Trustworthy Services


Replication improves the resilience of network services under attack but can also lead to greater vulnerability for both the replicated data and code. Replicating data can lead to loss of secrecy, since the same data is normally stored on each replica. And replicas that use the same code share the same vulnerabilities. So, replicas do not fail independently when under attack.

Solving these problems requires increasing replica independence and performing proactive state and code recovery. Proactive state recovery involves periodically refreshing replica state, including keys. This leads to both new cryptographic protocols and new systems-level design. Proactive code recovery involves periodically changing replica code to maintain failure independence.


Several projects at Cornell have investigated proactive state recovery and proactive code recovery.