评估强化主备份系统的攻击恢复能力

2010 International Conference on Dependable Systems and Networks Workshops (DSN-W) Pub Date : 2010-06-28 DOI:10.1109/DSNW.2010.5542596

D. Clarke, P. Ezhilchelvan

{"title":"评估强化主备份系统的攻击恢复能力","authors":"D. Clarke, P. Ezhilchelvan","doi":"10.1109/DSNW.2010.5542596","DOIUrl":null,"url":null,"abstract":"Primary-Backup service replication does not constrain that the service be built as a deterministic state machine. It is meant to tolerate crashes, not intrusions. We consider an approach, called FORTRESS, for adding intrusion-resilience capability to a primary-backup server system. It involves using proxies that block clients from directly accessing servers, and periodically randomizing the executables of proxies and servers. We argue that proxies and proactive randomization can offer sound defense against attacks including de-randomization attacks. Using simulations, we then compare the attack resilience that FORTRESS adds to a primary-backup server system with that attainable through state machine replication (SMR) that is fit only for deterministic services. A significant observation is that FORTRESS emerges to be more resilient than an SMR system of four server replicas that are diversely randomized at the start and are subject to proactive recovery throughout.","PeriodicalId":124206,"journal":{"name":"2010 International Conference on Dependable Systems and Networks Workshops (DSN-W)","volume":"2010 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Assessing the attack resilience capabilities of a fortified primary-backup system\",\"authors\":\"D. Clarke, P. Ezhilchelvan\",\"doi\":\"10.1109/DSNW.2010.5542596\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Primary-Backup service replication does not constrain that the service be built as a deterministic state machine. It is meant to tolerate crashes, not intrusions. We consider an approach, called FORTRESS, for adding intrusion-resilience capability to a primary-backup server system. It involves using proxies that block clients from directly accessing servers, and periodically randomizing the executables of proxies and servers. We argue that proxies and proactive randomization can offer sound defense against attacks including de-randomization attacks. Using simulations, we then compare the attack resilience that FORTRESS adds to a primary-backup server system with that attainable through state machine replication (SMR) that is fit only for deterministic services. A significant observation is that FORTRESS emerges to be more resilient than an SMR system of four server replicas that are diversely randomized at the start and are subject to proactive recovery throughout.\",\"PeriodicalId\":124206,\"journal\":{\"name\":\"2010 International Conference on Dependable Systems and Networks Workshops (DSN-W)\",\"volume\":\"2010 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-06-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 International Conference on Dependable Systems and Networks Workshops (DSN-W)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/DSNW.2010.5542596\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 International Conference on Dependable Systems and Networks Workshops (DSN-W)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSNW.2010.5542596","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

主备份服务复制不约束将服务构建为确定性状态机。它旨在容忍崩溃，而不是入侵。我们考虑了一种称为FORTRESS的方法，用于向主备份服务器系统添加入侵恢复能力。它涉及使用阻止客户端直接访问服务器的代理，并定期随机化代理和服务器的可执行文件。我们认为代理和主动随机化可以提供良好的防御攻击，包括去随机化攻击。然后，通过模拟，我们将FORTRESS添加到主备份服务器系统的攻击弹性与仅适用于确定性服务的状态机复制(SMR)可实现的攻击弹性进行比较。一个重要的观察结果是，《堡垒》比一个由四个服务器副本组成的SMR系统更具弹性，后者在一开始是随机的，并且在整个过程中都受到主动恢复的影响。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Assessing the attack resilience capabilities of a fortified primary-backup system

Primary-Backup service replication does not constrain that the service be built as a deterministic state machine. It is meant to tolerate crashes, not intrusions. We consider an approach, called FORTRESS, for adding intrusion-resilience capability to a primary-backup server system. It involves using proxies that block clients from directly accessing servers, and periodically randomizing the executables of proxies and servers. We argue that proxies and proactive randomization can offer sound defense against attacks including de-randomization attacks. Using simulations, we then compare the attack resilience that FORTRESS adds to a primary-backup server system with that attainable through state machine replication (SMR) that is fit only for deterministic services. A significant observation is that FORTRESS emerges to be more resilient than an SMR system of four server replicas that are diversely randomized at the start and are subject to proactive recovery throughout.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2010 International Conference on Dependable Systems and Networks Workshops (DSN-W)

自引率

0.00%

发文量