Integrating Security and Fault Tolerance in Distributed Systems

在分布式系统中集成安全性和容错性

• 批准号: 0430161
• 负责人: Andrew Myers
• 金额: --
• 依托单位: Cornell University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2004
• 资助国家: 美国
• 起止时间: 2004-09-01 至 2009-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0430161&HistoricalAwards=false
• 关键词: Integrating; Security; Fault; Tolerance; Distributed

Proposal Number: NSF-0430161TITLE: Integrating Security and Fault Tolerance in Distributed SystemsPI: Andrew C. Myers, Ken Birman, Fred B. SchneiderTrustworthy distributed systems should tolerate both malicious attacks and benign faults while preserving data integrity and confidentiality. This research aims to produce methods for constructing distributed systems that are trustworthy in the aggregate, even when some nodes in the system have been compromised by malicious attackers. The security and fault-tolerance communities have developed their own solutions to aspects of these problems, but the solutions are incompatible. The goal of this project is to reconcile that incompatibility. One key idea is to use automatic compile-time transformations to rewrite programs to run securely, even when some host machines are untrustworthy. Code and data are transformed to synthesize distributed systems that, by construction, provide confidentiality, integrity, and availability. The planned research also includes new distributed computation techniques needed to make these transformations effective. These techniques include proactive recovery, proactive obfuscation, and threshold cryptography, which can help systems survive malicious intrusions and denial of service attacks while offering data integrity, high availability, and cryptographic protection for secrets. Gossip-based and epidemic communication algorithms can provide robust, scalable, and efficient information aggregration over a large distributed system. In summary, the plan is to combine new compile-time and run-time techniques to make distributed systems more trustworthy.

提案号：nsf -0430161标题：集成分布式系统的安全性和容错性spi: Andrew C. Myers, Ken Birman, Fred B. schneider可信的分布式系统应该容忍恶意攻击和良性故障，同时保持数据完整性和机密性。本研究旨在产生构建分布式系统的方法，即使系统中的某些节点已被恶意攻击者破坏，也可以在总体上可信。安全性和容错社区已经针对这些问题的各个方面开发了自己的解决方案，但是这些解决方案是不兼容的。这个项目的目标是调和这种不兼容性。一个关键思想是使用自动编译时转换来重写程序以确保安全运行，即使在某些主机不值得信任的情况下也是如此。代码和数据被转换为综合分布式系统，这些系统通过构造提供机密性、完整性和可用性。计划中的研究还包括使这些转换有效所需的新的分布式计算技术。这些技术包括主动恢复、主动混淆和阈值加密，它们可以帮助系统抵御恶意入侵和拒绝服务攻击，同时提供数据完整性、高可用性和机密加密保护。基于八卦和流行的通信算法可以在大型分布式系统上提供健壮、可扩展和高效的信息聚合。总之，我们的计划是将新的编译时和运行时技术结合起来，使分布式系统更加值得信赖。