Friedrich-Alexander-Universität UnivisSearchDeutsch FAU-Logo
Techn. Fakultät Willkommen am Department Informatik FAU-Logo
Logo I4
Department of Computer Science 4
Project
Theses

Dept. of Computer Science  >  CS 4  >  Research  >  VM-FIT

VM-FIT - Virtual Machine-based Fault and Intrusion Tolerance

Project participants:Prof. Dr.-Ing. Rüdiger Kapitza, Hans P. Reiser, Dr.-Ing. Tobias Distler, Akad. Rat
Participating institutions:
LASIGE - Large-Scale Informatics Systems Laboratory, Universidade de Lisboa
Keywords:Intrusion tolerance; Fault tolerance; Replication; Virtual Machines; Hypervisor
Duration:1.10.2006 - 1.10.2009
Topics and Goals:In today's world, computing systems are continuously exposed to the threat of malicious attacks. Large-scale distributed systems nowadays are likely to suffer from vulnerabilities, and the increasing complexity of software makes it unlikely that vulnerabilities will disappear soon.

An intrusion-tolerant system is one that continues to function properly in spite of malicious intrusions in some parts of the systems. However, the number of simultaneous intrusions that such a system can tolerate is limited. Given enough time, there is the chance that an attacker compromises more parts of the system than the system can tolerate. Proactive recovery is an important mechanism to remedy this problem.

Proactive recovery periodically cleans up replicas of a service. In the recovery operation, the replica is re-initialized to an clean state, removing all potential malicious intrusions. This step is performed independent of whether an intrusion actually happend. This approach guarantees correct system operations as long as nodes are recovered more frequently than an attacker can compromise them.

VM-FIT is a novel system that harnesses virtualization technology for architecting dependable distributed systems with proactive recovery. The virtualization-based approach yields a hybrid system model with low replication costs. It allows minimizing the impact that the proactive recovery has on system operations. Furthermore, it allows an efficient implementation of secure distributed state transfer.

Contact:Kapitza, Rüdiger
E-Mail: Ruediger.Kapitza@cs.fau.de
Publications:
  1. Distler, Tobias ; Kapitza, Rüdiger ; Reiser, Hans P.:
    Efficient State Transfer for Hypervisor-Based Proactive Recovery.
    In: Correia, Miguel ; Martin, Jean-Philippe (Ed.) : Proceedings of the 2nd Workshop on Recent Advances on Intrusion-Tolerant Systems (WRAITS '08)
    (2nd Workshop on Recent Advances on Intrusion-Tolerant Systems (WRAITS '08), Glasgow, Scotland, 1.4.2008).
    2008, pp 7-12.
    Keywords: vmfit
  2. Reiser, Hans P. ; Kapitza, Rüdiger:
    Hypervisor-Based Efficient Proactive Recovery.
    In: IEEE (Ed.) : Proc. of the of the 26th IEEE Symposium on Reliable Distributed Systems - SRDS'07
    (IEEE Symposium on Reliable Distributed Systems (SRDS 2006), Beijing, China, 10.10-12.10).
    2007, pp 14.
    Keywords: vmfit
  3. Reiser, Hans P. ; Kapitza, Rüdiger:
    VM-FIT: Supporting Intrusion Tolerance with Virtualisation Technology.
    In: Correia, Miguel ; Neves, Nuno Ferreira (Ed.) : Proceedings of the First Workshop on Recent Advances on Intrusion-Tolerant Systems
    (Workshop on Recent Advances on Intrusion-Tolerant Systems (WRAITS 2007), Lissabon, Portugal, 23.03.2007).
    2007, pp 18-22.
    Keywords: vmfit
  4. Reiser, Hans P. ; Hauck, Franz J. ; Kapitza, Rüdiger ; Schröder-Preikschat, Wolfgang:
    Hypervisor-Based Redundant Execution on a Single Physical Host (Fast abstract).
    In: IEEE (Ed.) : Proc. of the 6th European Dependable Computing Conference - EDCC'06
    (Sixth European Dependable Computing Conference, Coimbra, Portugal, Oct 18-20).
    2006, pp 2.
  5. Reiser, Hans P. ; Distler, Tobias ; Kapitza, Rüdiger:
    Functional decomposition and interactions in hybrid intrusion-tolerant systems.
    In: Driver, Cormac ; Meier, Rene (Ed.) : Fox, Jorge (Org.):
    Proceedings of the 3rd Workshop on Middleware-Application Interaction (MAI '09)
    (3rd Workshop on Middleware-Application Interaction (MAI '09), Lisbon, Portugal).
    2009, pp 7-12.
    [doi>10.1145/1566966.1566968]

  Contact Last modified: 2009-02-10 16:48   Ka