Link to the University of Pittsburgh Homepage
Link to the University Library System Homepage Link to the Contact Us Form

Simplifying the deployment of intrusion-tolerant systems by leveraging cloud resources

Khan, Maher (2024) Simplifying the deployment of intrusion-tolerant systems by leveraging cloud resources. Doctoral Dissertation, University of Pittsburgh. (Unpublished)

Download (4MB) | Preview


The rise of cyberattacks on high-value systems has led to a growing interest in intrusion-tolerant systems as a means of ensuring resilience. An intrusion-tolerant system can guarantee that it can continue to operate correctly even when parts of the system are compromised. The research community has developed techniques for intrusion-tolerant systems based on Byzantine Fault-Tolerant (BFT) replication. However, these systems are still not widely used in industry. One of the main obstacles is the technical expertise and infrastructure investment required for deploying and managing these systems. Cloud resources can help with this but are currently not feasible for many system operators due to concerns about maintaining the confidentiality of sensitive information.

We address this issue by developing novel systems that allow system operators to deploy intrusion-tolerant applications by partially or fully outsourcing the responsibility of the BFT replication protocol to a cloud service while maintaining the privacy of the application's state and algorithms. We define a hybrid management model for joint management of intrusion-tolerant applications by system operators and cloud service providers, separating responsibilities. Only the replicas managed by the system operator execute the application logic, and the replicas managed by the cloud service provider participate in the BFT replication protocol to provide the needed resilience and only have access to encrypted state.

Finally, we introduce three concrete service models for offering Intrusion-Tolerance as a Service (ITaaS) on top of existing cloud services. We enable an ITaaS provider to cost-effectively deploy such a service by designing a framework for optimizing the distribution of replicas of different applications across shared cloud resources. Overall, this approach has the potential to make intrusion-tolerant systems more accessible to system operators while maintaining the confidentiality of sensitive information.


Social Networking:
Share |


Item Type: University of Pittsburgh ETD
Status: Unpublished
CreatorsEmailPitt UsernameORCID
Khan, Mahermhk36@pitt.edumhk36
ETD Committee:
TitleMemberEmail AddressPitt UsernameORCID
Committee ChairBabay, Amybabay@pitt.edubabay
Committee MemberMosse, Danielmosse@cs.pitt.edumosse
Committee MemberLee, Adam Jadamlee@pitt.eduadamlee
Committee MemberPalanisamy, Balajibpalan@pitt.edubpalan
Date: 13 May 2024
Date Type: Publication
Defense Date: 4 April 2024
Approval Date: 13 May 2024
Submission Date: 22 April 2024
Access Restriction: No restriction; Release the ETD for access worldwide immediately.
Number of Pages: 152
Institution: University of Pittsburgh
Schools and Programs: School of Computing and Information > Computer Science
Degree: PhD - Doctor of Philosophy
Thesis Type: Doctoral Dissertation
Refereed: Yes
Uncontrolled Keywords: cybersecurity, cyberattacks, high-value systems, critical systems, intrusion-tolerance, intrusion-tolerant systems, Byzantine Fault Tolerance (BFT), attack-resilience, distributed systems, integration challenges, proactive recovery, critical infrastructure, cloud infrastructure, cloud service providers, cloud resources, virtual machines, optimization algorithms, mixed-integer linear programming, heuristic algorithms, scheduling algorithms, fault-tolerant scheduling algorithms, system administration, cloud-based BFT, sensitivity of data, data confidentiality, privacy, system complexity, geographic redundancy, specialized expertise, power grid control system, SCADA, network-attacks, consensus algorithms, cloud-based deployment.
Date Deposited: 13 May 2024 17:14
Last Modified: 13 May 2024 17:14


Monthly Views for the past 3 years

Plum Analytics

Actions (login required)

View Item View Item