{"title":"Lazarus: Automatic Management of Diversity in BFT Systems","authors":"Miguel García, A. Bessani, N. Neves","doi":"10.1145/3361525.3361550","DOIUrl":null,"url":null,"abstract":"A long-standing promise of Byzantine Fault-Tolerant (BFT) replication is to maintain the service correctness despite the presence of malicious failures. The key challenge here is how to ensure replicas fail independently, i.e., avoid that a single attack compromises more than f replicas at once. The obvious answer for this is the use of diverse replicas, but most works in BFT simply assume such diversity without supporting mechanisms to substantiate this assumption. Lazarus is a control plane for managing the deployment and execution of diverse replicas in BFT systems. Lazarus continuously monitors the current vulnerabilities of the system replicas (reported in security feeds such as NVD and ExploitDB) and employs a metric to measure the risk of having a common weakness in the replicas set. If such risk is high, the set of replicas is reconfigured. Our evaluation shows that the devised strategy reduces the number of executions where the system becomes compromised and that our prototype supports the execution of full-fledged BFT systems in diverse configurations with 17 OS versions, reaching a performance close to a homogeneous bare-metal setup.","PeriodicalId":381253,"journal":{"name":"Proceedings of the 20th International Middleware Conference","volume":"248 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"17","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 20th International Middleware Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3361525.3361550","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 17
Abstract
A long-standing promise of Byzantine Fault-Tolerant (BFT) replication is to maintain the service correctness despite the presence of malicious failures. The key challenge here is how to ensure replicas fail independently, i.e., avoid that a single attack compromises more than f replicas at once. The obvious answer for this is the use of diverse replicas, but most works in BFT simply assume such diversity without supporting mechanisms to substantiate this assumption. Lazarus is a control plane for managing the deployment and execution of diverse replicas in BFT systems. Lazarus continuously monitors the current vulnerabilities of the system replicas (reported in security feeds such as NVD and ExploitDB) and employs a metric to measure the risk of having a common weakness in the replicas set. If such risk is high, the set of replicas is reconfigured. Our evaluation shows that the devised strategy reduces the number of executions where the system becomes compromised and that our prototype supports the execution of full-fledged BFT systems in diverse configurations with 17 OS versions, reaching a performance close to a homogeneous bare-metal setup.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
