Author(s):
Henriques, Miguel Garcia Tavares
Date: 2019
Persistent ID: http://hdl.handle.net/10451/42283
Origin: Repositório da Universidade de Lisboa
Project/scholarship:
info:eu-repo/grantAgreement/FCT/SFRH/SFRH%2FBD%2F84375%2F2012/PT;
info:eu-repo/grantAgreement/EC/FP7/257475/EU;
info:eu-repo/grantAgreement/EC/H2020/700692/EU;
Subject(s): Diversity; Vulnerabilities; Operating Systems; Intrusion Tolerance; Rejuvenations; Diversidade; Vulnerabilidades; Sistemas Operativos; Tolerância a Intrusões; Rejuvenescimento; Domínio/Área Científica::Ciências Naturais::Ciências da Computação e da Informação
Description
Over the past 20 years, there have been indisputable advances on the development of Byzantine Fault-Tolerant (BFT) replicated systems. These systems keep operational safety as long as at most f out of n replicas fail simultaneously. Therefore, in order to maintain correctness it is assumed that replicas do not suffer from common mode failures, or in other words that replicas fail independently. In an adversarial setting, this requires that replicas do not include similar vulnerabilities, or otherwise a single exploit could be employed to compromise a significant part of the system. The thesis investigates how this assumption can be substantiated in practice by exploring diversity when managing the configurations of replicas. The thesis begins with an analysis of a large dataset of vulnerability information to get evidence that diversity can contribute to failure independence. In particular, we used the data from a vulnerability database to devise strategies for building groups of n replicas with different Operating Systems (OS). Our results demonstrate that it is possible to create dependable configurations of OSes, which do not share vulnerabilities over reasonable periods of time (i.e., a few years). Then, the thesis proposes a new design for a firewall-like service that protects and regulates the access to critical systems, and that could benefit from our diversity management approach. The solution provides fault and intrusion tolerance by implementing an architecture based on two filtering layers, enabling efficient removal of invalid messages at early stages in order to decrease the costs associated with BFT replication in the later stages. The thesis also presents a novel solution for managing diverse replicas. It collects and processes data from several data sources to continuously compute a risk metric. Once the risk increases, the solution replaces a potentially vulnerable replica by another one, trying to maximize the failure independence of the replicated service. Then, the replaced replica is put on quarantine and updated with the available patches, to be prepared for later re-use. We devised various experiments that show the dependability gains and performance impact of our prototype, including key benchmarks and three BFT applications (a key-value store, our firewall-like service, and a blockchain).
Unidade de investigação LASIGE (UID/CEC/00408/2019) e o projeto PTDC/EEI-SCR/1741/2041 (Abyss)
