Intrusion Tolerant Software Architectures Bruno Dutertre and Hassen Saïdi System Design Laboratory, SRI International OASIS PI Meeting.

Slides:



Advertisements
Similar presentations
Security attacks. - confidentiality: only authorized parties have read access to information - integrity: only authorized parties have write access to.
Advertisements

AUTHENTICATION AND KEY DISTRIBUTION
Impossibility of Distributed Consensus with One Faulty Process
DISTRIBUTED SYSTEMS II FAULT-TOLERANT BROADCAST Prof Philippas Tsigas Distributed Computing and Systems Research Group.
Lecture 3Dr. Verma1 COSC 6397 – Information Assurance Module M2 – Protocol Specification and Verification University of Houston Rakesh Verma Lecture 3.
Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.
Failure Detection The ping-ack failure detector in a synchronous system satisfies – A: completeness – B: accuracy – C: neither – D: both.
Chapter 15 Basic Asynchronous Network Algorithms
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
(c) Oded Shmueli Distributed Recovery, Lecture 7 (BHG, Chap.7)
Deeper Security Analysis of Web-based Identity Federation Apurva Kumar IBM Research – India.
Byzantine Generals Problem: Solution using signed messages.
CPSC 668Set 14: Simulations1 CPSC 668 Distributed Algorithms and Systems Spring 2008 Prof. Jennifer Welch.
1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.
1 Principles of Reliable Distributed Systems Lectures 11: Authenticated Byzantine Consensus Spring 2005 Dr. Idit Keidar.
1 Principles of Reliable Distributed Systems Lecture 3: Synchronous Uniform Consensus Spring 2006 Dr. Idit Keidar.
CS 582 / CMPE 481 Distributed Systems Fault Tolerance.
A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.
Eddie Bortnikov & Aran Bergman, Principles of Reliable Distributed Systems, Technion EE, Spring Principles of Reliable Distributed Systems Recitation.
Secure Localization using Dynamic Verifiers Nashad A. Safa Joint Work With S. Sarkar, R. Safavi-Naini and M.Ghaderi.
1 Principles of Reliable Distributed Systems Lecture 5: Failure Models, Fault-Tolerant Broadcasts and State-Machine Replication Spring 2005 Dr. Idit Keidar.
1 The Sybil Attack John R. Douceur Microsoft Research Presented for Cs294-4 by Benjamin Poon.
Distributed systems Module 2 -Distributed algorithms Teaching unit 1 – Basic techniques Ernesto Damiani University of Bozen Lesson 4 – Consensus and reliable.
Distributed Systems 2006 Group Membership * *With material adapted from Ken Birman.
EEC-681/781 Distributed Computing Systems Lecture 11 Wenbing Zhao Cleveland State University.
Lecture 12 Synchronization. EECE 411: Design of Distributed Software Applications Summary so far … A distributed system is: a collection of independent.
State Machines CS 614 Thursday, Feb 21, 2002 Bill McCloskey.
1 A Modular Approach to Fault-Tolerant Broadcasts and Related Problems Author: Vassos Hadzilacos and Sam Toueg Distributed Systems: 526 U1580 Professor:
Fault Tolerance via the State Machine Replication Approach Favian Contreras.
Bringing Paxos Consensus in Multi-agent Systems Andrei Mocanu Costin Bădică University of Craiova.
Distributed Algorithms – 2g1513 Lecture 9 – by Ali Ghodsi Fault-Tolerance in Distributed Systems.
CS4231 Parallel and Distributed Algorithms AY 2006/2007 Semester 2 Lecture 10 Instructor: Haifeng YU.
CSE 486/586, Spring 2013 CSE 486/586 Distributed Systems Replication with View Synchronous Group Communication Steve Ko Computer Sciences and Engineering.
Advanced Computer Networks Topic 2: Characterization of Distributed Systems.
Practical Byzantine Fault Tolerance
Byzantine fault-tolerance COMP 413 Fall Overview Models –Synchronous vs. asynchronous systems –Byzantine failure model Secure storage with self-certifying.
CS4231 Parallel and Distributed Algorithms AY 2006/2007 Semester 2 Lecture 8 Instructor: Haifeng YU.
Intrusion Tolerant Software Architectures Bruno Dutertre, Valentin Crettaz, Victoria Stavridou System Design Laboratory, SRI International
Agenda Fail Stop Processors –Problem Definition –Implementation with reliable stable storage –Implementation without reliable stable storage Failure Detection.
CS 425/ECE 428/CSE424 Distributed Systems (Fall 2009) Lecture 9 Consensus I Section Klara Nahrstedt.
Fault Tolerant Services
Establishing authenticated channels and secure identifiers in ad-hoc networks Authors: B. Sieka and A. D. Kshemkalyani (University of Illinois at Chicago)
Chap 15. Agreement. Problem Processes need to agree on a single bit No link failures A process can fail by crashing (no malicious behavior) Messages take.
HACNet Simulation-based Validation of Security Protocols Vinay Venkataraghavan Advisors: S.Nair, P.-M. Seidel HACNet Lab Computer Science and Engineering.
UNIVERSITY of WISCONSIN-MADISON Computer Sciences Department
Replication Improves reliability Improves availability ( What good is a reliable system if it is not available?) Replication must be transparent and create.
Chapter 21 Asynchronous Network Computing with Process Failures By Sindhu Karthikeyan.
Tomás BarrosMonday, April 18, 2005FIACRE Toulouse p. 1 Behavioural Models for Hierarchical Components Tomás Barros, Ludovic Henrio and Eric Madelaine.
CS4231 Parallel and Distributed Algorithms AY 2006/2007 Semester 2 Lecture 9 Instructor: Haifeng YU.
Security Codesign Steve Dawson and Victoria Stavridou Bruno Dutertre, Josh Levy, Bob Riemenschneider, Hassen Saidi, Tomas Uribe System Design Laboratory.
Relying on Safe Distance to Achieve Strong Partitionable Group Membership in Ad Hoc Networks Authors: Q. Huang, C. Julien, G. Roman Presented By: Jeff.
Requirement Elicitation Review – Class 8 Functional Requirements Nonfunctional Requirements Software Requirements document Requirements Validation and.
1 Lecture 9 Other models: Monitoring models Reliability and fault-tolerance models Performance models. Scheduling policies. Security models.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
Fundamentals of Fault-Tolerant Distributed Computing In Asynchronous Environments Paper by Felix C. Gartner Graeme Coakley COEN 317 November 23, 2003.
EEC 688/788 Secure and Dependable Computing Lecture 10 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Reliable multicast Tolerates process crashes. The additional requirements are: Only correct processes will receive multicasts from all correct processes.
Coordination and Agreement
Intrusion Tolerant Architectures
Distributed Systems – Paxos
The Inductive Approach to Verifying Cryptographic Protocols
EEC 688/788 Secure and Dependable Computing
EEC 688/788 Secure and Dependable Computing
EEC 688/788 Secure and Dependable Computing
EEC 688/788 Secure and Dependable Computing
EEC 688/788 Secure and Dependable Computing
EEC 688/788 Secure and Dependable Computing
EEC 688/788 Secure and Dependable Computing
EEC 688/788 Secure and Dependable Computing
Presentation transcript:

Intrusion Tolerant Software Architectures Bruno Dutertre and Hassen Saïdi System Design Laboratory, SRI International OASIS PI Meeting Santa Rosa, CA August 20, 2002

2 2 Outline t Status t Formal Verification of Enclaves Intrusion-tolerant architecture Verification of the authentication protocol Verification of the leader-coordination protocol Model checking PVS formalization t Future work

3 3 Status t Security analysis of Genoa CrisisNet Basic version (done 2001, Eric Monteith, NAI Labs) Intrusion-tolerant version based on DIT (NAI Labs) t Intrusion-tolerant Enclaves Java implementation, plugin architecture Prototype wireless version on IPAq (on top of TBRPF routing protocol for ad hoc networks) t Recent work Validation of Enclaves protocols via formal verification

4 4 Enclaves t Originally proposed by Li Gong (1996) as lightweight software for supporting secure group collaboration t Middleware for building secure groupware applications Support collaboration between human users For small to medium groups t Provides means to construct and maintain a secure multicast channel between group members Protocols to authenticate and accept new members Crypto for secrecy and integrity of communication Group and key management services

5 5 Leader Member Leader Member Leader Intrusion-Tolerant Architecture t Group-management services distributed across n leaders: Member authentication Group-key distribution t Can tolerate up to f faulty leaders (Byzantine failures) provided 3f+1  n t Relies on: Threshold cryptography Consistent broadcast protocol Symmetric-key crypto

6 6 Formal Verification t Objective: Obtain high assurance that the Enclaves protocols are correct Find bugs t Two Enclaves components formally verified so far: Authentication protocol for establishing secure channels between a member and a leader Leader-coordination protocol based on the consistent broadcast protocol

7 7 Formal Verification of the Authentication Protocol t Done in using the PVS specification and verification system t Modeling based on Paulson’s inductive approach Trace-based model Attacker model: attacker can do anything except breaking the cryptographic primitives (e.g., replay, corrupt, fake, delete messages) t Verification techniques: Secrecy properties as invariants Construction of an abstraction (verification diagrams) t Results: Showed that long-term and session keys remain secret and that messages are received in the order they are sent

8 8 Leader Coordination t The noncompromised leaders should agree on the group composition t Leader coordinate using the consistent broadcast protocol Objectives Consistency once the group is stable All group members have been authenticated by at least one good leader Any user authenticated by at least f+1 good leaders eventually enters the group Stronger consistency guarantees cannot be achieved (with a deterministic algorithm) in an asynchronous network

9 9 Coordination Protocol t After successful authentication of user A Leader i sends to all leaders t After receiving f+1 valid messages of this form Leader j sends to all leaders if it has not already done so t A is accepted as a new group member by a leader when this leader receives n-f such messages t The same protocol is used when A leaves the group

10 Model Checking t Using SRI’s SAL tool (developed in John Rushby’s group) SAL specification language based on guarded commands Intended for modeling state-transition systems Includes synchronous and asynchronous composition Includes an explicit-state model checker t Model-checking requires a finite model Fixed number of leaders and clients Communication channels of bounded size Finite message space

11 Model Checking Results t One bug: violation of the consistency requirement t Cause: leaders ignore “leave” requests from users not in their view of the group This can lead to inconsistency if a leader receives (and ignores) a “leave” request before it receives the corresponding “join” request, while other leaders receive “join” first, then “leave” t Fix: leaders respond to “leave” or “join” request without taking their view of the group into account Group view determined by the number of joins - number of leaves

12 PVS Verification t PVS verification decomposed into: Model of the consistent broadcast protocol Instantiation of this protocol as used in Enclaves t Approach: Protocol modeled as a state-transition system State includes set of currently good leaders Set of messages sent so far Transition relation includes: Protocol steps performed by the good leaders Actions of faulty leaders Failure of a leader

13 Consistent Broadcast in PVS t Assumes a fixed but arbitrary message type t Two types of events: t Algorithm: When a request for m is received by i, leader i sends support for m to all leaders When j receives f+1 support messages for m, then j sends support for m to all leaders if it has not already done so Any leader that receives n-f support messages for m accepts m request(i, m) support(i, j, m) request for m received by leader i support for m from i, received by j

14 PVS Excerpts t State definition for consistent broadcast protocol t Example transition: state: TYPE = [# good: set[leader], trace: set[event], supported: [leader -> set[message]], accepted: [leader -> set[message]], supporters:[leader, message -> set[leader]] #] Fail(q1,i,q2): bool = q1`good(i) AND card(q1`good) > n-f AND q2 = q1 WITH [`good := remove(i, q1`good) ]

15 Example Proof: Consistency t Given a message m, consider different sets of leaders A(m): Good leaders that support m B(m, i): Leaders that have sent messages of the form support(i, j, m) to i F: Faulty leaders t Main lemma: the following property is invariant: A(m)  B(m,i)  A(m)  F t In a state where all messages related to m have been received, this implies that either all good leaders accept m or that none of them does

16 PVS Results t Formal proofs of the correctness of the consistent broadcast protocol t Formal proofs of the following properties of Enclaves: Consistency: If there are no pending “leave”, “join”, or “support” messages then all the good leaders have the same group view Proper authentication: No user can get into a good leader’s group view without being authenticated by at least one good leader If a user A is authenticated by at least f+1 good leaders (and does not sends leave requests after that) then A is a group member when the group views are stable t Good evidence that the protocol is correct

17 Conclusion t Demonstrated the usefulness of formal verification Found a non-obvious bug Obtained high assurance of correctness of the Enclaves protocols Byzantine fault-tolerant protocol Cryptographic protocol t What remains to be done: Put everything together: show that assumptions made by the leader-coordination protocol are satisfied by the authentication protocol t Future directions for Enclaves: Intrusion-detection, reconfiguration when faulty leaders are detected More lightweight version for wireless networks

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.