Building survivable services using redundancy and adaptation

IEEE Transactions on Computers

Volumn 52, Issue 2, 2003, Pages 181-194

  Hiltunen, Matti A ^a   Schlichting, Richard D ^a   Ugarte, Carlos A ^b  

^a AT AND T LABS RESEARCH   (United States)

^b University of Arizona   (United States)

Author keywords

Adaptation; Dependability; Distributed systems; Intrusion tolerance; Redundancy; Survivability; Trustworthiness

Indexed keywords

ADAPTIVE ALGORITHMS; DISTRIBUTED COMPUTER SYSTEMS; INTERNET; NETWORK PROTOCOLS; REDUNDANCY; SECURITY SYSTEMS; SOFTWARE PROTOTYPING;

INTRUSION TOLERANCE;

ADAPTIVE SYSTEMS;

EID: 0037325751     PISSN: 00189340     EISSN: None     Source Type: Journal    
DOI: 10.1109/TC.2003.1176985     Document Type: Article

References (53)

1. M. Abadi and R. Needham, "Prudent Engineering Practice for Cryptographic Protocols," IEEE Trans. Software Eng., vol. 22, no. 1, pp. 6-15, Jan. 1996.
2. W. Aiello, M. Bellare, G. Di Crescenzo, and R. Venkatesan, "Security Amplification by Composition: The Case of Double-Iterated, Ideal Ciphers," Proc. Advances in Cryptology: Crypto '98, H. Krawczyk, ed., 1998.
3. R. Anderson and R. Needham, "Robustness Principles for Public Key Protocols," Proc. Crypto '95, pp. 236-247, 1995.
4. M. Barbacci, "Survivability in the Age of Vulnerable Systems," Computer, vol. 29, no. 11, p. 8, Nov. 1996.
5. P. Bell and K. Jabbour, "Review of Point-to-Point Network Routing Algorithms," IEEE Comm. Magazine, vol. 24, no. 1, pp. 34-38, 1986.
6. N. Bhatti, M. Hiltunen, R. Schlichting, and W. Chiu, "Coyote: A System for Constructing Fine-Grain Configurable Communication Services," ACM Trans. Computer Systems, vol. 16, no. 4, pp. 321-366, Nov. 1998.
7. L. Blain and Y. Deswarte, "Intrusion-Tolerant Security Server for Delta-4," Proc. ESPRIT '90 Conf., pp. 355-370, Nov. 1990.
8. P. Brutch, T. Brutch, and U. Pooch, "Electronic Quarantine: An Automated Intruder Response Tool," Proc. Information Survivability Workshop 1998, pp. 23-27, Oct. 1998.
9. K. Campbell and M. Wiener, "DES Is Not a Group," Advances in Cryptology - CRYPTO '92, E. Brickell, ed., pp. 512-520, Aug. 1992.
10. I. Chang, M. Hiltunen, and R. Schlichting, "Affordable Fault Tolerance through Adaptation.," Parallel and Distributed Processing, J. Rolin, ed., pp. 585-603, Springer, Apr. 1998.
11. W.-K. Chen, M. Hiltunen, and R. Schlichting, "Constructing Adaptive Software in Distributed Systems," Proc. 21st Int'l Conf. Distributed Computing Systems, pp. 635-643, Apr. 2001.
12. W. Cheswick and S. Bellovin, Firewalls and Internet Security. Reading, Mass.: Addison-Wesley, 1994.
13. M. Choi and C. Krishna, "An Adaptive Algorithm to Ensure Differential Service in a Token-Ring Network," IEEE Trans. Computers, vol. 39, no. 1, pp. 19-33, Jan. 1990.
14. F. Cohen et al., "Deception Toolkit," http:///www.all.net/dtk/, 1999.
15. F. Cristian, H. Aghili, R. Strong, and D. Dolev, "Atomic Broadcast: From Simple Message Diffusion to Byzantine Agreement," Proc. 15th Symp. Fault-Tolerant Computing, pp. 200-206, June 1985.
16. M. Cukier, J. Lyons, P. Pandey, H. Ramasamy, W. Sanders, P. Pal, F. Webber, R. Schantz, J. Loyall, R. Watro, M. Atighetchi, and J. Gossett, "Intrusion Tolerance Approaches in ITUA," FastAbstract in Supplement of the 2001 Int'l Conf. Dependable Systems and Networks, pp. 64-65, July 2001.
17. J. Daemen and V. Rijmen, "The Block Cipher Rijndael," Smart Card Research and Applications, J.-J. Quisquater and B. Schneier, eds., pp. 288-296, Springer-Verlag, 2000.
18. D. Denning, "An Intrusion-Detection Model," IEEE Trans. Software Eng., vol. 13, no. 2, pp. 222-232, Feb. 1987.
19. Y. Desmedt and Y. Frankel, "Threshold Cryptosystems," Proc. Advances in Cryptology Crypto '89, G. Brassard, ed., pp. 307-315, 1990.
20. Y. Deswarte, J.-C. Fabre, J.-M. Fray, D. Powell, and P.-G. Ranea, "Saturne: A Distributed Computing System which Tolerates Faults and Intrusions," Proc. Workshop Future Trends of Distributed Computing Systems, pp. 329-338, Sept. 1990.
21. T. Dierks and C. Allen, "The TLS Protocol, version 1.0," RFC (Standards Track) 2246, Jan. 1999.
22. W. Diffie and M. Hellman, "New Directions in Cryptography," IEEE Trans. Information Theory, vol. 22, no. 6, pp. 644-654, 1976.
23. J.-C. Fabre, Y. Deswarte, and B. Randell, "Designing Secure and Reliable Applications Using Fragmentation-Redundancy-Scattering: An Object-Oriented Approach," Proc. First European Dependable Computing Conf., pp. 21-38, Oct. 1994.
24. A. Fox, S. Gribble, E. Brewer, and E. Amir, "Adapting to Network and Client Variation via On-Demand, Dynamic Distillation," Proc. Seventh Architectural Support for Programming Languages and Operating Systems (ASPLOS) Conf., Oct. 1996.
25. J. Fraga and D. Powell, "A Fault and Intrusion-Tolerant File System," Proc. IFIP Third Int'l Conf. Computer Security, pp. 203-218, 1985.
26. J. Fray, Y. Deswarte, and D. Powell, "Intrusion-Tolerance Using Fine-Grain Fragmentation-Scattering," Proc. 1998 IEEE Symp. Security and Privacy, pp. 194-201, Apr. 1986.
27. J. Goldberg, I. Greenberg, and T. Lawrence, "Adaptive Fault Tolerance," Proc. IEEE Workshop Advances in Parallel and Distributed Systems, pp. 127-132, Oct, 1993.
28. P. Gutmann, "Cryptlib," Dept. of Computer Science, Univ. of Auckland, 1998.
29. M. Hiltunen, "Configuration Management for Highly-Customizable Software," IEE Proc.: Software, vol. 145, no. 5, pp. 180-188, Oct. 1998.
30. M. Hiltunen and R. Schlichting, "Constructing a Configurable Group RPC Service," Proc. 15th Int'l Conf. Distributed Computing Systems, pp. 288-295, May 1995.
31. M. Hiltunen and R. Schlichting, "Adaptive Distributed and Fault-Tolerant Systems," Computer Systems Science and Eng., vol. 11, no. 5, pp. 125-133, Sept. 1996.
32. M. Hiltunen and R. Schlichting, "A Configurable Membership Service," IEEE Trans. Computers, vol. 47, no. 5, pp. 573-586, May 1998.
33. M. Hiltunen, R. Schlichting, X. Han, M. Cardozo, and R. Das, "Real-Time Dependable Channels: Customizing QoS Attributes for Distributed Systems," IEEE Trans. Parallel and Distributed Systems, vol. 10, no. 6, pp. 600-612, June 1999.
34. N. Hutchinson and L. Peterson, "The x-Kernel: An Architecture for Implementing Network Protocols," IEEE Trans. Software Eng., vol. 17, no. 1, pp. 64-76, Jan. 1991.
35. V. Jacobson, "Congestion Avoidance and Control," Proc. SIGCOMM '88 Symp., pp. 314-332, Aug. 1988.
36. S. Jha and J. Wing, "Survivability Analysis on Networked Systems," Proc. 23rd Int'l Conf. Software Eng. (ICSE 2001), pp. 307-317, 2001.
37. E. Jonsson and T. Olovsson, "A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior," IEEE Trans. Software Eng., vol. 23, no. 4, pp. 235-245, Apr. 1997.
38. S. Kent and R. Atkinson, "Security Architecture for the Internet Protocol," RFC (Standards Track) 2401, Nov. 1998.
39. H. Kiliccote and P. Khosla, "Borg: A Scalable and Secure Distributed Information System," Proc. Information Survivability Workshop 1998, pp. 101-105, Oct. 1998.
40. Dependability: Basic Concepts and Terminology, J.C. Laprie, ed. Vienna: Springer-Verlag, 1992.
41. P. McDaniel, A. Prakash, and P. Honeyman, "Antigone: A Flexible Framework for Secure Group Communication," Proc. Eighth USENIX Security Symp., pp. 99-114, Aug. 1999.
42. R. Merkle and M. Hellman, "On the Security of Multiple Encryption," Comm. ACM, vol. 24, no. 7, pp. 465-467, July 1981.
43. B. Neuman and T. Ts'o, "Kerberos: An Authentication Service for Computer Networks," IEEE Comm. Magazine, vol. 32, no. 9, pp. 33-38, Sept. 1994.
44. P. Neumann and P. Porras, "Experience with EMERALD to Date," Proc. First USENIX Workshop Intrusion Detection and Network Monitoring, Apr. 1999.
45. P. Nikander and A. Karila, "A Java Beans Component Architecture for Cryptographic Protocols," Proc. Seventh USENIX Security Symp., Jan. 1998.
46. H. Orman, S. O'Malley, R. Schroeppel, and D. Schwartz, "Paving the Road to Network Security or the Value of Small Cobble-stones," Proc. 1994 Internet Soc. Symp. Network and Distributed System Security, Feb. 1994.
47. R. v Renesse, K. Birman, M. Hayden, A. Vaysburd, and D. Karr, "Building Adaptive Systems Using Ensemble," Software Practice and Experience, vol. 28, no. 9, pp. 963-979, July 1998.
48. R. Rivest, "The MD5 Message-Digest Algorithm," RFC 1321, Apr. 1992.
49. O. Rodeh, K. Birman, M. Hayden, Z. Xiao, and D. Dolev, "The Architecture and Performance of Security Protocols in the Ensemble Group Communication System," Technical Report TR98-1703, Dept. of Computer Science, Cornell Univ., Dec. 1998.
50. W. Sanders, M. Cukier, F. Webber, P. Pal, and R. Watro, "Probabilistic Validation of Intrusion Tolerance," FastAbstract in Supplement of the 2002 Int'l Conf. Dependable Systems and Networks, pp. B 78-79, June 2002.
51. Trust in Cyberspace, F. Schneider, ed. Washington, D.C: Committee on Information Systems Trustworthiness, Nat'l Research Council, Nat'l Academy Press, Sept. 1998.
52. J. Steiner, C. Neuman, and J. Schiller, "Kerberos: An Authentication Service for Open Network Systems," USENIX Conf. Proc., pp. 191-202, Winter 1988.
53. J. Voas, G. McGraw, and A. Ghosh, "Reducing Uncertainty about Survivability," Proc. 1997 Information Survivability Workshop, Feb. 1997.