Presentation is loading. Please wait.

Presentation is loading. Please wait.

BFT3W'091 Intrusion Tolerance: The Killer App for BFT (?) Alysson Bessani, Miguel Correia, Paulo Sousa, Nuno Ferreira Neves, Paulo Veríssimo Universidade.

Published byDonald Riley Modified over 9 years ago

Similar presentations

Presentation on theme: "BFT3W'091 Intrusion Tolerance: The Killer App for BFT (?) Alysson Bessani, Miguel Correia, Paulo Sousa, Nuno Ferreira Neves, Paulo Veríssimo Universidade."— Presentation transcript:

1 BFT3W'091 Intrusion Tolerance: The Killer App for BFT (?) Alysson Bessani, Miguel Correia, Paulo Sousa, Nuno Ferreira Neves, Paulo Veríssimo Universidade de Lisboa, Faculdade de Ciências Workshop on Theory and Practice of BFT

2 BFT3W'092 The Promise of BFT From the abstract of Castro & Liskov OSDI’99 paper: “We believe that Byzantine fault-tolerant algorithms will be increasingly important in the future because malicious attacks and software errors are increasingly common and can cause faulty nodes to exhibit arbitrary behavior.”

3 BFT3W'093 The Promise of BFT Our claim: BFT can be used to tolerate certain accidental value faults But there are simpler techniques to do that The real appeal of the technique is to tolerate attacks, intrusions and bugs BFT → Intrusion Tolerance

4 BFT3W'094 Intrusion Tolerance Coined by Joni Fraga and David Powell “A Fault- and Intrusion-Tolerant File System”, IFIP SEC,1985 An intrusion-tolerant system can maintain its security properties (confidentiality, integrity and availability) despite some of its components being compromised. Appeal: since it’s impossible to prove that a system has no vulnerabilities, it is more safe to assume that intrusions can happen.

5 BFT3W'095 Intrusion Tolerance BFT replication protocols are a key mechanism for intrusion-tolerant systems But there are others: –Diversity –Confidentiality schemes –Fault/Intrusion detection –Recovery and Self-healing Fault independence Fundamental for certain domains Accountability Fundamental for long-lived systems

6 BFT3W'096 Intrusion Tolerance The resulting system is very COMPLEX! There comes the InTol dilemma: –Complex systems tend to have more vulnerabilities and be more prone to configuration errors –So, an intrusion-tolerant system build to be more secure, tend to be less secure…

7 BFT3W'097 Intrusion-Tolerant Firewall Incomming Traffic HUB CIS Controller Generator x = dP(V,f)/dt CIS T T T T Distributed trusted component But it can be done for simple critical systems!

8 BFT3W'098 Intrusion-Tolerant Firewall The CIS was used in an architecture to protect critical infrastructures (e.g., power systems) This is a good application scenario for BFT/Intrusion tolerance Substation A Substation B Substation C

9 BFT3W'099 The role of trusted components Trusted components (TTCB, A2M, USIG, Trinc) should be used to simplify BFT protocols Example: MinBFT (Veronese et al. 2008) uses the USIG service to implement the minimal non- speculative BFT SMR protocol: MinBFT A2M-EA PBFT Minimal: - Number of replicas - Communication steps - Trusted component

10 BFT3W'0910 Concerns for BFT/IT Adoption BFT Usefulness BFT Implementations BFT Abstractions

11 BFT3W'0911 BFT Added Value The key challenge: “How to show that an intrusion tolerant service is more secure than a non-intrusion- tolerant counterpart?” The equivalent question: “How to measure the security of a system?”

12 BFT3W'0912 BFT Systems We need at least one stable and robust BFT replication lib! JBP (Java Byzantine Paxos) –Under development since 2007 for use on the replication layer of DepSpace –Peak throughput competitive to PBFT (~22 Kop/s*) –Key concerns on the current version: Modularity is a top priority: scalable communication, total order multicast, Byzantine paxos consensus and checkpoint Avoid optimizations that bring complexity (e.g., authenticators, agreement over message hashes)

13 BFT3W'0913 BFT Abstractions BFT ≠ BFT State Machine Replication

14 BFT3W'0914 BFT Abstractions SMR has its limitations: –CFT systems are usually based on primary- backup –Most modern services do not employ consensus protocol on their critical path What options? –High-level abstractions –Low-level abstractions

15 BFT3W'0915 High-level Abstractions: Coordination Services Crash FT: Zookeper (name service + sequencers), Chubby (file system + locks), Sinfonia (registers + mini transactions) BFT: DepSpace (policy enforced augmented tuple space) Traditional systemsCoordination systems

16 BFT3W'0916 High-level Abstractions: Coordination Services SERVERS PROCESSES I’m Malicious ! Two important questions: 1.What is the synchronization power of the CS objects? 2.What is the role of access control models? Shared Memory Shared Memory

17 BFT3W'0917 Low-level Abstractions: Active Quorum Systems SERVERS SMR: the service as a replicated deterministic state machine AQS: the service as a a set of independent objects accessed by different clients.

18 BFT3W'0918 Low-level Abstractions: Active Quorum Systems read write rmw Quorum-based asynchronous protocols for register Implementation. PBFT with some modifications to deal with concurrent writes.

19 BFT3W'0919 Low-level Abstractions: Active Quorum Systems Is it useful? Some services: –LDAP: Main AQS Object: LDAP Entry Only Entry creation and removal require rmw –Smart block storage: Main AQS Object: Data Block Uses rmw to modify single bytes of large blocks –Tuple Space: Main AQS Object: Tuple Only tuple removal uses rmw

20 BFT3W'0920 Summary The promise of BFT: tolerate intrusions –Can be done for simple services –Require other mechanisms Concerns to be addressed: –How to show the improved security of BFT/intrusion tolerant systems? –Build a stable and robust BFT library –BFT is not SMR: Coordination Services Active Quorum Systems

21 BFT3W'0921 Some Related Publications Bessani et al. The CRUTIAL way of protecting critical infrastructures. IEEE S&P Magazine (Dec 2008) Sousa et al. Highly Available Intrusion Tolerance through Proactive and Reactive Recovery. IEEE TPDS (to appear) Veronese et al. Minimal Byzantine Fault Tolerance: Algorithms and Evaluation. FCUL-DI-TR 09-15 (under submission). 2009 Bessani et al. DepSpace: A Byzantine Fault-Tolerant Coordination Service. EuroSys’08 Bessani et al. Sharing Memory between Byzantine Processes using a Police-enforced Augmented Tuple Space. IEEE TPDS (Mar 2009) Bessani et al. An Efficient Byzantine-resilient Tuple Space. IEEE TC (Aug 2009) http://www.navigators.di.fc.ul.pt

Download ppt "BFT3W'091 Intrusion Tolerance: The Killer App for BFT (?) Alysson Bessani, Miguel Correia, Paulo Sousa, Nuno Ferreira Neves, Paulo Veríssimo Universidade."

Similar presentations

Automatic Generation of Fault-Tolerant CORBA-Services Andreas Polze, Janek Schwarz and Miroslaw Malek Department of Computer Science Humboldt-University.

Automatic Generation of Fault-Tolerant CORBA-Services Andreas Polze, Janek Schwarz and Miroslaw Malek Department of Computer Science Humboldt-University.
Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.

Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.
NETWORK ALGORITHMS Presenter- Kurchi Subhra Hazra.

NETWORK ALGORITHMS Presenter- Kurchi Subhra Hazra.
Distributed Systems Overview Ali Ghodsi

Distributed Systems Overview Ali Ghodsi
1 The Case for Byzantine Fault Detection. 2 Challenge: Byzantine faults Distributed systems are subject to a variety of failures and attacks Hacker break-in.

1 The Case for Byzantine Fault Detection. 2 Challenge: Byzantine faults Distributed systems are subject to a variety of failures and attacks Hacker break-in.
P. Kouznetsov, 2006 Abstracting out Byzantine Behavior Peter Druschel Andreas Haeberlen Petr Kouznetsov Max Planck Institute for Software Systems.

P. Kouznetsov, 2006 Abstracting out Byzantine Behavior Peter Druschel Andreas Haeberlen Petr Kouznetsov Max Planck Institute for Software Systems.
CSE 486/586, Spring 2013 CSE 486/586 Distributed Systems Byzantine Fault Tolerance --- 2 Steve Ko Computer Sciences and Engineering University at Buffalo.

CSE 486/586, Spring 2013 CSE 486/586 Distributed Systems Byzantine Fault Tolerance Steve Ko Computer Sciences and Engineering University at Buffalo.
A FIT Event Broker for trustworthy infrastructure monitoring and management António Casimiro University of Lisbon Faculty of Sciences LASIGE – Navigators.

A FIT Event Broker for trustworthy infrastructure monitoring and management António Casimiro University of Lisbon Faculty of Sciences LASIGE – Navigators.
Yee Jiun Song Cornell University. CS5410 Fall 2008.

Yee Jiun Song Cornell University. CS5410 Fall 2008.
CS 582 / CMPE 481 Distributed Systems Fault Tolerance.

CS 582 / CMPE 481 Distributed Systems Fault Tolerance.
Attested Append-only Memory: Making Adversaries Stick to their Word Distributed Storage Systems CS 6464 2-19-09 presented by: Hussam Abu-Libdeh.

Attested Append-only Memory: Making Adversaries Stick to their Word Distributed Storage Systems CS presented by: Hussam Abu-Libdeh.
© 2006 Andreas Haeberlen, MPI-SWS 1 The Case for Byzantine Fault Detection Andreas Haeberlen MPI-SWS / Rice University Petr Kouznetsov MPI-SWS Peter Druschel.

© 2006 Andreas Haeberlen, MPI-SWS 1 The Case for Byzantine Fault Detection Andreas Haeberlen MPI-SWS / Rice University Petr Kouznetsov MPI-SWS Peter Druschel.
Practical Byzantine Fault Tolerance (The Byzantine Generals Problem)

Practical Byzantine Fault Tolerance (The Byzantine Generals Problem)
BASE: Using Abstraction to Improve Fault Tolerance Rodrigo Rodrigues, Miguel Castro, and Barbara Liskov MIT Laboratory for Computer Science and Microsoft.

BASE: Using Abstraction to Improve Fault Tolerance Rodrigo Rodrigues, Miguel Castro, and Barbara Liskov MIT Laboratory for Computer Science and Microsoft.
Byzantine fault tolerance

Byzantine fault tolerance
Byzantine Fault Tolerance CS 425: Distributed Systems Fall 2011 1 Material drived from slides by I. Gupta and N.Vaidya.

Byzantine Fault Tolerance CS 425: Distributed Systems Fall Material drived from slides by I. Gupta and N.Vaidya.
PETAL: DISTRIBUTED VIRTUAL DISKS E. K. Lee C. A. Thekkath DEC SRC.

PETAL: DISTRIBUTED VIRTUAL DISKS E. K. Lee C. A. Thekkath DEC SRC.
Fault and Intrusion Tolerant (FIT) Event Broker & BFT-SMaRt A. Casimiro, D. Kreutz, A. Bessani, J. Sousa, I. Antunes, P. Veríssimo University of Lisboa,

Fault and Intrusion Tolerant (FIT) Event Broker & BFT-SMaRt A. Casimiro, D. Kreutz, A. Bessani, J. Sousa, I. Antunes, P. Veríssimo University of Lisboa,
DISTRIBUTED ALGORITHMS Luc Onana Seif Haridi. DISTRIBUTED SYSTEMS Collection of autonomous computers, processes, or processors (nodes) interconnected.

DISTRIBUTED ALGORITHMS Luc Onana Seif Haridi. DISTRIBUTED SYSTEMS Collection of autonomous computers, processes, or processors (nodes) interconnected.
Fault Tolerance via the State Machine Replication Approach Favian Contreras.

Fault Tolerance via the State Machine Replication Approach Favian Contreras.

Similar presentations

Ads by Google