Browse by author
Lookup NU author(s): Dr Dylan Clarke, Dr Paul EzhilchelvanORCiD
Primary-Backup service replication does not constrain that theservice be built as a deterministic state machine. It is meant totolerate crashes, not intrusions. We consider an approach, calledFORTRESS, for adding intrusion-resilience capability to aprimary-backup server system. It involves using proxies that blockclients from directly accessing servers, and periodicallyrandomizing the executables of proxies and servers. We argue thatproxies and proactive randomization can offer sound defense againstattacks including de-randomization attacks. Using simulations, wethen compare the attack resilience that FORTRESS adds to aprimary-backup server system with that attainable through statemachine replication (SMR) that is fit only for deterministicservices. A significant observation is that FORTRESS emerges to bemore resilient than an SMR system of four server replicas that arediversely randomized at the start and are subject to proactiverecovery throughout.
Author(s): Clarke D, Ezhilchelvan P
Publication type: Conference Proceedings (inc. Abstract)
Publication status: Published
Conference Name: 4th DSN Workshop on Recent Advances in Intrusion-Tolerant Systems (WRAITS)
Year of Conference: 2010
Pages: 6pp
Date deposited: 15/11/2010
URL: http://wraits10.di.fc.ul.pt/paper%207.pdf
