“Diverse OS Rejuvenation for Intrusion Tolerance”
in Poster in Supplement of the IEEE/IFIP International Conference on Dependable Systems and Networks, Jun. 2011.
Abstract: Proactive recovery is technique that periodically rejuvenates the components of a replicated system. When used in the context of intrusion-tolerant systems, in which faulty replicas may be under control of some adversary, it allows the removal of intrusions from the compromised replicas. However, since the set of vulnerabilities remains the same, the adversary can take advantage of the previously acquired knowledge and rapidly exploit them to take over the system. To address this problem, we propose that after each recovery a replica starts to run a different (or diverse) software. As we will explain, the selection of the new replica configuration is a non-trivial problem, since we would like to to maximize the diversity of the system under the constraint of the available configurations.
Research line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)