Project Title: DEFEATS - Distributed Fault and Attack
Tolerant Systems Configuration
in critical systems have been handled by a number of techniques, from prevention
to fault tolerance mechanisms based on replication. On the other hand, security
is still mostly obtained through prevention, although it is possible to
characterize the malicious faults involved in attacks, which can then be handled
using fault-tolerance techniques. This issue, attack tolerance, only recently
started to receive attention.
composition of medium/large software systems from smaller components has also
been an area of research in the last years. The application of these ideas to
configuration of distributed systems and processes is a powerful framework. The
basic principle is the separation between systems architecture and computation.
Computation is done by the components. The architecture of the system can be
defined using configuration languages or graphic tools, and changed using a
DEFEATS is concerned with studying a configurable framework to build attack and
intrusion tolerant systems.
DEFEATS aims to develop: (1) a framework for the configuration of dependable
distributed services (including attack tolerance); and (2) a decomposition of
attack tolerance mechanisms in reusable blocks and a set of guidelines for their
composition. Other contributions will be the integration of a meta-level scheme
with configuration, and the design of a dependable configuration platform.
Comprehensive approaches to this set of problems are not known in the
DEFEATS has two lines of work. In the first place, the project will research
mechanisms to build attack tolerant services and define a set of building blocks
and guidelines to compose such services. The set of blocks will include
attack-tolerant intrusion detection and attack-tolerant authentication services.
Communication will be based on a group communication system, since such systems
are particularly well suited for replicated services.
the second place, the project will define a framework for the configuration of
dependable systems resilient to both accidental and intentional malicious
faults, using the defined building blocks. There are several issues that will be
considered: (1) the definition of a meta-level scheme to transparently configure
a service in order that it is dependable; (2) the dependability of the
configuration platform itself (including attack tolerance); (3) the interference
between the dependability of the platform and the services that run over it. A
demonstration prototype of an instantiation of the framework will be implemented
and feedback will be taken for its further refinement.
The project started on January 2001 and finished in December 2003.
União Europeia – Fundos Estruturais
Governo da República Portuguesa
For problems or questions regarding this web contact defeats*AT*di.fc.ul.pt.