Toward Intrusion Tolerance as a Service: Confidentiality in Partially Cloud-Based BFT Systems

2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) Pub Date : 2021-06-01 DOI:10.1109/DSN48987.2021.00019

Maher Khan, Amy Babay

{"title":"Toward Intrusion Tolerance as a Service: Confidentiality in Partially Cloud-Based BFT Systems","authors":"Maher Khan, Amy Babay","doi":"10.1109/DSN48987.2021.00019","DOIUrl":null,"url":null,"abstract":"Recent work on intrusion-tolerance has shown that resilience to sophisticated network attacks requires system replicas to be deployed across at least three geographically distributed sites. While commodity data centers offer an attractive solution for hosting these sites due to low cost and management overhead, their use raises significant confidentiality concerns: system operators may not want private data or proprietary algorithms exposed to servers outside their direct control. We present a new model for Byzantine Fault Tolerant replicated systems that moves toward “intrusion tolerance as a service”. Under this model, application logic and data are only exposed to servers hosted on the system operator’s premises. Additional offsite servers hosted in data centers can support the needed resilience without executing application logic or accessing unencrypted state. We have implemented this approach in the open-source Spire system, and our evaluation shows that the performance overhead of providing confidentiality can be less than 4% in terms of latency.","PeriodicalId":222512,"journal":{"name":"2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSN48987.2021.00019","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

Recent work on intrusion-tolerance has shown that resilience to sophisticated network attacks requires system replicas to be deployed across at least three geographically distributed sites. While commodity data centers offer an attractive solution for hosting these sites due to low cost and management overhead, their use raises significant confidentiality concerns: system operators may not want private data or proprietary algorithms exposed to servers outside their direct control. We present a new model for Byzantine Fault Tolerant replicated systems that moves toward “intrusion tolerance as a service”. Under this model, application logic and data are only exposed to servers hosted on the system operator’s premises. Additional offsite servers hosted in data centers can support the needed resilience without executing application logic or accessing unencrypted state. We have implemented this approach in the open-source Spire system, and our evaluation shows that the performance overhead of providing confidentiality can be less than 4% in terms of latency.

查看原文本刊更多论文

将入侵容忍作为一种服务:部分基于云的BFT系统中的机密性

最近对入侵容忍的研究表明，应对复杂网络攻击的弹性需要在至少三个地理分布的站点上部署系统副本。由于成本低，管理开销小，商品数据中心为托管这些站点提供了一个有吸引力的解决方案，但它们的使用引起了重大的机密性问题:系统运营商可能不希望将私有数据或专有算法暴露给他们直接控制之外的服务器。我们提出了一个拜占庭容错复制系统的新模型，该模型向“入侵容错即服务”的方向发展。在此模型下，应用程序逻辑和数据仅公开给托管在系统操作员场所的服务器。托管在数据中心的其他异地服务器可以支持所需的弹性，而无需执行应用程序逻辑或访问未加密状态。我们已经在开源Spire系统中实现了这种方法，我们的评估表明，就延迟而言，提供机密性的性能开销可以低于4%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

自引率

0.00%

发文量