Diverse Intrusion-tolerant Systems

Over the past 20 years, there have been indisputable advances on the development of Byzantine Fault-Tolerant (BFT) replicated systems. These systems keep operational safety as long as at most f out of n replicas fail simultaneously. Therefore, in order to maintain correctness it is assumed that replicas do not suffer from common mode failures, or in other words that replicas fail independently. In an adversarial setting, this requires that replicas do not include similar vulnerabilities, or otherwise a single exploit could be employed to compromise a significant part of the system. The thesis investigates how this assumption can be substantiated in practice by exploring diversity when managing the configurations of replicas. The thesis begins with an analysis of a large dataset of vulnerability information to get evidence that diversity can contribute to failure independence. In particular, we used the data from a vulnerability database to devise strategies for building groups of n replicas with different Operating Systems (OS). Our results demonstrate that it is possible to create dependable configurations of OSes, which do not share vulnerabilities over reasonable periods of time (i.e., a few years). Then, the thesis proposes a new design for a firewall-like service that protects and regulates the access to critical systems, and that could benefit from our diversity management approach. The solution provides fault and intrusion tolerance by implementing an architecture based on two filtering layers, enabling efficient removal of invalid messages at early stages in order to decrease the costs associated with BFT replication in the later stages. The thesis also presents a novel solution for managing diverse replicas. It collects and processes data from several data sources to continuously compute a risk metric. Once the risk increases, the solution replaces a potentially vulnerable replica by another one, trying to maximize the failure independence of the replicated service. Then, the replaced replica is put on quarantine and updated with the available patches, to be prepared for later re-use. We devised various experiments that show the dependability gains and performance impact of our prototype, including key benchmarks and three BFT applications (a key-value store, our firewall-like service, and a blockchain).Unidade de investigação LASIGE (UID/CEC/00408/2019) e o projeto PTDC/EEI-SCR/1741/2041 (Abyss

Sundarban mangroves: diversity, ecosystem services and climate change impacts

The Bengal delta coast harboring the famous Sundarban mangroves is extremely vulnerable to climate change. Already, salinity intrusion, increasing cyclones and anomalies in rainfall, and temperature, are causing many social and livelihood problems. However, our knowledge on the diversified climate change impacts on Sundarban ecosystems services, providing immense benefits, including foods, shelters, livelihood, and health amenities, is very limited. Therefore, this article has systematically reviewed the major functional aspects, and highlights on biodiversity, ecosystem dynamics, and services of the Sunderban mangroves, with respect to variations in climatic factors. The mangrove ecosystems are highly productive in terms of forest biomass, and nutrient contribution, especially through detritus-based food webs, to support rich biodiversity in the wetlands and adjacent estuaries. Sundarban mangroves also play vital role in atmospheric CO2 sequestration, sediment trapping and nutrient recycling. Sea level rise will engulf a huge portion of the mangroves, while the associated salinity increase is posing immense threats to biodiversity and economic losses. Climate-mediated changes in riverine discharge, tides, temperature, rainfall and evaporation will determine the wetland nutrient variations, influencing the physiological and ecological processes, thus biodiversity and productivity of Sundarban mangroves. Hydrological changes in wetland ecosystems through increased salinity and cyclones will lower the food security, and also induce human vulnerabilities to waterborne diseases. Scientific investigations producing high resolution data to identify Sundarban‟s multidimensional vulnerabilities to various climatic regimes are essential. Sustainable plans and actions are required integrating conservation and climate change adaptation strategies, including promotion of alternative livelihoods. Thus, interdisciplinary approaches are required to address the future climatic disasters, and better protection of invaluable ecosystem services of the Sunderban mangroves.Fil: Neogi, Sucharit Basu. Coastal Development Partnership; Bangladesh. Osaka Prefecture University; Japón. Leibniz Center for Tropical Marine Ecology GmbH; AlemaniaFil: Dey, Mouri. University of Chittagong; BangladeshFil: Lutful Kabir, S. M.. Bangladesh Agricultural University; BangladeshFil: Masum, Syed Jahangir H.. Coastal Development Partnership; BangladeshFil: Kopprio, Germán Adolfo. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - Bahía Blanca. Instituto Argentino de Oceanografía. Universidad Nacional del Sur. Instituto Argentino de Oceanografía; Argentina. Leibniz Center for Tropical Marine Ecology GmbH; AlemaniaFil: Yamasaki, Shinji. Osaka Prefecture University; JapónFil: Lara, Ruben Jose. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - Bahía Blanca. Instituto Argentino de Oceanografía. Universidad Nacional del Sur. Instituto Argentino de Oceanografía; Argentin

Merlin: A Language for Provisioning Network Resources

This paper presents Merlin, a new framework for managing resources in software-defined networks. With Merlin, administrators express high-level policies using programs in a declarative language. The language includes logical predicates to identify sets of packets, regular expressions to encode forwarding paths, and arithmetic formulas to specify bandwidth constraints. The Merlin compiler uses a combination of advanced techniques to translate these policies into code that can be executed on network elements including a constraint solver that allocates bandwidth using parameterizable heuristics. To facilitate dynamic adaptation, Merlin provides mechanisms for delegating control of sub-policies and for verifying that modifications made to sub-policies do not violate global constraints. Experiments demonstrate the expressiveness and scalability of Merlin on real-world topologies and applications. Overall, Merlin simplifies network administration by providing high-level abstractions for specifying network policies and scalable infrastructure for enforcing them

Duo: Software Defined Intrusion Tolerant System Using Dual Cluster

An intrusion tolerant system (ITS) is a network security system that is composed of redundant virtual servers that are online only in a short time window, called exposure time. The servers are periodically recovered to their clean state, and any infected servers are refreshed again, so attackers have insufficient time to succeed in breaking into the servers. However, there is a conflicting interest in determining exposure time, short for security and long for performance. In other words, the short exposure time can increase security but requires more servers to run in order to process requests in a timely manner. In this paper, we propose Duo, an ITS incorporated in SDN, which can reduce exposure time without consuming computing resources. In Duo, there are two types of servers: some servers with long exposure time (White server) and others with short exposure time (Gray server). Then, Duo classifies traffic into benign and suspicious with the help of SDN/NFV technology that also allows dynamically forwarding the classified traffic to White and Gray servers, respectively, based on the classification result. By reducing exposure time of a set of servers, Duo can decrease exposure time on average. We have implemented the prototype of Duo and evaluated its performance in a realistic environment

Software-implemented attack tolerance for critical information retrieval

The fast-growing reliance of our daily life upon online information services often demands an appropriate level of privacy protection as well as highly available service provision. However, most existing solutions have attempted to address these problems separately. This thesis investigates and presents a solution that provides both privacy protection and fault tolerance for online information retrieval. A new approach to Attack-Tolerant Information Retrieval (ATIR) is developed based on an extension of existing theoretical results for Private Information Retrieval (PIR). ATIR uses replicated services to protect a user's privacy and to ensure service availability. In particular, ATIR can tolerate any collusion of up to t servers for privacy violation and up to ƒ faulty (either crashed or malicious) servers in a system with k replicated servers, provided that k ≥ t + ƒ + 1 where t ≥ 1 and ƒ ≤ t. In contrast to other related approaches, ATIR relies on neither enforced trust assumptions, such as the use of tanker-resistant hardware and trusted third parties, nor an increased number of replicated servers. While the best solution known so far requires k (≥ 3t + 1) replicated servers to cope with t malicious servers and any collusion of up to t servers with an O(n^*^) communication complexity, ATIR uses fewer servers with a much improved communication cost, O(n1/2)(where n is the size of a database managed by a server).The majority of current PIR research resides on a theoretical level. This thesis provides both theoretical schemes and their practical implementations with good performance results. In a LAN environment, it takes well under half a second to use an ATIR service for calculations over data sets with a size of up to 1MB. The performance of the ATIR systems remains at the same level even in the presence of server crashes and malicious attacks. Both analytical results and experimental evaluation show that ATIR offers an attractive and practical solution for ever-increasing online information applications

Polder Tidings, Volume 1, Number 1, May 2016

United States Agency for International Developmen