Giuliana Teixeira dos Santos Veronese

1
3rd ALßAN Conference
Proposta de Tese para a Prova de Qualificação
Intrusion-Tolerant Replication for Large-Scale
Networks
Giuliana Teixeira dos Santos Veronese Advisors
Miguel Pupo Correia Lau Cheuk Lung
Faculdade de Ciências da Universidade de Lisboa
2
Intrusion Tolerance

• The complexity of current computer systems have
  been causing an immense number of
  vulnerabilities.
• The number of cyber-attacks has been growing
  making computer security as a whole an important
  research challenge
• Intrusion tolerance (IT) has been proposed as a
  new paradigm for computer system security
• The idea is apply the fault tolerance paradigm in
  domain of system security
• Malicious faults can never be entirely prevented

3
Intrusion Tolerance

• Replicas can not share the same vulnerabilities,
  otherwise causing intrusions in all the replicas
  would be almost the same as in a single one.
• Replicas should have a different
  hardware/software and to be deployed in different
  sites across a wide-area network

Clients
Servers
Interconnected by a network Communicate by
message-passing Byzantine Fault Tolerant
algorithms
4
Byzantine Fault Tolerance (3f1)

• Enables a system to continue operating properly
  in the event of the accidental or malicious
  faults of some of its components.

Clients
Servers
Primary
5
Problems

• A majority of the servers must be non-faulty to
  do voting on the output of the servers. However
  in general n 3f 1.
• Additional servers involves additional costs in
  hardware, software and administration
• Large-scale systems are complex, reducing
  replicas means reduce the system complexity
• BFT algorithms perform very well on LANs but
  their message complexity limits their ability to
  scale on WANs

6
Solution Byzantine Fault Tolerance (2f1)
Servers

• Trusted service
• Never assigns the same identifier to two
  different messages
• Replicas are forced to execute to a single
  sequence of operations.
• Unique identifier is externally verifiable

Trusted Service Monotonic counter 1,2,3,4...
7
PBFT x MinBFT
prepare
pre- prepare
request
commit
reply
request
prepare
commit
reply
Client
Replica 0
Replica 1
Replica 2
Replica 3
(a) PBFT
(b) MinBFT
M. Castro and B. Liskov. Practical Byzantine
Fault Tolerance OSDI99
8
Problem

• A faulty primary can degrade the performance of
  the system to a fraction of what the environment
  allows

Servers
Clients
New Primary
Primary
View-Change
9
Solution Spinning Algorithm

• Changes the primary whenever it defines the order
  of a request, avoiding the performance
  degradation attack

Servers
Clients
Primary
Primary
Primary
Primary
10
Performance Evaluation
Latency (ms)
Throughput op/sec
11
Contribution

• Algorithms are simple and deal with the main
  limitations of current BFT algorithms in WANs.
• MinBFT
• MinZyzyva
• Spinning
• Algorithms are minimal in terms of number of
  replicas, complexity and number of communication
  steps
• These algorithms have better throughput than
  Castro and Liskovs PBFT, and better latency in
  networks with non-negligible communication delays

reduce the number of replicas and communication
steps.
mitigates the performance degradation attacks
and improves the latency and throughput.
12
Publications
Spin Ones Wheels? Byzantine Fault Tolerance with
a Spinning Primary Giuliana Veronese, Miguel
Correia, Alyson Bessani, Lau Lung 28th
International Symposium on Reliable Distributed
Systems (2009) Intrusion Tolerant Active
Replication for Large Scale Networks Giuliana
Veronese 39th Dependable Systems and Networks
student forum (2009) From Crash to Byzantine
Consensus with 2f 1 Processes Giuliana
Veronese, Miguel Correia, Lau Lung 39th
Dependable Systems and Networks (2009) Minimal
Byzantine Fault Tolerance Giuliana Veronese,
Miguel Correia, Alyson Bessani, Lau Lung, Paulo
Veríssimo IEEE Transactions on Computers
(submitted)
13
3rd ALßAN Conference
Proposta de Tese para a Prova de Qualificação
Intrusion-Tolerant Replication for Large-Scale
Networks
Giuliana Teixeira dos Santos Veronese Supervisors
Miguel Pupo Correia Lau Cheuk
Lung Faculdade de Ciências da Universidade de
Lisboa