Distributed Computing, vol. 17, n. 3, pp. 237--249, March 2005.
Keywords: Byzantine fault tolerance, intrusion tolerance, distributed systems models, distributed algorithms, consensus
The application of the tolerance paradigm to security -- intrusion tolerance -- has been raising a reasonable amount of attention in the dependability and security communities. In this paper we present a novel approach to intrusion tolerance. The idea is to use privileged components -- generically designated by wormholes -- to support the execution of intrusion-tolerant protocols, often called Byzantine-resilient in the literature.
The paper introduces the design of wormhole-aware intrusion-tolerant protocols using a classical distributed systems problem: consensus. The system where the consensus protocol runs is mostly asynchronous and can fail in an arbitrary way, except for the wormhole, which is secure and synchronous. Using the wormhole to execute a few critical steps, the protocol manages to have a low time complexity: in the best case, it runs in two rounds, even if some processes are malicious. The protocol also shows how often theoretical partial synchrony assumptions can be substantiated in practical distributed systems. The paper shows the significance of the TTCB as an engineering paradigm, since the protocol manages to be simple when compared with other protocols in the literature.