Towards Recoverable Hybrid Byzantine Consensus
|
|
- Julia York
- 5 years ago
- Views:
Transcription
1 Towards Recoverable Hybrid Byzantine Consensus Hans P. Reiser 1, Rüdiger Kapitza 2 1 University of Lisboa, Portugal 2 University of Erlangen-Nürnberg, Germany September 22, 2009
2 Overview 1 Background Why? When? Where? 2 Towards Recoverable Hybrid Byzantine Consensus Wanted: Recovery Recovery in existing BFT algorithms Recoverable BFT: A State Model 3 Provocative Questions and Conclusions Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
3 Why? Security threats NVD, Bugtraq, etc: Countless vulnerabilities Viruses, botnets, cyber warefare: Countless attacks Pervasive IT systems Everything (incl. critical infrastructures) connected to Internet High security requirements no longer limited to traditional critical infrastructures Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
4 Why? Security threats NVD, Bugtraq, etc: Countless vulnerabilities Viruses, botnets, cyber warefare: Countless attacks Pervasive IT systems Everything (incl. critical infrastructures) connected to Internet High security requirements no longer limited to traditional critical infrastructures Current best practices cannot avoid all faults/intrusions New approaches are needed. Intrusion tolerance might be one key building block for more secure, more dependable systems. Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
5 When? I do not know. Hoping for interesting discussions :-) Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
6 When? I do not know. Hoping for interesting discussions :-) Marketing / political issue How to convince people to pay for intrusion tolerance? Quantifying the benefit? Intrusions harder to predict than traditional faults... Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
7 When? I do not know. Hoping for interesting discussions :-) Marketing / political issue How to convince people to pay for intrusion tolerance? Quantifying the benefit? Intrusions harder to predict than traditional faults... Do we still need further improvements? new research directions? Cheaper BFT? (Rüdiger s f + 1 talk) Missing functionality? (e.g., node recovery)... Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
8 Where? Where to use BFT algorithms in practice? Use it to build intrusion-tolerant systems... wherever we will find vulnerabilities & attacks (i.e., almost everywhere)... wherever we can afford the cost Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
9 Where? Where to use BFT algorithms in practice? Use it to build intrusion-tolerant systems... wherever we will find vulnerabilities & attacks (i.e., almost everywhere)... wherever we can afford the cost (don t forget diversity Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
10 Where? Where to use BFT algorithms in practice? Use it to build intrusion-tolerant systems... wherever we will find vulnerabilities & attacks (i.e., almost everywhere)... wherever we can afford the cost (don t forget diversity... and determinism) Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
11 Overview 1 Background Why? When? Where? 2 Towards Recoverable Hybrid Byzantine Consensus Wanted: Recovery Recovery in existing BFT algorithms Recoverable BFT: A State Model 3 Provocative Questions and Conclusions Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
12 Wanted: Recovery Using BFT for building intrusion-tolerant systems Function correctly in spite of malicious intrusions Capability of reorganizing itself autonomously Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
13 Wanted: Recovery Using BFT for building intrusion-tolerant systems Function correctly in spite of malicious intrusions Capability of reorganizing itself autonomously Limitation of simple BFT algorithms Sooner or later, attackers might compromise more nodes than the system can tolerate Intrusions usually are hard to detect Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
14 Wanted: Recovery Using BFT for building intrusion-tolerant systems Function correctly in spite of malicious intrusions Capability of reorganizing itself autonomously Limitation of simple BFT algorithms Sooner or later, attackers might compromise more nodes than the system can tolerate Intrusions usually are hard to detect Wanted: Proactive Recovery Replicas should proactively be refreshed periodically, in addition to reactively repairing detected faults. Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
15 Overview 1 Background Why? When? Where? 2 Towards Recoverable Hybrid Byzantine Consensus Wanted: Recovery Recovery in existing BFT algorithms Recoverable BFT: A State Model 3 Provocative Questions and Conclusions Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
16 Recovery in existing BFT algorithms PBFT (Castro et al.): Explicit proactive recovery support Prerequisites for proactive recovery Tamper-free device that periodically triggers recoveries Trusted component that stores private key and creates signatures Means for avoiding message replay after recovery Recovering non-faulty replica must not loose state and Recovering faulty replica must not spread wrong information Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
17 Recovery in existing BFT algorithms Algorithm TCB Recovery support PBFT yes yes Q/U no no HQ no no BFT2F no no Zyzzyva no no A2M yes maybe MinBFT yes no Table: Recovery support in BFT algorithms Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
18 Implications of prerequisites Tamper-free device that triggers recoveries Trusted component that stores private key and creates signatures Means for avoiding message replay after recovery Recovering non-faulty replica must not loose state Recovering faulty replica must not spread wrong information Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
19 Implications of prerequisites Tamper-free device that triggers recoveries Easy: External tamper-free box Trusted component that stores private key and creates signatures Means for avoiding message replay after recovery Recovering non-faulty replica must not loose state Recovering faulty replica must not spread wrong information Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
20 Implications of prerequisites Tamper-free device that triggers recoveries Easy: External tamper-free box Trusted component that stores private key and creates signatures Easy: trusted box + minor implementation changes Means for avoiding message replay after recovery Recovering non-faulty replica must not loose state Recovering faulty replica must not spread wrong information Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
21 Implications of prerequisites Tamper-free device that triggers recoveries Easy: External tamper-free box Trusted component that stores private key and creates signatures Easy: trusted box + minor implementation changes Means for avoiding message replay after recovery Session keys, changes to message format, message filtering? Recovering non-faulty replica must not loose state Recovering faulty replica must not spread wrong information Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
22 Implications of prerequisites Tamper-free device that triggers recoveries Easy: External tamper-free box Trusted component that stores private key and creates signatures Easy: trusted box + minor implementation changes Means for avoiding message replay after recovery Session keys, changes to message format, message filtering? Recovering non-faulty replica must not loose state Highly intrusive: All relevant state on persistent storage Recovering faulty replica must not spread wrong information Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
23 Implications of prerequisites Tamper-free device that triggers recoveries Easy: External tamper-free box Trusted component that stores private key and creates signatures Easy: trusted box + minor implementation changes Means for avoiding message replay after recovery Session keys, changes to message format, message filtering? Recovering non-faulty replica must not loose state Highly intrusive: All relevant state on persistent storage Recovering faulty replica must not spread wrong information Most difficult part: protocol extensions (state validation) Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
24 Observations Observations 1 Recovery requires a (± complex) trusted component 2 Recovery needs to be an integral part of a BFT algorithm 3 Recovery is not supported in most BFT algorithms Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
25 Overview 1 Background Why? When? Where? 2 Towards Recoverable Hybrid Byzantine Consensus Wanted: Recovery Recovery in existing BFT algorithms Recoverable BFT: A State Model 3 Provocative Questions and Conclusions Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
26 State Model Figure: State transition model of a recoverable BFT algorithm Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
27 Recoverable BFT: Challenges Main challenges: Recovery trigger (* A,* C) should be synchronous Recovery operation itself (A B, C B) probably executes in weaker synchrony model Refine system model and verify correctness Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
28 Overview 1 Background Why? When? Where? 2 Towards Recoverable Hybrid Byzantine Consensus Wanted: Recovery Recovery in existing BFT algorithms Recoverable BFT: A State Model 3 Provocative Questions and Conclusions Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
29 Questions 1 Is there a place for traditional 3f + 1 BFT without proactive recovery? Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
30 Questions 1 Is there a place for traditional 3f + 1 BFT without proactive recovery? 2 Is there a place for traditional 3f + 1 BFT with proactive recovery? Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
31 Questions 1 Is there a place for traditional 3f + 1 BFT without proactive recovery? 2 Is there a place for traditional 3f + 1 BFT with proactive recovery? Proactive recovery in any case requires (rather complex) TCB Simple TCB enables 2f + 1-consensus Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
32 Questions 1 Is there a place for traditional 3f + 1 BFT without proactive recovery? 2 Is there a place for traditional 3f + 1 BFT with proactive recovery? Proactive recovery in any case requires (rather complex) TCB Simple TCB enables 2f + 1-consensus 3 Will all practical BFT implementations be 2f + 1-BFT with a TCB? What kind of TCB (interface, funcionality)? System model? Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
33 Conclusions We need practical intrusion-tolerant systems Long-running systems require proactive recovery Most BFT papers do not consider recovery at all Recovery needs to be an integral part of BFT systems Work in progress Bridge the gap: synchronous trigger vs. asynchronous network Accurately define system model Integrate PR into existing BFT algorithms Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
34 Thank you! Questions? Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22,
A FAULT- AND INTRUSION-TOLERANT ARCHITECTURE FOR THE PORTUGUESE POWER DISTRIBUTION SCADA
A FAULT- AND INTRUSION-TOLERANT ARCHITECTURE FOR THE PORTUGUESE POWER DISTRIBUTION SCADA Nuno Medeiros Alysson Bessani 1 Context: EDP Distribuição EDP Distribuição is the utility responsible for the distribution
More informationViewstamped Replication to Practical Byzantine Fault Tolerance. Pradipta De
Viewstamped Replication to Practical Byzantine Fault Tolerance Pradipta De pradipta.de@sunykorea.ac.kr ViewStamped Replication: Basics What does VR solve? VR supports replicated service Abstraction is
More informationPractical Byzantine Fault Tolerance. Miguel Castro and Barbara Liskov
Practical Byzantine Fault Tolerance Miguel Castro and Barbara Liskov Outline 1. Introduction to Byzantine Fault Tolerance Problem 2. PBFT Algorithm a. Models and overview b. Three-phase protocol c. View-change
More informationRobust BFT Protocols
Robust BFT Protocols Sonia Ben Mokhtar, LIRIS, CNRS, Lyon Joint work with Pierre Louis Aublin, Grenoble university Vivien Quéma, Grenoble INP 18/10/2013 Who am I? CNRS reseacher, LIRIS lab, DRIM research
More informationByzantine Fault Tolerance and Consensus. Adi Seredinschi Distributed Programming Laboratory
Byzantine Fault Tolerance and Consensus Adi Seredinschi Distributed Programming Laboratory 1 (Original) Problem Correct process General goal: Run a distributed algorithm 2 (Original) Problem Correct process
More informationReducing the Costs of Large-Scale BFT Replication
Reducing the Costs of Large-Scale BFT Replication Marco Serafini & Neeraj Suri TU Darmstadt, Germany Neeraj Suri EU-NSF ICT March 2006 Dependable Embedded Systems & SW Group www.deeds.informatik.tu-darmstadt.de
More informationFailure models. Byzantine Fault Tolerance. What can go wrong? Paxos is fail-stop tolerant. BFT model. BFT replication 5/25/18
Failure models Byzantine Fault Tolerance Fail-stop: nodes either execute the protocol correctly or just stop Byzantine failures: nodes can behave in any arbitrary way Send illegal messages, try to trick
More informationToward Intrusion Tolerant Clouds
Toward Intrusion Tolerant Clouds Prof. Yair Amir, Prof. Vladimir Braverman Daniel Obenshain, Tom Tantillo Department of Computer Science Johns Hopkins University Prof. Cristina Nita-Rotaru, Prof. Jennifer
More informationResource-efficient Byzantine Fault Tolerance. Tobias Distler, Christian Cachin, and Rüdiger Kapitza
1 Resource-efficient Byzantine Fault Tolerance Tobias Distler, Christian Cachin, and Rüdiger Kapitza Abstract One of the main reasons why Byzantine fault-tolerant (BFT) systems are currently not widely
More informationPractical Byzantine Fault Tolerance
Practical Byzantine Fault Tolerance Robert Grimm New York University (Partially based on notes by Eric Brewer and David Mazières) The Three Questions What is the problem? What is new or different? What
More informationToward Open Source Intrusion Tolerant SCADA. Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania
Toward Open Source Intrusion Tolerant SCADA Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania Outline What is SCADA? SCADA Vulnerabilities What is Intrusion Tolerance? Prime PvBrowser Our
More informationByzantine fault tolerance. Jinyang Li With PBFT slides from Liskov
Byzantine fault tolerance Jinyang Li With PBFT slides from Liskov What we ve learnt so far: tolerate fail-stop failures Traditional RSM tolerates benign failures Node crashes Network partitions A RSM w/
More informationResilient State Machine Replication
Resilient State Machine Replication Paulo Sousa pjsousa@di.fc.ul.pt Univ. of Lisboa Nuno Ferreira Neves nuno@di.fc.ul.pt Univ. of Lisboa Paulo Veríssimo pjv@di.fc.ul.pt Univ. of Lisboa Abstract Nowadays,
More informationPractical Byzantine Fault Tolerance Consensus and A Simple Distributed Ledger Application Hao Xu Muyun Chen Xin Li
Practical Byzantine Fault Tolerance Consensus and A Simple Distributed Ledger Application Hao Xu Muyun Chen Xin Li Abstract Along with cryptocurrencies become a great success known to the world, how to
More informationPractical Byzantine Fault
Practical Byzantine Fault Tolerance Practical Byzantine Fault Tolerance Castro and Liskov, OSDI 1999 Nathan Baker, presenting on 23 September 2005 What is a Byzantine fault? Rationale for Byzantine Fault
More informationAvailability, Reliability, and Fault Tolerance
Availability, Reliability, and Fault Tolerance Guest Lecture for Software Systems Security Tim Wood Professor Tim Wood - The George Washington University Distributed Systems have Problems Hardware breaks
More informationAuthenticated Agreement
Chapter 18 Authenticated Agreement Byzantine nodes are able to lie about their inputs as well as received messages. Can we detect certain lies and limit the power of byzantine nodes? Possibly, the authenticity
More informationByzantine Fault Tolerance for Distributed Systems
Cleveland State University EngagedScholarship@CSU ETD Archive 2014 Byzantine Fault Tolerance for Distributed Systems Honglei Zhang Cleveland State University How does access to this work benefit you? Let
More informationEvaluating BFT Protocols for Spire
Evaluating BFT Protocols for Spire Henry Schuh & Sam Beckley 600.667 Advanced Distributed Systems & Networks SCADA & Spire Overview High-Performance, Scalable Spire Trusted Platform Module Known Network
More informationZyzzyva. Speculative Byzantine Fault Tolerance. Ramakrishna Kotla. L. Alvisi, M. Dahlin, A. Clement, E. Wong University of Texas at Austin
Zyzzyva Speculative Byzantine Fault Tolerance Ramakrishna Kotla L. Alvisi, M. Dahlin, A. Clement, E. Wong University of Texas at Austin The Goal Transform high-performance service into high-performance
More informationToward Intrusion Tolerant Cloud Infrastructure
Toward Intrusion Tolerant Cloud Infrastructure Daniel Obenshain, Tom Tantillo, Yair Amir Department of Computer Science Johns Hopkins University Andrew Newell, Cristina Nita-Rotaru Department of Computer
More informationPBFT: A Byzantine Renaissance. The Setup. What could possibly go wrong? The General Idea. Practical Byzantine Fault-Tolerance (CL99, CL00)
PBFT: A Byzantine Renaissance Practical Byzantine Fault-Tolerance (CL99, CL00) first to be safe in asynchronous systems live under weak synchrony assumptions -Byzantine Paxos! The Setup Crypto System Model
More informationProphecy: Using History for High Throughput Fault Tolerance
Prophecy: Using History for High Throughput Fault Tolerance Siddhartha Sen Joint work with Wyatt Lloyd and Mike Freedman Princeton University Non crash failures happen Non crash failures happen Model as
More informationByzantine Fault Tolerance
Byzantine Fault Tolerance CS 240: Computing Systems and Concurrency Lecture 11 Marco Canini Credits: Michael Freedman and Kyle Jamieson developed much of the original material. So far: Fail-stop failures
More informationPractical Byzantine Fault Tolerance (The Byzantine Generals Problem)
Practical Byzantine Fault Tolerance (The Byzantine Generals Problem) Introduction Malicious attacks and software errors that can cause arbitrary behaviors of faulty nodes are increasingly common Previous
More informationNetwork-Attack-Resilient Intrusion- Tolerant SCADA for the Power Grid
Network-Attack-Resilient Intrusion- Tolerant SCADA for the Power Grid Amy Babay, Thomas Tantillo, Trevor Aron, Marco Platania, and Yair Amir Johns Hopkins University, AT&T Labs, Spread Concepts LLC Distributed
More informationToday: Fault Tolerance. Fault Tolerance
Today: Fault Tolerance Agreement in presence of faults Two army problem Byzantine generals problem Reliable communication Distributed commit Two phase commit Three phase commit Paxos Failure recovery Checkpointing
More informationOperating System Security
Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.
More informationSecuring IoT-based Cyber-Physical Human Systems against Collaborative Attacks
Securing IoT-based Cyber-Physical Human Systems against Collaborative Attacks Sathish A.P Kumar, Coastal Carolina University, Conway, SC, USA Bharat Bhargava and Ganapathy Mani Purdue University, West
More informationCSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague
Brmlab, hackerspace Prague Lightning talks, November 2016 in general in general WTF is an? in general WTF is an? Computer Security in general WTF is an? Computer Security Incident Response in general WTF
More informationIsolating Compromised Routers. Alper Mizrak, Keith Marzullo and Stefan Savage UC San Diego Department of Computer Science and Engineering
Isolating Compromised Routers Alper Mizrak, Keith Marzullo and Stefan Savage UC San Diego Department of Computer Science and Engineering Problem Routers are vulnerable points in the Internet, especially
More informationToday: Fault Tolerance
Today: Fault Tolerance Agreement in presence of faults Two army problem Byzantine generals problem Reliable communication Distributed commit Two phase commit Three phase commit Paxos Failure recovery Checkpointing
More informationProactive Recovery in a Byzantine-Fault-Tolerant System
Proactive Recovery in a Byzantine-Fault-Tolerant System Miguel Castro and Barbara Liskov Laboratory for Computer Science, Massachusetts Institute of Technology, 545 Technology Square, Cambridge, MA 02139
More informationFailure Models. Fault Tolerance. Failure Masking by Redundancy. Agreement in Faulty Systems
Fault Tolerance Fault cause of an error that might lead to failure; could be transient, intermittent, or permanent Fault tolerance a system can provide its services even in the presence of faults Requirements
More informationBYZANTINE FAULT TOLERANT SOFTWARE- DEFINED NETWORKING (SDN) CONTROLLERS
BYZANTINE FAULT TOLERANT SOFTWARE- DEFINED NETWORKING (SDN) CONTROLLERS KARIM ELDEFRAWY* AND TYLER KACZMAREK** * INFORMATION AND SYSTEMS SCIENCES LAB (ISSL), HRL LABORATORIES ** UNIVERSITY OF CALIFORNIA
More informationTolerating Latency in Replicated State Machines through Client Speculation
Tolerating Latency in Replicated State Machines through Client Speculation April 22, 2009 1, James Cowling 2, Edmund B. Nightingale 3, Peter M. Chen 1, Jason Flinn 1, Barbara Liskov 2 University of Michigan
More informationMaximum Security with Minimum Impact : Going Beyond Next Gen
SESSION ID: SP03-W10 Maximum Security with Minimum Impact : Going Beyond Next Gen Wendy Moore Director, User Protection Trend Micro @WMBOTT Hyper-competitive Cloud Rapid adoption Social Global Mobile IoT
More informationSecure Active Network Environment (SANE) Trust, but Verify
Secure Active Network Environment (SANE) Trust, but Verify Old Russian Saying Scott Alexander Bill Arbaugh Angelos Keromytis Jonathan Smith University of Pennsylvania Network Infrastructures Shared, so
More informationPractical Byzantine Fault Tolerance. Castro and Liskov SOSP 99
Practical Byzantine Fault Tolerance Castro and Liskov SOSP 99 Why this paper? Kind of incredible that it s even possible Let alone a practical NFS implementation with it So far we ve only considered fail-stop
More informationHow to Tolerate Half Less One Byzantine Nodes in Practical Distributed Systems
How to Tolerate Half Less One Byzantine Nodes in Practical Distributed Systems Miguel Correia, Nuno Ferreira Neves, Paulo Veríssimo DI FCUL TR 04 6 July 2004 Departamento de Informática Faculdade de Ciências
More informationResilient Intrusion Tolerance through Proactive and Reactive Recovery
Resilient Intrusion Tolerance through Proactive and Reactive Recovery DI FCUL Paulo Sousa Alysson Neves Bessani Miguel Correia Nuno Ferreira Neves Paulo Verissimo TR 07 17 October 2007 Departamento de
More informationCyber Moving Targets. Yashar Dehkan Asl
Cyber Moving Targets Yashar Dehkan Asl Introduction An overview of different cyber moving target techniques, their threat models, and their technical details. Cyber moving target technique: Defend a system
More informationByzantine Fault Tolerance
Byzantine Fault Tolerance CS6450: Distributed Systems Lecture 10 Ryan Stutsman Material taken/derived from Princeton COS-418 materials created by Michael Freedman and Kyle Jamieson at Princeton University.
More informationResearch Statement. Amy Babay December 2018
Research Statement Amy Babay December 2018 My research focuses on distributed systems and networks, with core goals spanning two domains: enabling new Internet services and building dependable infrastructure.
More informationDistributed Systems. 09. State Machine Replication & Virtual Synchrony. Paul Krzyzanowski. Rutgers University. Fall Paul Krzyzanowski
Distributed Systems 09. State Machine Replication & Virtual Synchrony Paul Krzyzanowski Rutgers University Fall 2016 1 State machine replication 2 State machine replication We want high scalability and
More informationSecurity of Mobile Ad Hoc and Wireless Sensor Networks
Security of Mobile Ad Hoc and Wireless Sensor Networks July, 2013 Edward Bonver LA Board Member Symantec Corporation edward@owasp.org Copyright The Foundation Permission is granted to copy, distribute
More informationN-Variant SystemsA Secretless Framework for Security through. Diversity Cox et al.
N-Variant Systems A Secretless Framework for Security through Diversity Cox et al. The problem Software homogeneity makes the process of leveraging a known exploit easy. Some solutions Address space randomization
More informationTransactions Between Distributed Ledgers
Transactions Between Distributed Ledgers Ivan Klianev Transactum Pty Ltd High Performance Transaction Systems Asilomar, California, 8-11 October 2017 The Time for Distributed Transactions Has Come Thanks
More informationCisco Advanced Malware Protection (AMP) for Endpoints
Cisco Advanced Malware Protection (AMP) for Endpoints Endpoints continue to be the primary point of entry for attacks! 70% of breaches start on endpoint devices WHY? Gaps in protection Gaps in visibility
More informationANTIVIRUS is a fundamental presence in every computer
1 RAVE: Replicated AntiVirus Engine Carlos Silva 1 Paulo Sousa 2 Paulo Veríssimo 2 1 Portugal Telecom 2 LaSIGE, Faculty of Sciences, University of Lisbon c.miguel.silva@telecom.pt, {pjsousa,pjv}@di.fc.ul.pt
More informationCombating Cyberattacks Through Network Agility and Automation Sagi Chief Technology Officer
Combating Cyberattacks Through Network Agility and Automation Sagi Brody @webairsagi Chief Technology Officer Leverage new technologies to: 1) Improve traditional DDoS monitoring & mitigation 2) Enhance
More informationProactive Recovery in a Byzantine-Fault-Tolerant System
Proactive Recovery in a Byzantine-Fault-Tolerant System Miguel Castro and Barbara Liskov Laboratory for Computer Science, Massachusetts Institute of Technology, 545 Technology Square, Cambridge, MA 02139
More informationA definition. Byzantine Generals Problem. Synchronous, Byzantine world
The Byzantine Generals Problem Leslie Lamport, Robert Shostak, and Marshall Pease ACM TOPLAS 1982 Practical Byzantine Fault Tolerance Miguel Castro and Barbara Liskov OSDI 1999 A definition Byzantine (www.m-w.com):
More informationCybersecurity Risk Mitigation: Protect Your Member Data. Introduction
Cybersecurity Risk Mitigation: Protect Your Member Data Presented by Matt Mitchell, CISSP Knowledge Consulting Group Introduction Matt Mitchell- Director Risk Assurance 17 years information security experience
More informationTwo New Protocols for Fault Tolerant Agreement
Two New Protocols for Fault Tolerant Agreement Poonam Saini 1 and Awadhesh Kumar Singh 2, 1,2 Department of Computer Engineering, National Institute of Technology, Kurukshetra, India nit.sainipoonam@gmail.com,
More informationCriticality and Robustness in Wireless Sensor Networks
Criticality and Robustness in Wireless Sensor Networks Bhaskar Krishnamachari Autonomous Networks Research Group Department of Electrical Engineering University of Southern California NSF Workshop on Critical
More information6 Critical Reasons for Office 365 Backup. The case for why organizations need to protect Office 365 data
6 Critical Reasons for Office 365 Backup The case for why organizations need to protect Office 365 data 2 Introduction Do you have control of your Office 365 data? Do you have access to all the items you
More informationToday: Fault Tolerance. Failure Masking by Redundancy
Today: Fault Tolerance Agreement in presence of faults Two army problem Byzantine generals problem Reliable communication Distributed commit Two phase commit Three phase commit Failure recovery Checkpointing
More informationConsensus in Distributed Systems. Jeff Chase Duke University
Consensus in Distributed Systems Jeff Chase Duke University Consensus P 1 P 1 v 1 d 1 Unreliable multicast P 2 P 3 Consensus algorithm P 2 P 3 v 2 Step 1 Propose. v 3 d 2 Step 2 Decide. d 3 Generalizes
More informationFault Tolerance. Basic Concepts
COP 6611 Advanced Operating System Fault Tolerance Chi Zhang czhang@cs.fiu.edu Dependability Includes Availability Run time / total time Basic Concepts Reliability The length of uninterrupted run time
More informationABSTRACT. Web Service Atomic Transaction (WS-AT) is a standard used to implement distributed
ABSTRACT Web Service Atomic Transaction (WS-AT) is a standard used to implement distributed processing over the internet. Trustworthy coordination of transactions is essential to ensure proper running
More informationPreliminary Specification of Services and Protocols
Preliminary Specification of Services and Protocols Nuno Neves Paulo Verissimo (editors) DI FCUL TR 08 3 January 2008 Departamento de Informática Faculdade de Ciências da Universidade de Lisboa Campo Grande,
More informationOn the Internet, nobody knows you re a dog.
On the Internet, nobody knows you re a dog. THREATS TO DISTRIBUTED APPLICATIONS 1 Jane Q. Public Big Bank client s How do I know I am connecting to my bank? server s Maybe an attacker...... sends you phishing
More informationCritical Systems. Objectives. Topics covered. Critical Systems. System dependability. Importance of dependability
Objectives Critical Systems To explain what is meant by a critical system where system failure can have severe human or economic consequence. To explain four dimensions of dependability - availability,
More informationData Consistency and Blockchain. Bei Chun Zhou (BlockChainZ)
Data Consistency and Blockchain Bei Chun Zhou (BlockChainZ) beichunz@cn.ibm.com 1 Data Consistency Point-in-time consistency Transaction consistency Application consistency 2 Strong Consistency ACID Atomicity.
More informationZZ: Cheap Practical BFT using Virtualization
University of Massachusetts, Technical Report TR14-08 1 ZZ: Cheap Practical BFT using Virtualization Timothy Wood, Rahul Singh, Arun Venkataramani, and Prashant Shenoy Department of Computer Science, University
More informationRUAG Cyber Security Understand Cyber. Protect Values.
RUAG Cyber Security Understand Cyber. Protect Values. Your Cyber Security maturity depends on your awareness and the appropriate behaviour of every single user. RUAG Cyber Security empowers and efficiently
More informationor? Paxos: Fun Facts Quorum Quorum: Primary Copy vs. Majority Quorum: Primary Copy vs. Majority
Paxos: Fun Facts Quorum Why is the algorithm called Paxos? Leslie Lamport described the algorithm as the solution to a problem of the parliament on a fictitious Greek island called Paxos Many readers were
More informationRefinement and Optimization of Streaming Architectures. Don Batory and Taylor Riché Department of Computer Science University of Texas at Austin
Refinement and Optimization of Streaming Architectures Don Batory and Taylor Riché Department of Computer Science University of Texas at Austin 1 Introduction Model Driven Engineering (MDE) is paradigm
More informationResilient State Machine Replication
Resilient State Machine Replication Paulo Sousa Nuno Ferreira Neves Paulo Veríssimo DI FCUL TR 05 17 September 2005 Departamento de Informática Faculdade de Ciências da Universidade de Lisboa Campo Grande,
More informationABOUT US SECURITY. A Legacy of Providing Solutions. Protecting Your Data
RnD Consulting LLC 957 Route 33 PMB 143 Hamilton Square, NJ 08690 Tel. (800) 949-8215 Fax. (609) 586-1712 mike@rndconsultingnj.com josh@rndconsultingnj.com ABOUT US A Legacy of Providing Solutions With
More informationBeyond Firewalls: The Future Of Network Security
Beyond Firewalls: The Future Of Network Security XChange University: IT Security Jennifer Blatnik 20 August 2016 Security Trends Today Network security landscape has expanded CISOs Treading Water Pouring
More informationCyber Resiliency & Agility Call to Action
Cyber Resiliency & Agility Call to Action MITRE Resiliency Workshop May 31, 2012 Suzanne Hassell Engineering Fellow Raytheon Network Centric Systems shassell@raytheon.com Copyright 2012 Raytheon Company.
More informationFAULT TOLERANCE. Fault Tolerant Systems. Faults Faults (cont d)
Distributed Systems Fö 9/10-1 Distributed Systems Fö 9/10-2 FAULT TOLERANCE 1. Fault Tolerant Systems 2. Faults and Fault Models. Redundancy 4. Time Redundancy and Backward Recovery. Hardware Redundancy
More informationFault Tolerance. Distributed Systems. September 2002
Fault Tolerance Distributed Systems September 2002 Basics A component provides services to clients. To provide services, the component may require the services from other components a component may depend
More informationNetwork Protocols. Sarah Diesburg Operating Systems CS 3430
Network Protocols Sarah Diesburg Operating Systems CS 3430 Protocol An agreement between two parties as to how information is to be transmitted A network protocol abstracts packets into messages Physical
More informationSurvey of Cyber Moving Targets. Presented By Sharani Sankaran
Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber moving target technique refers to any technique that attempts to defend a system and increase the complexity of
More informationAsynchronous Proactive Cryptosystems without Agreement
Asynchronous Proactive Cryptosystems without Agreement Stas Jarecki (UC Irvine) Bartosz Przydatek (ETH Zurich, Switzerland) Reto Strobl (Google, Switzerland) 1 Proactive Cryptosystems Motivation: weakest
More informationTowards a Practical Survivable Intrusion Tolerant Replication System
Towards a Practical Survivable Intrusion Tolerant Replication System Marco Platania, Daniel Obenshain, Thomas Tantillo, Ricky Sharma, Yair Amir Department of Computer Science at Johns Hopkins University
More informationRecovering from a Crash. Three-Phase Commit
Recovering from a Crash If INIT : abort locally and inform coordinator If Ready, contact another process Q and examine Q s state Lecture 18, page 23 Three-Phase Commit Two phase commit: problem if coordinator
More informationCyber Security Maturity Model
Cyber Security Maturity Model Robert Lentz Former DoD CISO / Deputy Assistant Secretary Cyber Facts Facts About About Intrusions Intrusions 2 Verizon 2010 Data Breach Investigation Report WHO IS BEHIND
More informationAPPLICATION AWARE FOR BYZANTINE FAULT TOLERANCE
APPLICATION AWARE FOR BYZANTINE FAULT TOLERANCE HUA CHAI Master of Science in Electrical Engineering Cleveland State University 12, 2009 submitted in partial fulfillment of requirements for the degree
More informationPeer-to-peer Sender Authentication for . Vivek Pathak and Liviu Iftode Rutgers University
Peer-to-peer Sender Authentication for Email Vivek Pathak and Liviu Iftode Rutgers University Email Trustworthiness Sender can be spoofed Need for Sender Authentication Importance depends on sender Update
More informationByzantine Techniques
November 29, 2005 Reliability and Failure There can be no unity without agreement, and there can be no agreement without conciliation René Maowad Reliability and Failure There can be no unity without agreement,
More informationState Transfer for Hypervisor-Based Proactive Recovery of Heterogeneous Replicated Services
State Transfer for Hypervisor-Based Proactive Recovery of Heterogeneous Replicated Services Tobias Distler Rüdiger Kapitza Friedrich-Alexander University Erlangen-Nuremberg, Germany {distler,rrkapitz}@cs.fau.de
More informationInternet of Things (IoT) Attacks. The Internet of Things (IoT) is based off a larger concept; the Internet of Things came
Victoria Ellsworth Dr. Ping Li ICTN 4040 04/11/17 Internet of Things (IoT) Attacks The Internet of Things (IoT) is based off a larger concept; the Internet of Things came from idea of the Internet of Everything.
More informationProactive and Reactive View Change for Fault Tolerant Byzantine Agreement
Journal of Computer Science 7 (1): 101-107, 2011 ISSN 1549-3636 2011 Science Publications Proactive and Reactive View Change for Fault Tolerant Byzantine Agreement Poonam Saini and Awadhesh Kumar Singh
More informationTradeoffs in Byzantine-Fault-Tolerant State-Machine-Replication Protocol Design
Tradeoffs in Byzantine-Fault-Tolerant State-Machine-Replication Protocol Design Michael G. Merideth March 2008 CMU-ISR-08-110 School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213
More informationLow-Latency Network-Scalable Byzantine Fault-Tolerant Replication 12th EuroSys Doctoral Workshop (EuroDW 2018)
Low-Latency Network-Scalable Byzantine Fault-Tolerant tion 12th EuroSys Doctoral Workshop (EuroDW 2018) Ines Messadi, TU Braunschweig, Germany, 2018-04-23 New PhD student (Second month) in the distributed
More informationA SECURE DOMAIN NAME SYSTEM BASED ON INTRUSION TOLERANCE
Proceedings of the Seventh International Conference on Learning and Cybernetics, Kunming, 12-15 July 2008 A SECURE DOMAIN NAME SYSTEM BASED ON INTRUSION TOLERANCE WEI ZHOU 1, 2, LIU CHEN 3, 4 1 School
More informationCyber Security Experts Association of Nigeria (CSEAN) CYBER SECURE NIGERIA 2016 Conference
Cyber Security Experts Association of Nigeria (CSEAN) CYBER SECURE NIGERIA 2016 Conference Threat of Cyber- Terrorism to Critical Infrastructures Presented by Iyke Ezeugo Cyber-warfare Strategist Definitions
More informationInternational Journal of Advanced Research in Computer Science and Software Engineering
Volume 2, Issue 9, September 2012 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Backup Two
More informationMENCIUS: BUILDING EFFICIENT
MENCIUS: BUILDING EFFICIENT STATE MACHINE FOR WANS By: Yanhua Mao Flavio P. Junqueira Keith Marzullo Fabian Fuxa, Chun-Yu Hsiung November 14, 2018 AGENDA 1. Motivation 2. Breakthrough 3. Rules of Mencius
More informationDesigning Modular and Redundant Cyber Architectures for Process Control: Lessons learned
Designing Modular and Redundant Cyber Architectures for Process Control: Lessons learned Paulo Verissimo Alysson Neves Bessani Miguel Correia Nuno Ferreira Neves Paulo Sousa Universidade de Lisboa, Faculdade
More informationAutomatic Reconfiguration for Large-Scale Reliable Storage Systems
Automatic Reconfiguration for Large-Scale Reliable Storage Systems The MIT Faculty has made this article openly available. Please share how this access benefits you. Your story matters. Citation As Published
More informationZero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection
Zero Trust on the Endpoint Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection March 2015 Executive Summary The Forrester Zero Trust Model (Zero Trust) of information
More informationTowards a Practical Survivable Intrusion Tolerant Replication System
Towards a Practical Survivable Intrusion Tolerant Replication System Marco Platania, Daniel Obenshain, Thomas Tantillo, Ricky Sharma, Yair Amir Department of Computer Science at Johns Hopkins University
More informationModelling Cyber Security Risk Across the Organization Hierarchy
Modelling Cyber Security Risk Across the Organization Hierarchy Security issues have different causes and effects at different layers within the organization one size most definitely does not fit all.
More informationAS distributed systems develop and grow in size,
1 hbft: Speculative Byzantine Fault Tolerance With Minimum Cost Sisi Duan, Sean Peisert, Senior Member, IEEE, and Karl N. Levitt Abstract We present hbft, a hybrid, Byzantine fault-tolerant, ted state
More informationByzantine Failures. Nikola Knezevic. knl
Byzantine Failures Nikola Knezevic knl Different Types of Failures Crash / Fail-stop Send Omissions Receive Omissions General Omission Arbitrary failures, authenticated messages Arbitrary failures Arbitrary
More information