Towards Recoverable Hybrid Byzantine Consensus
Size: px
Start display at page:

Download "Towards Recoverable Hybrid Byzantine Consensus"

Transcription

1 Towards Recoverable Hybrid Byzantine Consensus Hans P. Reiser 1, Rüdiger Kapitza 2 1 University of Lisboa, Portugal 2 University of Erlangen-Nürnberg, Germany September 22, 2009

2 Overview 1 Background Why? When? Where? 2 Towards Recoverable Hybrid Byzantine Consensus Wanted: Recovery Recovery in existing BFT algorithms Recoverable BFT: A State Model 3 Provocative Questions and Conclusions Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

3 Why? Security threats NVD, Bugtraq, etc: Countless vulnerabilities Viruses, botnets, cyber warefare: Countless attacks Pervasive IT systems Everything (incl. critical infrastructures) connected to Internet High security requirements no longer limited to traditional critical infrastructures Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

4 Why? Security threats NVD, Bugtraq, etc: Countless vulnerabilities Viruses, botnets, cyber warefare: Countless attacks Pervasive IT systems Everything (incl. critical infrastructures) connected to Internet High security requirements no longer limited to traditional critical infrastructures Current best practices cannot avoid all faults/intrusions New approaches are needed. Intrusion tolerance might be one key building block for more secure, more dependable systems. Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

5 When? I do not know. Hoping for interesting discussions :-) Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

6 When? I do not know. Hoping for interesting discussions :-) Marketing / political issue How to convince people to pay for intrusion tolerance? Quantifying the benefit? Intrusions harder to predict than traditional faults... Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

7 When? I do not know. Hoping for interesting discussions :-) Marketing / political issue How to convince people to pay for intrusion tolerance? Quantifying the benefit? Intrusions harder to predict than traditional faults... Do we still need further improvements? new research directions? Cheaper BFT? (Rüdiger s f + 1 talk) Missing functionality? (e.g., node recovery)... Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

8 Where? Where to use BFT algorithms in practice? Use it to build intrusion-tolerant systems... wherever we will find vulnerabilities & attacks (i.e., almost everywhere)... wherever we can afford the cost Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

9 Where? Where to use BFT algorithms in practice? Use it to build intrusion-tolerant systems... wherever we will find vulnerabilities & attacks (i.e., almost everywhere)... wherever we can afford the cost (don t forget diversity Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

10 Where? Where to use BFT algorithms in practice? Use it to build intrusion-tolerant systems... wherever we will find vulnerabilities & attacks (i.e., almost everywhere)... wherever we can afford the cost (don t forget diversity... and determinism) Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

11 Overview 1 Background Why? When? Where? 2 Towards Recoverable Hybrid Byzantine Consensus Wanted: Recovery Recovery in existing BFT algorithms Recoverable BFT: A State Model 3 Provocative Questions and Conclusions Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

12 Wanted: Recovery Using BFT for building intrusion-tolerant systems Function correctly in spite of malicious intrusions Capability of reorganizing itself autonomously Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

13 Wanted: Recovery Using BFT for building intrusion-tolerant systems Function correctly in spite of malicious intrusions Capability of reorganizing itself autonomously Limitation of simple BFT algorithms Sooner or later, attackers might compromise more nodes than the system can tolerate Intrusions usually are hard to detect Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

14 Wanted: Recovery Using BFT for building intrusion-tolerant systems Function correctly in spite of malicious intrusions Capability of reorganizing itself autonomously Limitation of simple BFT algorithms Sooner or later, attackers might compromise more nodes than the system can tolerate Intrusions usually are hard to detect Wanted: Proactive Recovery Replicas should proactively be refreshed periodically, in addition to reactively repairing detected faults. Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

15 Overview 1 Background Why? When? Where? 2 Towards Recoverable Hybrid Byzantine Consensus Wanted: Recovery Recovery in existing BFT algorithms Recoverable BFT: A State Model 3 Provocative Questions and Conclusions Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

16 Recovery in existing BFT algorithms PBFT (Castro et al.): Explicit proactive recovery support Prerequisites for proactive recovery Tamper-free device that periodically triggers recoveries Trusted component that stores private key and creates signatures Means for avoiding message replay after recovery Recovering non-faulty replica must not loose state and Recovering faulty replica must not spread wrong information Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

17 Recovery in existing BFT algorithms Algorithm TCB Recovery support PBFT yes yes Q/U no no HQ no no BFT2F no no Zyzzyva no no A2M yes maybe MinBFT yes no Table: Recovery support in BFT algorithms Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

18 Implications of prerequisites Tamper-free device that triggers recoveries Trusted component that stores private key and creates signatures Means for avoiding message replay after recovery Recovering non-faulty replica must not loose state Recovering faulty replica must not spread wrong information Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

19 Implications of prerequisites Tamper-free device that triggers recoveries Easy: External tamper-free box Trusted component that stores private key and creates signatures Means for avoiding message replay after recovery Recovering non-faulty replica must not loose state Recovering faulty replica must not spread wrong information Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

20 Implications of prerequisites Tamper-free device that triggers recoveries Easy: External tamper-free box Trusted component that stores private key and creates signatures Easy: trusted box + minor implementation changes Means for avoiding message replay after recovery Recovering non-faulty replica must not loose state Recovering faulty replica must not spread wrong information Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

21 Implications of prerequisites Tamper-free device that triggers recoveries Easy: External tamper-free box Trusted component that stores private key and creates signatures Easy: trusted box + minor implementation changes Means for avoiding message replay after recovery Session keys, changes to message format, message filtering? Recovering non-faulty replica must not loose state Recovering faulty replica must not spread wrong information Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

22 Implications of prerequisites Tamper-free device that triggers recoveries Easy: External tamper-free box Trusted component that stores private key and creates signatures Easy: trusted box + minor implementation changes Means for avoiding message replay after recovery Session keys, changes to message format, message filtering? Recovering non-faulty replica must not loose state Highly intrusive: All relevant state on persistent storage Recovering faulty replica must not spread wrong information Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

23 Implications of prerequisites Tamper-free device that triggers recoveries Easy: External tamper-free box Trusted component that stores private key and creates signatures Easy: trusted box + minor implementation changes Means for avoiding message replay after recovery Session keys, changes to message format, message filtering? Recovering non-faulty replica must not loose state Highly intrusive: All relevant state on persistent storage Recovering faulty replica must not spread wrong information Most difficult part: protocol extensions (state validation) Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

24 Observations Observations 1 Recovery requires a (± complex) trusted component 2 Recovery needs to be an integral part of a BFT algorithm 3 Recovery is not supported in most BFT algorithms Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

25 Overview 1 Background Why? When? Where? 2 Towards Recoverable Hybrid Byzantine Consensus Wanted: Recovery Recovery in existing BFT algorithms Recoverable BFT: A State Model 3 Provocative Questions and Conclusions Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

26 State Model Figure: State transition model of a recoverable BFT algorithm Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

27 Recoverable BFT: Challenges Main challenges: Recovery trigger (* A,* C) should be synchronous Recovery operation itself (A B, C B) probably executes in weaker synchrony model Refine system model and verify correctness Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

28 Overview 1 Background Why? When? Where? 2 Towards Recoverable Hybrid Byzantine Consensus Wanted: Recovery Recovery in existing BFT algorithms Recoverable BFT: A State Model 3 Provocative Questions and Conclusions Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

29 Questions 1 Is there a place for traditional 3f + 1 BFT without proactive recovery? Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

30 Questions 1 Is there a place for traditional 3f + 1 BFT without proactive recovery? 2 Is there a place for traditional 3f + 1 BFT with proactive recovery? Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

31 Questions 1 Is there a place for traditional 3f + 1 BFT without proactive recovery? 2 Is there a place for traditional 3f + 1 BFT with proactive recovery? Proactive recovery in any case requires (rather complex) TCB Simple TCB enables 2f + 1-consensus Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

32 Questions 1 Is there a place for traditional 3f + 1 BFT without proactive recovery? 2 Is there a place for traditional 3f + 1 BFT with proactive recovery? Proactive recovery in any case requires (rather complex) TCB Simple TCB enables 2f + 1-consensus 3 Will all practical BFT implementations be 2f + 1-BFT with a TCB? What kind of TCB (interface, funcionality)? System model? Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

33 Conclusions We need practical intrusion-tolerant systems Long-running systems require proactive recovery Most BFT papers do not consider recovery at all Recovery needs to be an integral part of BFT systems Work in progress Bridge the gap: synchronous trigger vs. asynchronous network Accurately define system model Integrate PR into existing BFT algorithms Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

34 Thank you! Questions? Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,

Similar documents

A FAULT- AND INTRUSION-TOLERANT ARCHITECTURE FOR THE PORTUGUESE POWER DISTRIBUTION SCADA

A FAULT- AND INTRUSION-TOLERANT ARCHITECTURE FOR THE PORTUGUESE POWER DISTRIBUTION SCADA A FAULT- AND INTRUSION-TOLERANT ARCHITECTURE FOR THE PORTUGUESE POWER DISTRIBUTION SCADA Nuno Medeiros Alysson Bessani 1 Context: EDP Distribuição EDP Distribuição is the utility responsible for the distribution

More information

Viewstamped Replication to Practical Byzantine Fault Tolerance. Pradipta De

Viewstamped Replication to Practical Byzantine Fault Tolerance. Pradipta De Viewstamped Replication to Practical Byzantine Fault Tolerance Pradipta De pradipta.de@sunykorea.ac.kr ViewStamped Replication: Basics What does VR solve? VR supports replicated service Abstraction is

More information

Practical Byzantine Fault Tolerance. Miguel Castro and Barbara Liskov

Practical Byzantine Fault Tolerance. Miguel Castro and Barbara Liskov Practical Byzantine Fault Tolerance Miguel Castro and Barbara Liskov Outline 1. Introduction to Byzantine Fault Tolerance Problem 2. PBFT Algorithm a. Models and overview b. Three-phase protocol c. View-change

More information

Robust BFT Protocols

Robust BFT Protocols Robust BFT Protocols Sonia Ben Mokhtar, LIRIS, CNRS, Lyon Joint work with Pierre Louis Aublin, Grenoble university Vivien Quéma, Grenoble INP 18/10/2013 Who am I? CNRS reseacher, LIRIS lab, DRIM research

More information

Byzantine Fault Tolerance and Consensus. Adi Seredinschi Distributed Programming Laboratory

Byzantine Fault Tolerance and Consensus. Adi Seredinschi Distributed Programming Laboratory Byzantine Fault Tolerance and Consensus Adi Seredinschi Distributed Programming Laboratory 1 (Original) Problem Correct process General goal: Run a distributed algorithm 2 (Original) Problem Correct process

More information

Reducing the Costs of Large-Scale BFT Replication

Reducing the Costs of Large-Scale BFT Replication Reducing the Costs of Large-Scale BFT Replication Marco Serafini & Neeraj Suri TU Darmstadt, Germany Neeraj Suri EU-NSF ICT March 2006 Dependable Embedded Systems & SW Group www.deeds.informatik.tu-darmstadt.de

More information

Failure models. Byzantine Fault Tolerance. What can go wrong? Paxos is fail-stop tolerant. BFT model. BFT replication 5/25/18

Failure models. Byzantine Fault Tolerance. What can go wrong? Paxos is fail-stop tolerant. BFT model. BFT replication 5/25/18 Failure models Byzantine Fault Tolerance Fail-stop: nodes either execute the protocol correctly or just stop Byzantine failures: nodes can behave in any arbitrary way Send illegal messages, try to trick

More information

Toward Intrusion Tolerant Clouds

Toward Intrusion Tolerant Clouds Toward Intrusion Tolerant Clouds Prof. Yair Amir, Prof. Vladimir Braverman Daniel Obenshain, Tom Tantillo Department of Computer Science Johns Hopkins University Prof. Cristina Nita-Rotaru, Prof. Jennifer

More information

Resource-efficient Byzantine Fault Tolerance. Tobias Distler, Christian Cachin, and Rüdiger Kapitza

Resource-efficient Byzantine Fault Tolerance. Tobias Distler, Christian Cachin, and Rüdiger Kapitza 1 Resource-efficient Byzantine Fault Tolerance Tobias Distler, Christian Cachin, and Rüdiger Kapitza Abstract One of the main reasons why Byzantine fault-tolerant (BFT) systems are currently not widely

More information

Practical Byzantine Fault Tolerance

Practical Byzantine Fault Tolerance Practical Byzantine Fault Tolerance Robert Grimm New York University (Partially based on notes by Eric Brewer and David Mazières) The Three Questions What is the problem? What is new or different? What

More information

Toward Open Source Intrusion Tolerant SCADA. Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania

Toward Open Source Intrusion Tolerant SCADA. Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania Toward Open Source Intrusion Tolerant SCADA Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania Outline What is SCADA? SCADA Vulnerabilities What is Intrusion Tolerance? Prime PvBrowser Our

More information

Byzantine fault tolerance. Jinyang Li With PBFT slides from Liskov

Byzantine fault tolerance. Jinyang Li With PBFT slides from Liskov Byzantine fault tolerance Jinyang Li With PBFT slides from Liskov What we ve learnt so far: tolerate fail-stop failures Traditional RSM tolerates benign failures Node crashes Network partitions A RSM w/

More information

Resilient State Machine Replication

Resilient State Machine Replication Resilient State Machine Replication Paulo Sousa pjsousa@di.fc.ul.pt Univ. of Lisboa Nuno Ferreira Neves nuno@di.fc.ul.pt Univ. of Lisboa Paulo Veríssimo pjv@di.fc.ul.pt Univ. of Lisboa Abstract Nowadays,

More information

Practical Byzantine Fault Tolerance Consensus and A Simple Distributed Ledger Application Hao Xu Muyun Chen Xin Li

Practical Byzantine Fault Tolerance Consensus and A Simple Distributed Ledger Application Hao Xu Muyun Chen Xin Li Practical Byzantine Fault Tolerance Consensus and A Simple Distributed Ledger Application Hao Xu Muyun Chen Xin Li Abstract Along with cryptocurrencies become a great success known to the world, how to

More information

Practical Byzantine Fault

Practical Byzantine Fault Practical Byzantine Fault Tolerance Practical Byzantine Fault Tolerance Castro and Liskov, OSDI 1999 Nathan Baker, presenting on 23 September 2005 What is a Byzantine fault? Rationale for Byzantine Fault

More information

Availability, Reliability, and Fault Tolerance

Availability, Reliability, and Fault Tolerance Availability, Reliability, and Fault Tolerance Guest Lecture for Software Systems Security Tim Wood Professor Tim Wood - The George Washington University Distributed Systems have Problems Hardware breaks

More information

Authenticated Agreement

Authenticated Agreement Chapter 18 Authenticated Agreement Byzantine nodes are able to lie about their inputs as well as received messages. Can we detect certain lies and limit the power of byzantine nodes? Possibly, the authenticity

More information

Byzantine Fault Tolerance for Distributed Systems

Byzantine Fault Tolerance for Distributed Systems Cleveland State University EngagedScholarship@CSU ETD Archive 2014 Byzantine Fault Tolerance for Distributed Systems Honglei Zhang Cleveland State University How does access to this work benefit you? Let

More information

Evaluating BFT Protocols for Spire

Evaluating BFT Protocols for Spire Evaluating BFT Protocols for Spire Henry Schuh & Sam Beckley 600.667 Advanced Distributed Systems & Networks SCADA & Spire Overview High-Performance, Scalable Spire Trusted Platform Module Known Network

More information

Zyzzyva. Speculative Byzantine Fault Tolerance. Ramakrishna Kotla. L. Alvisi, M. Dahlin, A. Clement, E. Wong University of Texas at Austin

Zyzzyva. Speculative Byzantine Fault Tolerance. Ramakrishna Kotla. L. Alvisi, M. Dahlin, A. Clement, E. Wong University of Texas at Austin Zyzzyva Speculative Byzantine Fault Tolerance Ramakrishna Kotla L. Alvisi, M. Dahlin, A. Clement, E. Wong University of Texas at Austin The Goal Transform high-performance service into high-performance

More information

Toward Intrusion Tolerant Cloud Infrastructure

Toward Intrusion Tolerant Cloud Infrastructure Toward Intrusion Tolerant Cloud Infrastructure Daniel Obenshain, Tom Tantillo, Yair Amir Department of Computer Science Johns Hopkins University Andrew Newell, Cristina Nita-Rotaru Department of Computer

More information

PBFT: A Byzantine Renaissance. The Setup. What could possibly go wrong? The General Idea. Practical Byzantine Fault-Tolerance (CL99, CL00)

PBFT: A Byzantine Renaissance. The Setup. What could possibly go wrong? The General Idea. Practical Byzantine Fault-Tolerance (CL99, CL00) PBFT: A Byzantine Renaissance Practical Byzantine Fault-Tolerance (CL99, CL00) first to be safe in asynchronous systems live under weak synchrony assumptions -Byzantine Paxos! The Setup Crypto System Model

More information

Prophecy: Using History for High Throughput Fault Tolerance

Prophecy: Using History for High Throughput Fault Tolerance Prophecy: Using History for High Throughput Fault Tolerance Siddhartha Sen Joint work with Wyatt Lloyd and Mike Freedman Princeton University Non crash failures happen Non crash failures happen Model as

More information

Byzantine Fault Tolerance

Byzantine Fault Tolerance Byzantine Fault Tolerance CS 240: Computing Systems and Concurrency Lecture 11 Marco Canini Credits: Michael Freedman and Kyle Jamieson developed much of the original material. So far: Fail-stop failures

More information

Practical Byzantine Fault Tolerance (The Byzantine Generals Problem)

Practical Byzantine Fault Tolerance (The Byzantine Generals Problem) Practical Byzantine Fault Tolerance (The Byzantine Generals Problem) Introduction Malicious attacks and software errors that can cause arbitrary behaviors of faulty nodes are increasingly common Previous

More information

Network-Attack-Resilient Intrusion- Tolerant SCADA for the Power Grid

Network-Attack-Resilient Intrusion- Tolerant SCADA for the Power Grid Network-Attack-Resilient Intrusion- Tolerant SCADA for the Power Grid Amy Babay, Thomas Tantillo, Trevor Aron, Marco Platania, and Yair Amir Johns Hopkins University, AT&T Labs, Spread Concepts LLC Distributed

More information

Today: Fault Tolerance. Fault Tolerance

Today: Fault Tolerance. Fault Tolerance Today: Fault Tolerance Agreement in presence of faults Two army problem Byzantine generals problem Reliable communication Distributed commit Two phase commit Three phase commit Paxos Failure recovery Checkpointing

More information

Operating System Security

Operating System Security Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.

More information

Securing IoT-based Cyber-Physical Human Systems against Collaborative Attacks

Securing IoT-based Cyber-Physical Human Systems against Collaborative Attacks Securing IoT-based Cyber-Physical Human Systems against Collaborative Attacks Sathish A.P Kumar, Coastal Carolina University, Conway, SC, USA Bharat Bhargava and Ganapathy Mani Purdue University, West

More information

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague Brmlab, hackerspace Prague Lightning talks, November 2016 in general in general WTF is an? in general WTF is an? Computer Security in general WTF is an? Computer Security Incident Response in general WTF

More information

Isolating Compromised Routers. Alper Mizrak, Keith Marzullo and Stefan Savage UC San Diego Department of Computer Science and Engineering

Isolating Compromised Routers. Alper Mizrak, Keith Marzullo and Stefan Savage UC San Diego Department of Computer Science and Engineering Isolating Compromised Routers Alper Mizrak, Keith Marzullo and Stefan Savage UC San Diego Department of Computer Science and Engineering Problem Routers are vulnerable points in the Internet, especially

More information

Today: Fault Tolerance

Today: Fault Tolerance Today: Fault Tolerance Agreement in presence of faults Two army problem Byzantine generals problem Reliable communication Distributed commit Two phase commit Three phase commit Paxos Failure recovery Checkpointing

More information

Proactive Recovery in a Byzantine-Fault-Tolerant System

Proactive Recovery in a Byzantine-Fault-Tolerant System Proactive Recovery in a Byzantine-Fault-Tolerant System Miguel Castro and Barbara Liskov Laboratory for Computer Science, Massachusetts Institute of Technology, 545 Technology Square, Cambridge, MA 02139

More information

Failure Models. Fault Tolerance. Failure Masking by Redundancy. Agreement in Faulty Systems

Failure Models. Fault Tolerance. Failure Masking by Redundancy. Agreement in Faulty Systems Fault Tolerance Fault cause of an error that might lead to failure; could be transient, intermittent, or permanent Fault tolerance a system can provide its services even in the presence of faults Requirements

More information

BYZANTINE FAULT TOLERANT SOFTWARE- DEFINED NETWORKING (SDN) CONTROLLERS

BYZANTINE FAULT TOLERANT SOFTWARE- DEFINED NETWORKING (SDN) CONTROLLERS BYZANTINE FAULT TOLERANT SOFTWARE- DEFINED NETWORKING (SDN) CONTROLLERS KARIM ELDEFRAWY* AND TYLER KACZMAREK** * INFORMATION AND SYSTEMS SCIENCES LAB (ISSL), HRL LABORATORIES ** UNIVERSITY OF CALIFORNIA

More information

Tolerating Latency in Replicated State Machines through Client Speculation

Tolerating Latency in Replicated State Machines through Client Speculation Tolerating Latency in Replicated State Machines through Client Speculation April 22, 2009 1, James Cowling 2, Edmund B. Nightingale 3, Peter M. Chen 1, Jason Flinn 1, Barbara Liskov 2 University of Michigan

More information

Maximum Security with Minimum Impact : Going Beyond Next Gen

Maximum Security with Minimum Impact : Going Beyond Next Gen SESSION ID: SP03-W10 Maximum Security with Minimum Impact : Going Beyond Next Gen Wendy Moore Director, User Protection Trend Micro @WMBOTT Hyper-competitive Cloud Rapid adoption Social Global Mobile IoT

More information

Secure Active Network Environment (SANE) Trust, but Verify

Secure Active Network Environment (SANE) Trust, but Verify Secure Active Network Environment (SANE) Trust, but Verify Old Russian Saying Scott Alexander Bill Arbaugh Angelos Keromytis Jonathan Smith University of Pennsylvania Network Infrastructures Shared, so

More information

Practical Byzantine Fault Tolerance. Castro and Liskov SOSP 99

Practical Byzantine Fault Tolerance. Castro and Liskov SOSP 99 Practical Byzantine Fault Tolerance Castro and Liskov SOSP 99 Why this paper? Kind of incredible that it s even possible Let alone a practical NFS implementation with it So far we ve only considered fail-stop

More information

How to Tolerate Half Less One Byzantine Nodes in Practical Distributed Systems

How to Tolerate Half Less One Byzantine Nodes in Practical Distributed Systems How to Tolerate Half Less One Byzantine Nodes in Practical Distributed Systems Miguel Correia, Nuno Ferreira Neves, Paulo Veríssimo DI FCUL TR 04 6 July 2004 Departamento de Informática Faculdade de Ciências

More information

Resilient Intrusion Tolerance through Proactive and Reactive Recovery

Resilient Intrusion Tolerance through Proactive and Reactive Recovery Resilient Intrusion Tolerance through Proactive and Reactive Recovery DI FCUL Paulo Sousa Alysson Neves Bessani Miguel Correia Nuno Ferreira Neves Paulo Verissimo TR 07 17 October 2007 Departamento de

More information

Cyber Moving Targets. Yashar Dehkan Asl

Cyber Moving Targets. Yashar Dehkan Asl Cyber Moving Targets Yashar Dehkan Asl Introduction An overview of different cyber moving target techniques, their threat models, and their technical details. Cyber moving target technique: Defend a system

More information

Byzantine Fault Tolerance

Byzantine Fault Tolerance Byzantine Fault Tolerance CS6450: Distributed Systems Lecture 10 Ryan Stutsman Material taken/derived from Princeton COS-418 materials created by Michael Freedman and Kyle Jamieson at Princeton University.

More information

Research Statement. Amy Babay December 2018

Research Statement. Amy Babay December 2018 Research Statement Amy Babay December 2018 My research focuses on distributed systems and networks, with core goals spanning two domains: enabling new Internet services and building dependable infrastructure.

More information

Distributed Systems. 09. State Machine Replication & Virtual Synchrony. Paul Krzyzanowski. Rutgers University. Fall Paul Krzyzanowski

Distributed Systems. 09. State Machine Replication & Virtual Synchrony. Paul Krzyzanowski. Rutgers University. Fall Paul Krzyzanowski Distributed Systems 09. State Machine Replication & Virtual Synchrony Paul Krzyzanowski Rutgers University Fall 2016 1 State machine replication 2 State machine replication We want high scalability and

More information

Security of Mobile Ad Hoc and Wireless Sensor Networks

Security of Mobile Ad Hoc and Wireless Sensor Networks Security of Mobile Ad Hoc and Wireless Sensor Networks July, 2013 Edward Bonver LA Board Member Symantec Corporation edward@owasp.org Copyright The Foundation Permission is granted to copy, distribute

More information

N-Variant SystemsA Secretless Framework for Security through. Diversity Cox et al.

N-Variant SystemsA Secretless Framework for Security through. Diversity Cox et al. N-Variant Systems A Secretless Framework for Security through Diversity Cox et al. The problem Software homogeneity makes the process of leveraging a known exploit easy. Some solutions Address space randomization

More information

Transactions Between Distributed Ledgers

Transactions Between Distributed Ledgers Transactions Between Distributed Ledgers Ivan Klianev Transactum Pty Ltd High Performance Transaction Systems Asilomar, California, 8-11 October 2017 The Time for Distributed Transactions Has Come Thanks

More information

Cisco Advanced Malware Protection (AMP) for Endpoints

Cisco Advanced Malware Protection (AMP) for Endpoints Cisco Advanced Malware Protection (AMP) for Endpoints Endpoints continue to be the primary point of entry for attacks! 70% of breaches start on endpoint devices WHY? Gaps in protection Gaps in visibility

More information

ANTIVIRUS is a fundamental presence in every computer

ANTIVIRUS is a fundamental presence in every computer 1 RAVE: Replicated AntiVirus Engine Carlos Silva 1 Paulo Sousa 2 Paulo Veríssimo 2 1 Portugal Telecom 2 LaSIGE, Faculty of Sciences, University of Lisbon c.miguel.silva@telecom.pt, {pjsousa,pjv}@di.fc.ul.pt

More information

Combating Cyberattacks Through Network Agility and Automation Sagi Chief Technology Officer

Combating Cyberattacks Through Network Agility and Automation Sagi Chief Technology Officer Combating Cyberattacks Through Network Agility and Automation Sagi Brody @webairsagi Chief Technology Officer Leverage new technologies to: 1) Improve traditional DDoS monitoring & mitigation 2) Enhance

More information

Proactive Recovery in a Byzantine-Fault-Tolerant System

Proactive Recovery in a Byzantine-Fault-Tolerant System Proactive Recovery in a Byzantine-Fault-Tolerant System Miguel Castro and Barbara Liskov Laboratory for Computer Science, Massachusetts Institute of Technology, 545 Technology Square, Cambridge, MA 02139

More information

A definition. Byzantine Generals Problem. Synchronous, Byzantine world

A definition. Byzantine Generals Problem. Synchronous, Byzantine world The Byzantine Generals Problem Leslie Lamport, Robert Shostak, and Marshall Pease ACM TOPLAS 1982 Practical Byzantine Fault Tolerance Miguel Castro and Barbara Liskov OSDI 1999 A definition Byzantine (www.m-w.com):

More information

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction Cybersecurity Risk Mitigation: Protect Your Member Data Presented by Matt Mitchell, CISSP Knowledge Consulting Group Introduction Matt Mitchell- Director Risk Assurance 17 years information security experience

More information

Two New Protocols for Fault Tolerant Agreement

Two New Protocols for Fault Tolerant Agreement Two New Protocols for Fault Tolerant Agreement Poonam Saini 1 and Awadhesh Kumar Singh 2, 1,2 Department of Computer Engineering, National Institute of Technology, Kurukshetra, India nit.sainipoonam@gmail.com,

More information

Criticality and Robustness in Wireless Sensor Networks

Criticality and Robustness in Wireless Sensor Networks Criticality and Robustness in Wireless Sensor Networks Bhaskar Krishnamachari Autonomous Networks Research Group Department of Electrical Engineering University of Southern California NSF Workshop on Critical

More information

6 Critical Reasons for Office 365 Backup. The case for why organizations need to protect Office 365 data

6 Critical Reasons for Office 365 Backup. The case for why organizations need to protect Office 365 data 6 Critical Reasons for Office 365 Backup The case for why organizations need to protect Office 365 data 2 Introduction Do you have control of your Office 365 data? Do you have access to all the items you

More information

Today: Fault Tolerance. Failure Masking by Redundancy

Today: Fault Tolerance. Failure Masking by Redundancy Today: Fault Tolerance Agreement in presence of faults Two army problem Byzantine generals problem Reliable communication Distributed commit Two phase commit Three phase commit Failure recovery Checkpointing

More information

Consensus in Distributed Systems. Jeff Chase Duke University

Consensus in Distributed Systems. Jeff Chase Duke University Consensus in Distributed Systems Jeff Chase Duke University Consensus P 1 P 1 v 1 d 1 Unreliable multicast P 2 P 3 Consensus algorithm P 2 P 3 v 2 Step 1 Propose. v 3 d 2 Step 2 Decide. d 3 Generalizes

More information

Fault Tolerance. Basic Concepts

Fault Tolerance. Basic Concepts COP 6611 Advanced Operating System Fault Tolerance Chi Zhang czhang@cs.fiu.edu Dependability Includes Availability Run time / total time Basic Concepts Reliability The length of uninterrupted run time

More information

ABSTRACT. Web Service Atomic Transaction (WS-AT) is a standard used to implement distributed

ABSTRACT. Web Service Atomic Transaction (WS-AT) is a standard used to implement distributed ABSTRACT Web Service Atomic Transaction (WS-AT) is a standard used to implement distributed processing over the internet. Trustworthy coordination of transactions is essential to ensure proper running

More information

Preliminary Specification of Services and Protocols

Preliminary Specification of Services and Protocols Preliminary Specification of Services and Protocols Nuno Neves Paulo Verissimo (editors) DI FCUL TR 08 3 January 2008 Departamento de Informática Faculdade de Ciências da Universidade de Lisboa Campo Grande,

More information

On the Internet, nobody knows you re a dog.

On the Internet, nobody knows you re a dog. On the Internet, nobody knows you re a dog. THREATS TO DISTRIBUTED APPLICATIONS 1 Jane Q. Public Big Bank client s How do I know I am connecting to my bank? server s Maybe an attacker...... sends you phishing

More information

Critical Systems. Objectives. Topics covered. Critical Systems. System dependability. Importance of dependability

Critical Systems. Objectives. Topics covered. Critical Systems. System dependability. Importance of dependability Objectives Critical Systems To explain what is meant by a critical system where system failure can have severe human or economic consequence. To explain four dimensions of dependability - availability,

More information

Data Consistency and Blockchain. Bei Chun Zhou (BlockChainZ)

Data Consistency and Blockchain. Bei Chun Zhou (BlockChainZ) Data Consistency and Blockchain Bei Chun Zhou (BlockChainZ) beichunz@cn.ibm.com 1 Data Consistency Point-in-time consistency Transaction consistency Application consistency 2 Strong Consistency ACID Atomicity.

More information

ZZ: Cheap Practical BFT using Virtualization

ZZ: Cheap Practical BFT using Virtualization University of Massachusetts, Technical Report TR14-08 1 ZZ: Cheap Practical BFT using Virtualization Timothy Wood, Rahul Singh, Arun Venkataramani, and Prashant Shenoy Department of Computer Science, University

More information

RUAG Cyber Security Understand Cyber. Protect Values.

RUAG Cyber Security Understand Cyber. Protect Values. RUAG Cyber Security Understand Cyber. Protect Values. Your Cyber Security maturity depends on your awareness and the appropriate behaviour of every single user. RUAG Cyber Security empowers and efficiently

More information

or? Paxos: Fun Facts Quorum Quorum: Primary Copy vs. Majority Quorum: Primary Copy vs. Majority

or? Paxos: Fun Facts Quorum Quorum: Primary Copy vs. Majority Quorum: Primary Copy vs. Majority Paxos: Fun Facts Quorum Why is the algorithm called Paxos? Leslie Lamport described the algorithm as the solution to a problem of the parliament on a fictitious Greek island called Paxos Many readers were

More information

Refinement and Optimization of Streaming Architectures. Don Batory and Taylor Riché Department of Computer Science University of Texas at Austin

Refinement and Optimization of Streaming Architectures. Don Batory and Taylor Riché Department of Computer Science University of Texas at Austin Refinement and Optimization of Streaming Architectures Don Batory and Taylor Riché Department of Computer Science University of Texas at Austin 1 Introduction Model Driven Engineering (MDE) is paradigm

More information

Resilient State Machine Replication

Resilient State Machine Replication Resilient State Machine Replication Paulo Sousa Nuno Ferreira Neves Paulo Veríssimo DI FCUL TR 05 17 September 2005 Departamento de Informática Faculdade de Ciências da Universidade de Lisboa Campo Grande,

More information

ABOUT US SECURITY. A Legacy of Providing Solutions. Protecting Your Data

ABOUT US SECURITY. A Legacy of Providing Solutions. Protecting Your Data RnD Consulting LLC 957 Route 33 PMB 143 Hamilton Square, NJ 08690 Tel. (800) 949-8215 Fax. (609) 586-1712 mike@rndconsultingnj.com josh@rndconsultingnj.com ABOUT US A Legacy of Providing Solutions With

More information

Beyond Firewalls: The Future Of Network Security

Beyond Firewalls: The Future Of Network Security Beyond Firewalls: The Future Of Network Security XChange University: IT Security Jennifer Blatnik 20 August 2016 Security Trends Today Network security landscape has expanded CISOs Treading Water Pouring

More information

Cyber Resiliency & Agility Call to Action

Cyber Resiliency & Agility Call to Action Cyber Resiliency & Agility Call to Action MITRE Resiliency Workshop May 31, 2012 Suzanne Hassell Engineering Fellow Raytheon Network Centric Systems shassell@raytheon.com Copyright 2012 Raytheon Company.

More information

FAULT TOLERANCE. Fault Tolerant Systems. Faults Faults (cont d)

FAULT TOLERANCE. Fault Tolerant Systems. Faults Faults (cont d) Distributed Systems Fö 9/10-1 Distributed Systems Fö 9/10-2 FAULT TOLERANCE 1. Fault Tolerant Systems 2. Faults and Fault Models. Redundancy 4. Time Redundancy and Backward Recovery. Hardware Redundancy

More information

Fault Tolerance. Distributed Systems. September 2002

Fault Tolerance. Distributed Systems. September 2002 Fault Tolerance Distributed Systems September 2002 Basics A component provides services to clients. To provide services, the component may require the services from other components a component may depend

More information

Network Protocols. Sarah Diesburg Operating Systems CS 3430

Network Protocols. Sarah Diesburg Operating Systems CS 3430 Network Protocols Sarah Diesburg Operating Systems CS 3430 Protocol An agreement between two parties as to how information is to be transmitted A network protocol abstracts packets into messages Physical

More information

Survey of Cyber Moving Targets. Presented By Sharani Sankaran

Survey of Cyber Moving Targets. Presented By Sharani Sankaran Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber moving target technique refers to any technique that attempts to defend a system and increase the complexity of

More information

Asynchronous Proactive Cryptosystems without Agreement

Asynchronous Proactive Cryptosystems without Agreement Asynchronous Proactive Cryptosystems without Agreement Stas Jarecki (UC Irvine) Bartosz Przydatek (ETH Zurich, Switzerland) Reto Strobl (Google, Switzerland) 1 Proactive Cryptosystems Motivation: weakest

More information

Towards a Practical Survivable Intrusion Tolerant Replication System

Towards a Practical Survivable Intrusion Tolerant Replication System Towards a Practical Survivable Intrusion Tolerant Replication System Marco Platania, Daniel Obenshain, Thomas Tantillo, Ricky Sharma, Yair Amir Department of Computer Science at Johns Hopkins University

More information

Recovering from a Crash. Three-Phase Commit

Recovering from a Crash. Three-Phase Commit Recovering from a Crash If INIT : abort locally and inform coordinator If Ready, contact another process Q and examine Q s state Lecture 18, page 23 Three-Phase Commit Two phase commit: problem if coordinator

More information

Cyber Security Maturity Model

Cyber Security Maturity Model Cyber Security Maturity Model Robert Lentz Former DoD CISO / Deputy Assistant Secretary Cyber Facts Facts About About Intrusions Intrusions 2 Verizon 2010 Data Breach Investigation Report WHO IS BEHIND

More information

APPLICATION AWARE FOR BYZANTINE FAULT TOLERANCE

APPLICATION AWARE FOR BYZANTINE FAULT TOLERANCE APPLICATION AWARE FOR BYZANTINE FAULT TOLERANCE HUA CHAI Master of Science in Electrical Engineering Cleveland State University 12, 2009 submitted in partial fulfillment of requirements for the degree

More information

Peer-to-peer Sender Authentication for . Vivek Pathak and Liviu Iftode Rutgers University

Peer-to-peer Sender Authentication for . Vivek Pathak and Liviu Iftode Rutgers University Peer-to-peer Sender Authentication for Email Vivek Pathak and Liviu Iftode Rutgers University Email Trustworthiness Sender can be spoofed Need for Sender Authentication Importance depends on sender Update

More information

Byzantine Techniques

Byzantine Techniques November 29, 2005 Reliability and Failure There can be no unity without agreement, and there can be no agreement without conciliation René Maowad Reliability and Failure There can be no unity without agreement,

More information

State Transfer for Hypervisor-Based Proactive Recovery of Heterogeneous Replicated Services

State Transfer for Hypervisor-Based Proactive Recovery of Heterogeneous Replicated Services State Transfer for Hypervisor-Based Proactive Recovery of Heterogeneous Replicated Services Tobias Distler Rüdiger Kapitza Friedrich-Alexander University Erlangen-Nuremberg, Germany {distler,rrkapitz}@cs.fau.de

More information

Internet of Things (IoT) Attacks. The Internet of Things (IoT) is based off a larger concept; the Internet of Things came

Internet of Things (IoT) Attacks. The Internet of Things (IoT) is based off a larger concept; the Internet of Things came Victoria Ellsworth Dr. Ping Li ICTN 4040 04/11/17 Internet of Things (IoT) Attacks The Internet of Things (IoT) is based off a larger concept; the Internet of Things came from idea of the Internet of Everything.

More information

Proactive and Reactive View Change for Fault Tolerant Byzantine Agreement

Proactive and Reactive View Change for Fault Tolerant Byzantine Agreement Journal of Computer Science 7 (1): 101-107, 2011 ISSN 1549-3636 2011 Science Publications Proactive and Reactive View Change for Fault Tolerant Byzantine Agreement Poonam Saini and Awadhesh Kumar Singh

More information

Tradeoffs in Byzantine-Fault-Tolerant State-Machine-Replication Protocol Design

Tradeoffs in Byzantine-Fault-Tolerant State-Machine-Replication Protocol Design Tradeoffs in Byzantine-Fault-Tolerant State-Machine-Replication Protocol Design Michael G. Merideth March 2008 CMU-ISR-08-110 School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213

More information

Low-Latency Network-Scalable Byzantine Fault-Tolerant Replication 12th EuroSys Doctoral Workshop (EuroDW 2018)

Low-Latency Network-Scalable Byzantine Fault-Tolerant Replication 12th EuroSys Doctoral Workshop (EuroDW 2018) Low-Latency Network-Scalable Byzantine Fault-Tolerant tion 12th EuroSys Doctoral Workshop (EuroDW 2018) Ines Messadi, TU Braunschweig, Germany, 2018-04-23 New PhD student (Second month) in the distributed

More information

A SECURE DOMAIN NAME SYSTEM BASED ON INTRUSION TOLERANCE

A SECURE DOMAIN NAME SYSTEM BASED ON INTRUSION TOLERANCE Proceedings of the Seventh International Conference on Learning and Cybernetics, Kunming, 12-15 July 2008 A SECURE DOMAIN NAME SYSTEM BASED ON INTRUSION TOLERANCE WEI ZHOU 1, 2, LIU CHEN 3, 4 1 School

More information

Cyber Security Experts Association of Nigeria (CSEAN) CYBER SECURE NIGERIA 2016 Conference

Cyber Security Experts Association of Nigeria (CSEAN) CYBER SECURE NIGERIA 2016 Conference Cyber Security Experts Association of Nigeria (CSEAN) CYBER SECURE NIGERIA 2016 Conference Threat of Cyber- Terrorism to Critical Infrastructures Presented by Iyke Ezeugo Cyber-warfare Strategist Definitions

More information

International Journal of Advanced Research in Computer Science and Software Engineering

International Journal of Advanced Research in Computer Science and Software Engineering Volume 2, Issue 9, September 2012 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Backup Two

More information

MENCIUS: BUILDING EFFICIENT

MENCIUS: BUILDING EFFICIENT MENCIUS: BUILDING EFFICIENT STATE MACHINE FOR WANS By: Yanhua Mao Flavio P. Junqueira Keith Marzullo Fabian Fuxa, Chun-Yu Hsiung November 14, 2018 AGENDA 1. Motivation 2. Breakthrough 3. Rules of Mencius

More information

Designing Modular and Redundant Cyber Architectures for Process Control: Lessons learned

Designing Modular and Redundant Cyber Architectures for Process Control: Lessons learned Designing Modular and Redundant Cyber Architectures for Process Control: Lessons learned Paulo Verissimo Alysson Neves Bessani Miguel Correia Nuno Ferreira Neves Paulo Sousa Universidade de Lisboa, Faculdade

More information

Automatic Reconfiguration for Large-Scale Reliable Storage Systems

Automatic Reconfiguration for Large-Scale Reliable Storage Systems Automatic Reconfiguration for Large-Scale Reliable Storage Systems The MIT Faculty has made this article openly available. Please share how this access benefits you. Your story matters. Citation As Published

More information

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection Zero Trust on the Endpoint Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection March 2015 Executive Summary The Forrester Zero Trust Model (Zero Trust) of information

More information

Towards a Practical Survivable Intrusion Tolerant Replication System

Towards a Practical Survivable Intrusion Tolerant Replication System Towards a Practical Survivable Intrusion Tolerant Replication System Marco Platania, Daniel Obenshain, Thomas Tantillo, Ricky Sharma, Yair Amir Department of Computer Science at Johns Hopkins University

More information

Modelling Cyber Security Risk Across the Organization Hierarchy

Modelling Cyber Security Risk Across the Organization Hierarchy Modelling Cyber Security Risk Across the Organization Hierarchy Security issues have different causes and effects at different layers within the organization one size most definitely does not fit all.

More information

AS distributed systems develop and grow in size,

AS distributed systems develop and grow in size, 1 hbft: Speculative Byzantine Fault Tolerance With Minimum Cost Sisi Duan, Sean Peisert, Senior Member, IEEE, and Karl N. Levitt Abstract We present hbft, a hybrid, Byzantine fault-tolerant, ted state

More information

Byzantine Failures. Nikola Knezevic. knl

Byzantine Failures. Nikola Knezevic. knl Byzantine Failures Nikola Knezevic knl Different Types of Failures Crash / Fail-stop Send Omissions Receive Omissions General Omission Arbitrary failures, authenticated messages Arbitrary failures Arbitrary

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback