Title :
ByzID: Byzantine Fault Tolerance from Intrusion Detection
Author :
Duan, Sisi ; Levitt, Karl ; Hein Meling ; Peisert, Sean ; Haibin Zhang
Author_Institution :
UC, Davis, CA, USA
Abstract :
Building robust network services that can withstand a wide range of failure types is a fundamental problem in distributed systems. The most general approach, called Byzantine fault tolerance, can mask arbitrary failures. Yet it is often considered too costly to deploy in practice, and many solutions are not resilient to performance attacks. To address this concern we leverage two key technologies already widely deployed in cloud computing infrastructures: replicated state machines and intrusion detection systems. First, we have designed a general framework for constructing Byzantine failure detectors based on an intrusion detection system. Based on such a failure detector, we have designed and built a practical Byzantine fault-tolerant protocol, which has costs comparable to crash-resilient protocols like Paxos. More importantly, our protocol is particularly robust against several key attacks such as flooding attacks, timing attacks, and fairness attacks, that are typically not handled well by Byzantine fault masking procedures.
Keywords :
cloud computing; fault tolerant computing; finite state machines; protocols; security of data; system recovery; ByzID; Byzantine fault masking; Byzantine fault tolerance; Paxos; cloud computing infrastructures; crash-resilient protocols; distributed systems; failure types; intrusion detection; replicated state machines; robust network services; Computer crashes; Detectors; Fault tolerance; Intrusion detection; Monitoring; Protocols; Byzantine fault tolerance; attacks; distributed systems; failure detector; intrusion detection; state machine replication;
Conference_Titel :
Reliable Distributed Systems (SRDS), 2014 IEEE 33rd International Symposium on
Conference_Location :
Nara
DOI :
10.1109/SRDS.2014.28
