Abstract
Today’s information systems are expected to be highly available and trustworthy — that is, they are accessible at any time a user wants to, they always provide correct services, and they never reveal confidential information to an unauthorized party. To meet such high expectations, the system must be carefully designed and implemented, and rigorously tested (for intrusion prevention). However, considering the intense pressure for short development cycles and the widespread use of commercial off-the-shelf software components, it is not surprising that software systems are notoriously imperfect. The vulnerabilities due to insufficient design and poor implementation are often exploited by adversaries to cause a variety of damages, for example, crashing of the system, leaking of confidential information, modifying or deleting of critical data, or injecting of erroneous information into a system. This observation prompted the research on intrusion tolerance techniques (Castro & Liskov, 2002; Deswarte, Blain, & Fabre, 1991; Verissimo, Neves, & Correia, 2003; Yin, Martin, Venkataramani, Alvisi, & Dahlin, 2003). Such techniques can tolerate intrusion attacks in two respects: (1) a system continues providing correct services (may be with reduced performance), and (2) no confidential information is revealed to an adversary. The former can be achieved by using the replication techniques, as long as the adversary can only compromise a small number of replicas. The latter is often built on top of secrete sharing and threshold cryptography techniques. Plain replication is often perceived to reduce the confidentiality of a system, because there are more identical copies available for penetration. However, if replication is integrated properly with secrete sharing and threshold cryptography, both availability and confidentiality can be enhanced.
TopBackground
In this section, we introduce some basic security and dependability concepts and techniques related to intrusion tolerance. A secure information system is one that exhibits the following properties (Pfleeger & Pfleeger, 2002):
- •
Confidentiality: Only authorized users have access to the information.
- •
Integrity: The information can be modified only by authenticated users in authorized ways. Any unauthorized modification can be detected.
- •
Availability: The information is available whenever a legitimate user wants to access it.
Confidentiality is often ensured by using encryption, authentication, and access control. Encryption is a reversible process that scrambles a piece of plaintext into something uninterpretable. Encryption is often parameterized with a security key. To decrypt, the same or a different security key is needed. Authentication is the procedure to verify the identity of a user that wants to access confidential data. Access control is used to restrict what an authenticated user can access.
Information integrity can be protected by using secure hash functions, message authentication code (MAC), and digital signatures. For data stored locally, including the application binary files, a checksum is often used as a way to check data integrity. The checksum can be generated by applying a one-way secure hash transformation on the data. Before the data is accessed, one can verify its integrity by recomputing the checksum and comparing it with the original one. The integrity of a message transmitted over the network can be guarded by a MAC. A MAC is generated by hashing on both the original message and a shared secret key. If it is tampered with, the message can be detected in a way similar to that for the checksum. For stronger protection, a message can be signed by the sender. A digital signature is produced by first hashing the message using a secure hash function, and then encrypting the hash using the sender’s private key.
Key Terms in this Chapter
Fragmentation Redundancy Scattering: A secret sharing scheme that involves the following three steps: fragmenting a file, replicating each fragment, and distributing the replicated fragments to different storage sites.
(k, n) Thread Scheme: A secret is divided into n shares. To reconstruct the secret, at least k shares are needed. No useful information can be obtained from k-1 shares.
Replica Consistency: The states of the replicas of an application should remain identical at the end of the processing of each request. Replica consistency is necessary to mask a fault in some replicas.
Byzantine Quorum System: A system offering read and write services to its clients on a set of replicated data items. A read operation retrieves data from a quorum of correct replicas, and a write operation applies the update to a quorum of correct replicas. Any two quorums must overlap by at least one correct replica.
Threshold Cryptography: Security operations such as encryption, decryption, signature generation, and verification can be performed by a group of processes without reconstructing the shared secret. Threshold cryptography utilizes (k, n) threshold schemes internally.
Byzantine Fault Tolerance: A replication-based technique used to ensure high availability of an application subject to Byzantine fault.
Byzantine Fault: Used to model arbitrary fault. A Byzantine faulty process might send conflicting information to other processes to prevent them from reaching an agreement.