In today's world, computing systems are continuously exposed to the threat
of malicious attacks. Large-scale distributed systems nowadays are likely to
suffer from vulnerabilities, and the increasing complexity of software makes
it unlikely that vulnerabilities will disappear soon.
An intrusion-tolerant system is one that continues to function properly in
spite of malicious intrusions in some parts of the systems. However, the
number of simultaneous intrusions that such a system can tolerate is limited.
Given enough time, there is the chance that an attacker compromises more
parts of the system than the system can tolerate. Proactive recovery is an
important mechanism to remedy this problem.
Proactive recovery periodically cleans up replicas of a service. In the recovery
operation, the replica is re-initialized to an clean state, removing all
malicious intrusions. This step is performed independent of whether an
intrusion actually happend. This approach guarantees correct system
operations as long as nodes are recovered more frequently than an attacker
can compromise them.
VM-FIT is a novel system that harnesses virtualization technology for
architecting dependable distributed systems with proactive recovery. The
virtualization-based approach yields a hybrid system model with low
replication costs. It allows minimizing the impact that the proactive recovery
has on system operations. Furthermore, it allows an efficient implementation
of secure distributed state transfer.