OS diversity for intrusion tolerance: Myth or reality?

One of the key benefits of using intrusion-tolerant systems is the possibility of ensuring correct behavior in the presence of attacks and intrusions. These security gains are directly dependent on the components exhibiting failure diversity. To what extent failure diversity is observed in practical deployment depends on how diverse are the components that constitute the system. In this paper we present a study with operating systems (OS) vulnerability data from the NIST National Vulnerability Database. We have analyzed the vulnerabilities of 11 different OSes over a period of roughly 15 years, to check how many of these vulnerabilities occur in more than one OS. We found this number to be low for several combinations of OSes. Hence, our analysis provides a strong indication that building a system with diverse OSes may be a useful technique to improve its intrusion tolerance capabilities

Enhancing Fault / Intrusion Tolerance through Design and Configuration Diversity

Fault/intrusion tolerance is usually the only viable way of improving the system dependability and security in the presence of continuously evolving threats. Many of the solutions in the literature concern a specific snapshot in the production or deployment of a fault-tolerant system and no immediate considerations are made about how the system should evolve to deal with novel threats. In this paper we outline and evaluate a set of operating systems’ and applications’ reconfiguration rules which can be used to modify the state of a system replica prior to deployment or in between recoveries, and hence increase the replicas chance of a longer intrusion-free operation

FOREVER: Fault/intrusiOn REmoVal through Evolution & Recovery

The goal of the FOREVER project is to develop a service for Fault/intrusiOn REmoVal through Evolution & Recovery. In order to achieve this goal, our work addresses three main tasks: the definition of the FOREVER service architecture; the analysis of how diversity techniques can improve resilience; and the evaluation of the FOREVER service. The FOREVER service is an important contribution to intrustion-tolerant replication middleware and significantly enhances the resilience

Quer Pagar Quanto? Uma Comparação de Custos de Provedores de Nuvem FaaS

Cada vez mais, desenvolvedores de aplicações para nuvem vêm adotando o modelo de serviço Function-as-a-service (FaaS), no qual o provisionamento e o gerenciamento da infraestrutura ficam a cargo do provedor, liberando o desenvolvedor de tais preocupações e proporcionando elasticidade rápida. A tarifação no modelo FaaS é baseada no número de invocações e no tempo de execução das funções (módulos estanques de código, instanciados sob demanda). Ao vincular a cobrança  efetiva utilização dos recursos, essa modalidade de tarifação aponta para uma redução dos custos para o cliente; ao mesmo tempo, ela reduz a previsibilidade dos custos, especialmente porque estes podem ser afetados por oscilações no tempo de execução. Este trabalho investiga como o desempenho das funções e sua variabilidade influenciam nos custos sob a ótica do cliente de nuvem, considerando diferentes provedores FaaS (AWS Lambda, Azure Functions, Google Cloud Functions e IBM Cloud Functions)

On the Effects of Diversity on Intrusion Tolerance

The security gains of intrusion-tolerant systems are directly dependent on the assumption that system components fail independently of one another. The coverage of this assumption in a real-world deployment depends on how diversity is employed, using, for example, diverse off-the-shelf components. In this paper we detail a study we have done with vulnerability data, reported in the period 1999 to 2007, which we extracted from the NIST National Vulnerability Database. We provide empirical analysis of the data collected as well as exploratory analyses of the potential gains in security from employing diverse operating systems. The modelling approaches presented are of practical significance to system designers wishing to employ diversity with off-the-shelf components since often the vulnerability reports are the only direct security evidence available to the

Um Modelo Analítico de Desempenho para Servidores Web Virtualizados com Xen

A virtualização é uma ferramenta chave para consolidação de servidores, pois permite que cada servidor execute em uma máquina virtual isolada das demais máquinas virtuaisno mesmo hardware, proporcionando a redução de custos. Por outro lado, o desempenho dos servidores virtualizados pode não satisfazer os requisitos de usuários ou aplicações, devido ao compartilhamento de recursos entre MVs. Atualmente, o desempenho de servidores em ambientesde virtualização precisa ser avaliado experimentalmente, ou seja, é preciso implantar o servidor em uma máquina virtual para depois verificar se o seu desempenho é adequado. Visando preencher esta lacuna, este trabalho propõe um modelo analítico de desempenho para servidores webvirtualizados no ambiente Xen. Os resultados obtidos na validação do modelo demonstram que ele pode ser usado com sucesso para fins de planejamento de capacidade

How Practical Are Intrusion-Tolerant Distributed Systems?

Building secure, inviolable systems using traditional mechanisms is becoming increasingly an unattainable goal. The recognition of this fact has fostered the interest in alternative approaches to security such as intrusion tolerance, which applies fault tolerance concepts and techniques to security problems. Albeit this area is quite promising, intrusion-tolerant distributed systems typically rely on the assumption that the system components fail or are compromised independently. This is a strong assumption that has been repeatedly questioned. In this paper we discuss how this assumption can be implemented in practice using diversity of system components. We present a taxonomy of axes of diversity and discuss how they provide failure independence. Furthermore, we provide a practical example of an intrusion-tolerant system built using diversity

Level of Service Method for Brazilian Toll Plazas

AbstractThis paper proposes a method for analyzing level of service of toll plazas. Toll plazas scenarios were developed and evaluated through a qualitative research by toll plaza users from different Brazilian states, and by technical staff from regulating agencies and from the concessionaires responsible for toll plazas operation. The results indicate that queue length at toll booths has a strong influence on the quality of service of toll plazas as perceived by all groups. A level of service classification for toll plazas is proposed, relating the quality perceived by the different groups to the average queue length at toll booths

A Security Scheme for Mobile Agent Platforms in Large-Scale Systems

Abstract. Mobile agents have recently started being deployed in largescale distributed systems. However, this new technology brings some security concerns of its own. In this work, we propose a security scheme for protecting mobile agent platforms in large-scale systems. This scheme comprises a mutual authentication protocol for the platforms involved, a mobile agent authenticator, and a method for generation of protection domains. It is based on SPKI/SDSI chains of trust, and takes advantage of the flexibility of the SPKI/SDSI certificate delegation infrastructure to provide decentralized authorization and authentication control.