Toggle Main Menu Toggle Search

Open Access padlockePrints

Assessing the attack resilience capabilities of a fortified primary-backup system

Lookup NU author(s): Dr Dylan Clarke, Dr Paul EzhilchelvanORCiD

Downloads

Full text for this publication is not currently held within this repository. Alternative links are provided below where available.


Abstract

Primary-Backup service replication does not constrain that the service be built as a deterministic state machine. It is meant to tolerate crashes, not intrusions. We consider an approach, called FORTRESS, for adding intrusionresilience capability to a primary-backup server system. It involves using proxies that block clients from directly accessing servers, and periodically randomizing the executables of proxies and servers. We argue that proxies and proactive randomization can offer sound defense against attacks including de-randomization attacks. Using simulations, we then compare the attack resilience that FORTRESS adds to a primary-backup server system with that attainable through state machine replication (SMR) that is fit only for deterministic services. A significant observation is that FORTRESS emerges to be more resilient than an SMR system of four server replicas that are diversely randomized at the start and are subject to proactive recovery throughout. © 2010 IEEE.


Publication metadata

Author(s): Clarke D, Ezhilchelvan P

Publication type: Conference Proceedings (inc. Abstract)

Publication status: Published

Conference Name: Proceedings of the International Conference on Dependable Systems and Networks

Year of Conference: 2010

Pages: 182-187

Publisher: IEEE

URL: http://dx.doi.org/10.1109/DSNW.2010.5542596

DOI: 10.1109/DSNW.2010.5542596

Library holdings: Search Newcastle University Library for this item

ISBN: 9781424477302


Share