Proactive Obfuscation

被引：40

作者：

Roeder, Tom ^{[1
]}

Schneider, Fred B. ^{[2
]}

机构：

[1] Microsoft Res, Redmond, WA 98052 USA

[2] Cornell Univ, Dept Comp Sci, Ithaca, NY 14853 USA

来源：

ACM TRANSACTIONS ON COMPUTER SYSTEMS | 2010年 / 28卷 / 02期

基金：

美国国家科学基金会;

关键词：

Design; Reliability; Security; Byzantine fault tolerance; distributed systems; proactive recovery; quorum systems; state machine approach; CONSENSUS;

D O I：

10.1145/1813654.1813655

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

Proactive obfuscation is a new method for creating server replicas that are likely to have fewer shared vulnerabilities. It uses semantics-preserving code transformations to generate diverse executables, periodically restarting servers with these fresh versions. The periodic restarts help bound the number of compromised replicas that a service ever concurrently runs, and therefore proactive obfuscation makes an adversary's job harder. Proactive obfuscation was used in implementing two prototypes: a distributed firewall based on state-machine replication and a distributed storage service based on quorum systems. Costs intrinsic to supporting proactive obfuscation in replicated systems were evaluated by measuring the performance of these prototypes. The results show that employing proactive obfuscation adds little to the cost of replica-management protocols.

引用

页数：54

共 58 条

[1]

[Anonymous], NATL CYBER LEAP YEAR

[2]

[Anonymous], 1990, 1098 RFC

[3]

[Anonymous], CACM

[4]

Arsenault D, 2007, ARES 2007: SECOND INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY, PROCEEDINGS, P343

[5] THE N-VERSION APPROACH TO FAULT-TOLERANT SOFTWARE [J].

AVIZIENIS, A .

IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 1985, 11 (12) :1491-1501

[6]

Barham P., 2003, Operating Systems Review, V37, P164, DOI 10.1145/1165389.945462

[7]

Barrantes E. G., 2005, ACM Transactions on Information and Systems Security, V8, P3, DOI 10.1145/1053283.1053286

[8]

Barrantes E.G., 2003, P 10 ACM C COMPUTER, P281, DOI DOI 10.1145/948109.948147

[9]

Berger ED, 2006, ACM SIGPLAN NOTICES, V41, P158, DOI 10.1145/1133981.1134000

[10]

Bhatkar S, 2003, USENIX ASSOCIATION PROCEEDINGS OF THE 12TH USENIX SECURITY SYMPOSIUM, P105

← 1 2 3 4 5 6 →