Papers by Alysson Bessani
Computers, IEEE Transactions on, Aug 1, 2009
Open distributed systems are typically composed by an unknown number of processes running in hete... more Open distributed systems are typically composed by an unknown number of processes running in heterogeneous hosts. Their communication often requires tolerance to temporary disconnections and security against malicious actions. Tuple spaces are a well-known coordination model for this kind of systems. They can support communication that is decoupled both in time and space. There are currently several implementations of distributed fault-tolerant tuple spaces but they are not Byzantine-resilient, ie, they do not ...
Proceedings of the 3rd Acm Sigops Eurosys European Conference, 2008
The tuple space coordination model is one of the most interesting coordination models for open di... more The tuple space coordination model is one of the most interesting coordination models for open distributed systems due to its space and time decoupling and its synchronization power. Several works have tried to improve the dependability of tuple spaces through the use of replication for fault tolerance and access control for security. However, many practical applications in the Internet require both fault tolerance and security. This paper describes the design and implementation of DepSpace, a Byzantine fault-tolerant coordination service that provides a tuple space abstraction. The service offered by DepSpace is secure, reliable and available as long as less than a third of service replicas are faulty. Moreover, the content-addressable confidentiality scheme developed for DepSpace bridges the gap between Byzantine fault-tolerant replication and confidentiality of replicated data and can be used in other systems that store critical data.
Building secure, inviolable systems using traditional mechanisms is becoming increasingly an unat... more Building secure, inviolable systems using traditional mechanisms is becoming increasingly an unattainable goal. The recognition of this fact has fostered the interest in alternative approaches to security such as intrusion tolerance, which applies fault tolerance concepts and techniques to security problems. Albeit this area is quite promising, intrusion-tolerant distributed systems typically rely on the assumption that the system components fail or are compromised independently. This is a strong assumption that has been repeatedly questioned. In this paper we discuss how this assumption can be implemented in practice using diversity of system components. We present a taxonomy of axes of diversity and discuss how they provide failure independence. Furthermore, we provide a practical example of an intrusion-tolerant system built using diversity.
Previous works have studied how to use proactive recovery to build intrusion-tolerant replicated ... more Previous works have studied how to use proactive recovery to build intrusion-tolerant replicated systems that are resilient to any number of faults, as long as recoveries are faster than an upper-bound on fault production assumed at system deployment time. In this paper, we propose a complementary approach that combines proactive recovery with services that allow correct replicas to react and recover replicas that they detect or suspect to be compromised. One key feature of our proactive-reactive recovery approach is that, despite recoveries, it guarantees the availability of the minimum amount of system replicas necessary to sustain system's correct operation. We design a proactive-reactive recovery service based on a hybrid distributed system model and show, as a case study, how this service can effectively be used to augment the resilience of an intrusion-tolerant firewall adequate for the protection of critical infrastructures.
The tuple space coordination model is one of the most interesting coordination models for open di... more The tuple space coordination model is one of the most interesting coordination models for open distributed systems due to its space and time decoupling and its synchronization power. Several works have tried to improve the dependability of tuple spaces through the use of replication for fault tolerance and access control for security. However, many practical applications in the Internet require both fault tolerance and security. This paper describes the design and implementation of DepSpace, a Byzantine fault-tolerant coordination service that provides a tuple space abstraction. The service offered by DepSpace is secure, reliable and available as long as less than a third of service replicas are faulty. Moreover, the content-addressable confidentiality scheme developed for DepSpace bridges the gap between Byzantine fault-tolerant replication and confidentiality of replicated data and can be used in other systems that store critical data.
Resumo Este trabalho apresenta uma visão geral sobre tipos de interfaces e suas aplicações, abord... more Resumo Este trabalho apresenta uma visão geral sobre tipos de interfaces e suas aplicações, abordando as interfaces desktop, que oferecem inúmeros recursos para a iteração entre usuário e sistema, e as interfaces baseadas na Web, que buscam distribuir aplicações Web para os usuários com a mesma ou melhor qualidade que uma interface desktop. É abordado o que vem a ser Web 2.0 eo conceito de RIA, juntamente das tecnologias que fazem essa idéia possível.
Executive Summary This deliverable describes the prototype implementation of two of the resilient... more Executive Summary This deliverable describes the prototype implementation of two of the resilient mechanisms developed within the MASSIF project. Generically, the resilient mechanisms aim at augmenting the SIEM system capabilities to operate correctly under adverse conditions. Faults of accidental nature, such as node crashes or link failures, can impact the normal functioning of the system, by preventing for instance the events collected by the sensors from reaching the correlation engine where they are processed.
Resumo. As pesquisas em tolerância a faltas em sistemas distribuıdos têm um importante papel no d... more Resumo. As pesquisas em tolerância a faltas em sistemas distribuıdos têm um importante papel no desenvolvimento de aplicaçoes confiáveis. Este trabalho apresenta a ferramenta GROUPPAC juntamente com seus serviços que incluem suportea tolerância a faltas na arquitetura CORBA fazendo uso de técnicas de replicaçao de objetos. O GROUPPAC é uma implementaçao de código aberto do padrao FT-CORBA produzida nos laboratórios UFSC visando prover uma suporte de middleware tolerante a faltas de alta qualidade.
Sistemas distribuídos abertos são tipicamente compostos por um número desconhecido e variável de ... more Sistemas distribuídos abertos são tipicamente compostos por um número desconhecido e variável de processos executando em um ambiente heterogêneo, onde as comunicações muitas vezes requerem desconexões temporárias e segurança contra ações maliciosas.
Abstract Critical infrastructures like the power grid are essentially physical processes controll... more Abstract Critical infrastructures like the power grid are essentially physical processes controlled by electronic devices. In the last decades, these electronic devices started to be controlled remotely through commodity computers, often directly or indirectly connected to the Internet. Therefore, many of these systems are currently exposed to threats similar to those endured by normal computer-based networks on the Internet, but the impact of failure of the former can be much higher to society.
Resumo. Este artigo apresenta um modelo de integraç ao das especificaç oes FTCORBA e UMIOP em uma... more Resumo. Este artigo apresenta um modelo de integraç ao das especificaç oes FTCORBA e UMIOP em uma plataforma única de middleware, resultando em um amplo espectro de primitivas de comunicaç ao que sustentam a replicaç ao ativa do padrao FT-CORBA. Também é discutida a forma de integraç ao de ferramentas de comunicaç ao de grupo na infraestrutura do GROUPPAC (nossa implementaç ao do FT-CORBA) e alguns resultados de desempenho s ao apresentados juntamente com experiências similares da literatura.
Abstract Today's critical infrastructures like the power grid are essentially physical processes ... more Abstract Today's critical infrastructures like the power grid are essentially physical processes controlled by computers connected by networks. They are usually as vulnerable as any other interconnected computer system, but their failure has a high socio-economic impact. The report describes a new construct for the protection of these infrastructures, based on distributed algorithms and mechanisms implemented between a set of devices called CIS.
Resumo. Com a crescente popularidade das clouds de armazenamento, empresas que lidam com dados cr... more Resumo. Com a crescente popularidade das clouds de armazenamento, empresas que lidam com dados críticos começam a pensar em usar estes serviços para armazenar bases de dados de registos médicos, históricos de infra-estruturas críticas, dados financeiros, entre outros.
Resumo. Este artigo apresenta a nossa experiência na integraçao das especificaçoes UMIOP e FT-COR... more Resumo. Este artigo apresenta a nossa experiência na integraçao das especificaçoes UMIOP e FT-CORBA em uma plataforma única de middleware. Este modelo de integraçao resulta em um amplo espectro de primitivas de comunicaç ao que sustentam um modelo de replicaç ao ativa para o FT-CORBA. Os algoritmos para difusao confiável e atômica necessários foram desenvolvidos a partir dos modelos de objetos FT-CORBA e UMIOP.
Abstract This paper presents our experiments for integrating OMG MIOP (Mullicast Inter-ORB Protoc... more Abstract This paper presents our experiments for integrating OMG MIOP (Mullicast Inter-ORB Protocol) specifications into a CORBA ORB. We proposed an integration model which allows the coexistence of two different protocol stacks (IIOP/TCP/IP and MIOP/UDP/IP multicast), making possible a large spectrum of middleware support for distributed objects communication. That integration model is discussed in this paper, giving evidence of the compatibility of our approach with the CORBA specifications.
Resumo. Atualmente tem surgido um grande esforço no sentido de especificar mecanismos para cooper... more Resumo. Atualmente tem surgido um grande esforço no sentido de especificar mecanismos para cooperaçao de serviços web para resoluçao de tarefas envolvendo diversas organizaçoes. Neste trabalho é apresentada uma infra-estrutura para coordenaçao de serviços web segura e confiável (tolerante a faltas e intrusoes), que oferece um elevado grau de desacoplamento.
An intrusion-tolerant (IT) system is one that maintains its security properties (ie, confidential... more An intrusion-tolerant (IT) system is one that maintains its security properties (ie, confidentiality, integrity and availability) despite some of its components being compromised by an adversary [4]. The term was coined by Fraga and Powell in 1985 and was almost forgotten for 15 years due to the prohibitive performance costs of the mechanisms required to implement IT systems. Byzantine fault-tolerant (BFT) replication is perhaps the most notorious of such mechanisms.
Abstract We present two asynchronous Byzantine fault-tolerant state machine replication (BFT) alg... more Abstract We present two asynchronous Byzantine fault-tolerant state machine replication (BFT) algorithms, which improve previous algorithms in terms of several metrics. First, they require only 2f+ 1 replicas, instead of the usual 3f+ 1. Second, the trusted service in which this reduction of replicas is based is quite simple, making a verified implementation straightforward (and even feasible using commercial trusted hardware).
1DAS-Departamento de Automaçao e Sistemas 3INE-Departamento de Informatica e Estatıstica UFSC-Uni... more 1DAS-Departamento de Automaçao e Sistemas 3INE-Departamento de Informatica e Estatıstica UFSC-Universidade Federal de Santa Catarina 2DI-Departamento de Informática FCUL–Faculdade de Ciências da Universidade de Lisboa Resumo. O uso de espaços de tuplas tem se mostrado uma soluçao atrativa para coordenaçao entre processos em sistemas distribuıdos abertos.
Uploads
Papers by Alysson Bessani