Daniel Obenshain scite author profile

Abstract-Networks with homogeneous routing nodes are constantly at risk as any vulnerability found against a node could be used to compromise all nodes. Introducing diversity among nodes can be used to address this problem. With few variants, the choice of assignment of variants to nodes is critical to the overall network resiliency.We present the Diversity Assignment Problem (DAP), the assignment of variants to nodes in a network, and we show how to compute the optimal solution in medium-size networks. We also present a greedy approximation to DAP that scales well to large networks. Our solution shows that a high level of overall network resiliency can be obtained even from variants that are weak on their own.We provide two variations of our problem to meet real-world system needs. First, for networks with knowledge of higherlevel protocols we offer a technique to create assignments that maximize the needs of a specific application (e.g., Paxos and BFT). Second, for networks with knowledge of the value of traffic between each communicating pair of nodes, we offer a weighted version that can increase resiliency between important communicating pairs while sacrificing resiliency for the less important pairs.Our assignments are based on assumed compromise probabilities and independence of compromises between different diverse variants. We provide analysis when these assumed probabilities or independence are inaccurate.

show abstract

Practical Intrusion-Tolerant Networks

Obenshain

Tantillo

Babay

et al. 2016

View full text Add to dashboard Cite

Towards a Practical Survivable Intrusion Tolerant Replication System

Platania

Obenshain

Tantillo

et al. 2014

View full text Add to dashboard Cite

Abstract-The increasing number of cyber attacks against critical infrastructures, which typically require large state and long system lifetimes, necessitates the design of systems that are able to work correctly even if part of them is compromised.We present the first practical survivable intrusion tolerant replication system, which defends across space and time using compiler-based diversity and proactive recovery, respectively. Our system supports large-state applications, and utilizes the Prime BFT protocol (providing performance guarantees under attack) with a compiler-based diversification engine. We devise a novel theoretical model that computes how resilient the system is over its lifetime based on the rejuvenation rate and the number of replicas.This model shows that we can achieve a confidence in the system of 95% over 30 years even when we transfer a state of 1 terabyte after each rejuvenation.

show abstract

Structured Overlay Networks for a New Generation of Internet Services

Babay

Danilov

Lane

et al. 2017

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.