–143 (2005)
Barrantes, E.G., Ackley, D.H., Forrest, S., Stefanovic, D.: Randomized instruction set emulation. ACM Trans. Information System Security 8(1), 3–40 (2005)
Baumann, R.: Soft errors in advanced computer systems. IEEE Design and Test 22(3), 258–266 (2005)
Berger, E.D., Zorn, B.: Diehard: Probabilistic memory safety for unsafe languages. In: Proceedings of the ACM SIGPLAN 2006 Conference on Programming Language Design and Implementation, pp. 158–168. ACM Press, New York (2006)
Bhatkar, S., DuVarney, D.C., Sekar, R.: Address obfuscation: an efficient approach to combat a board range of memory error exploits. In: SSYM 2003: Proceedings of the 12th conference on USENIX Security Symposium, pp. 105–120. USENIX Association, Berkeley (2003)
Broder, A.Z., Dolev, D.: Flipping coins in many pockets (byzantine agreement on uniformly random values). In: SFCS 1984: Proceedings of the 25th Annual Symposium on Foundations of Computer Science, pp. 157–170. IEEE Computer Society, Washington (1984)
Castro, M., Liskov, B.: Practical byzantine fault tolerance. In: OSDI 1999: Proceedings of the third symposium on Operating systems design and implementation, pp. 173–186. USENIX Association, Berkeley (1999)
Castro, M., Liskov, B.: Practical byzantine fault tolerance and proactive recovery. ACM TOCS 20(4), 398–461 (2002)
Fetzer, C., Xiao, Z.: Detecting heap smashing attacks through fault containment wrappers. In: Proc. SRDS 2001, pp. 80–89 (2001)
Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS), Washingtion, DC, USA, pp. 272–280 (2003)
Kistijantoro, A.I., Morgan, G., Shrivastava, S.K., Little, M.C.: Enhancing an application server to support available components. IEEE Transactions on Software Engineering 34(4), 531–545 (2008)
Lamport, L.: Paxos made simple. SIGACT News 32(4), 51–58 (2001)
Marsh, M., Schneider, F.B.: Codex: A robust and secure secret distribution system. IEEE Transctions in Dependable and Secure Computing 1(1), 34–47 (2004)
Roeder, T., Schneider, F.B.: Proactive obfuscation. Technical report. Cornell University (March 2009)
Saidane, A., Nicomette, V., Deswarte, Y.: The design of a generic intrusion-tolerant architecture for web servers. IEEE Transactions on Dependable and Secure Computing 6(1), 45–58 (2009)
Schneider, F.B.: Implementing fault-tolerant services using the state machine approach: a tutorial. ACM Comput. Surv. 22(4), 299–319 (1990)
Schneider, F.B., Zhou, L.: Implementing trustworthy services using replicated state machines. IEEE Security and Privacy 3(5), 34–43 (2005)
Shacham, H., Page, M., Pfaff, B., Goh, E., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: CCS 2004: Proc. of the 11th ACM conference on Computer and Communications Security, pp. 298–307. ACM, New York (2004)
Slember, J.G., Narasimhan, P.: Using program analysis to identify and compensate for nondeterminism in fault-tolerant, replicated systems. In: Proceedings of SRDS, pp. 251–263 (2004)
Sousa, P., Bessani, A.N., Correia, M., Neves, N.F., Verissimo, P.: Resilient intrusion tolerance through proactive and reactive recovery. In: Proc. 13th Pacific Rim International Symposium on Dependable Computing PRDC 2007 (To appear also in IEEE TPDS), December 17-19, pp. 373–380 (2007)
Sousa, P., Neves, N.F., Veríssimo, P.: Proactive resilience through architectural hybridization. In: SAC 2006: Proceedings of the 2006 ACM symposium on Applied computing, pp. 686–690. ACM, New York (2006)
Sousa, P., Neves, N.F., Verissimo, P.: Hidden problems of asynchronous proactive recovery. In: Workshop on Hot Topics in System Dependability (June 2007)
Sousa, P., Neves, N.F., Verissimo, P., Sanders, W.H.: Proactive resilience revisited: The delicate balance between resisting intrusions and remaining available. In: Proc. 25th IEEE Symposium on Reliable Distributed Systems SRDS 2006, October 2-4, pp. 71–82 (2006)
Sovarel, A.N., Evans, D., Paul, N.: Where’s the feeb?: The effectiveness of instruction set randomization. In: Proceedings of the 14th USENIX security symposium, pp. 145–160. Usenix Association (2005)
Xu, J., Kalbarczyk, Z., Iyer, R.K.: Transparent runtime randomization for security. In: Proceedings of SRDS, October 2003, pp. 260–269 (2003)
Zhao, W., Zhang, H.: Proactive service migration for long-running byzantine fault-tolerant systems. IET Software 3(2), 154–164 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ezhilchelvan, P., Clarke, D., Mitrani, I., Shrivastava, S. (2009). Proactive Fortification of Fault-Tolerant Services. In: Abdelzaher, T., Raynal, M., Santoro, N. (eds) Principles of Distributed Systems. OPODIS 2009. Lecture Notes in Computer Science, vol 5923. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10877-8_26
Download citation
DOI: https://doi.org/10.1007/978-3-642-10877-8_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10876-1
Online ISBN: 978-3-642-10877-8
eBook Packages: Computer ScienceComputer Science (R0)