PhD ThesisThe internet is increasingly used as a means of communication by many businesses.
Online shopping has become an important commercial activity and many governmental
bodies offer services online. Malicious intrusion into these systems can have
major negative consequences, both for the providers and users of these services.
The need to protect against malicious intrusion, coupled with the difficulty of identifying
and removing all possible vulnerabilities in a distributed system, have led to the
use of systems that can tolerate intrusions with no loss of integrity. These systems
require that services be replicated as deterministic state machines, a relatively hard
task in practice, and do not ensure that confidentiality is maintained when one or
more replicas are successfully intruded into.
This thesis presents FORTRESS, a novel intrusion-resilient system that makes use of
proactive obfuscation techniques and cheap off-the-shelf hardware to enhance intrusionresilience.
FORTRESS uses proxies to prevent clients accessing servers directly, and
regular replacement of proxies and servers with differently obfuscated versions. This
maintains both confidentiality and integrity as long as an attacker does not compromise
the system as a whole.
The expected lifetime until system compromise of the FORTRESS system is compared
to those of state machine replicated and primary backup systems when confronted
with an attacker capable of launching distributed attacks against known vulnerabilities.
Thus, FORTRESS is demonstrated to be a viable alternative to building
intrusion-tolerant systems using deterministic state machine replication.
The performance overhead of the FORTRESS system is also evaluated, using both a
general state transfer framework for distributed systems, and a lightweight framework
for large scale web applications. This shows the FORTRESS system has a sufficiently
small performance overhead to be of practical use