On the Resilience of Intrusion-Tolerant Distributed Systems

The paper starts by introducing a new dimension along which distributed systems resilience may be evaluated - exhaustion-safety. A node-exhaustion-safe intrusion-tolerant distributed system is a system that assuredly does not suffer more than the assumed number of node failures (e.g., crash, Byzanti...

Full description

Bibliographic Details
Main Author: Neves, Nuno Ferreira (author)
Other Authors: Veríssimo, Paulo (author), Sousa, Paulo (author), Lopes, Antónia (author)
Format: report
Language:por
Published: 2009
Subjects:
Intrusion Tolerance
Timing Assumptions
Proactive Recovery
Wormholes
Secret Sharing
Online Access:http://hdl.handle.net/10451/14075
Country:Portugal
Oai:oai:repositorio.ul.pt:10451/14075
Description
Summary:The paper starts by introducing a new dimension along which distributed systems resilience may be evaluated - exhaustion-safety. A node-exhaustion-safe intrusion-tolerant distributed system is a system that assuredly does not suffer more than the assumed number of node failures (e.g., crash, Byzantine). We show that it is not possible to build this kind of systems under the asynchronous model. This result follows from the fact that in an asynchronous environment one cannot guarantee that the system terminates its execution before the occurrence of more than the assumed number of faults. After introducing exhaustion-safety, the paper proposes a new paradigm - proactive resilience - to build intrusion-tolerant distributed systems. Proactive resilience is based on architectural hybridization and hybrid distributed system modeling. The Proactive Resilience Model (PRM) is presented and shown to be a way of building node-exhaustion-safe intrusion-tolerant systems. Finally, the paper describes the design of a secret sharing system built according to the PRM. A proof-of-concept prototype of this system is shown to be highly resilient under different attack scenarios.

Similar Items