Khan, Maher
(2024)
Simplifying the deployment of intrusion-tolerant systems by leveraging cloud resources.
Doctoral Dissertation, University of Pittsburgh.
(Unpublished)
Abstract
The rise of cyberattacks on high-value systems has led to a growing interest in intrusion-tolerant systems as a means of ensuring resilience. An intrusion-tolerant system can guarantee that it can continue to operate correctly even when parts of the system are compromised. The research community has developed techniques for intrusion-tolerant systems based on Byzantine Fault-Tolerant (BFT) replication. However, these systems are still not widely used in industry. One of the main obstacles is the technical expertise and infrastructure investment required for deploying and managing these systems. Cloud resources can help with this but are currently not feasible for many system operators due to concerns about maintaining the confidentiality of sensitive information.
We address this issue by developing novel systems that allow system operators to deploy intrusion-tolerant applications by partially or fully outsourcing the responsibility of the BFT replication protocol to a cloud service while maintaining the privacy of the application's state and algorithms. We define a hybrid management model for joint management of intrusion-tolerant applications by system operators and cloud service providers, separating responsibilities. Only the replicas managed by the system operator execute the application logic, and the replicas managed by the cloud service provider participate in the BFT replication protocol to provide the needed resilience and only have access to encrypted state.
Finally, we introduce three concrete service models for offering Intrusion-Tolerance as a Service (ITaaS) on top of existing cloud services. We enable an ITaaS provider to cost-effectively deploy such a service by designing a framework for optimizing the distribution of replicas of different applications across shared cloud resources. Overall, this approach has the potential to make intrusion-tolerant systems more accessible to system operators while maintaining the confidentiality of sensitive information.
Share
| Citation/Export: |
|
| Social Networking: |
|
Details
| Item Type: |
University of Pittsburgh ETD
|
| Status: |
Unpublished |
| Creators/Authors: |
|
| ETD Committee: |
|
| Date: |
13 May 2024 |
| Date Type: |
Publication |
| Defense Date: |
4 April 2024 |
| Approval Date: |
13 May 2024 |
| Submission Date: |
22 April 2024 |
| Access Restriction: |
No restriction; Release the ETD for access worldwide immediately. |
| Number of Pages: |
152 |
| Institution: |
University of Pittsburgh |
| Schools and Programs: |
School of Computing and Information > Computer Science |
| Degree: |
PhD - Doctor of Philosophy |
| Thesis Type: |
Doctoral Dissertation |
| Refereed: |
Yes |
| Uncontrolled Keywords: |
cybersecurity, cyberattacks, high-value systems, critical systems, intrusion-tolerance, intrusion-tolerant systems, Byzantine Fault Tolerance (BFT), attack-resilience, distributed systems, integration challenges, proactive recovery, critical infrastructure, cloud infrastructure, cloud service providers, cloud resources, virtual machines, optimization algorithms, mixed-integer linear programming, heuristic algorithms, scheduling algorithms, fault-tolerant scheduling algorithms, system administration, cloud-based BFT, sensitivity of data, data confidentiality, privacy, system complexity, geographic redundancy, specialized expertise, power grid control system, SCADA, network-attacks, consensus algorithms, cloud-based deployment. |
| Date Deposited: |
13 May 2024 17:14 |
| Last Modified: |
13 May 2024 17:14 |
| URI: |
http://d-scholarship.pitt.edu/id/eprint/46227 |
Metrics
Monthly Views for the past 3 years
Plum Analytics
Actions (login required)
 |
View Item |
![[feed]](/images/feed-icon-32x32.png){kind=icon}