Trustworthy Services
Overview
Replication improves the resilience of network services under attack
but can also lead to greater vulnerability for both the replicated
data and code. Replicating data can lead to loss of secrecy, since
the same data is normally stored on each replica. And replicas that
use the same code share the same vulnerabilities. So, replicas do not
fail independently when under attack.
Solving these problems requires increasing replica independence and
performing proactive state and code recovery. Proactive state
recovery involves periodically refreshing replica state, including
keys. This leads to both new cryptographic protocols and new
systems-level design. Proactive code recovery involves periodically
changing replica code to maintain failure independence.
Projects
Several projects at Cornell have investigated proactive state recovery
and proactive code recovery.
- The Cornell Online Certification Authority
(COCA) project uses a novel asynchronous proactive secret
sharing scheme to implement a dissemination Byzantine Quorum
System. COCA implements a fully asynchronous distributed
certificate authority.
-
The Cornell Data Exchange (CODEX) project
uses the techniques of COCA to implement a secret distribution
system. It also provides a general toolkit for building secure
distributed services.
- The Proactive
Obfuscation project consists of a framework for performing
proactive recovery of code as well as state. Semantics-preserving
code transformations (called obfuscation) are periodically
performed on server code to generate fresh executables for rebooting
replicas.
Publications