VM-FIT: Virtual Machine-based Fault and Intrusion Tolerance
In today's world, computing systems are continuously exposed to the threat of malicious attacks. Large-scale distributed systems nowadays are likely to suffer from vulnerabilities, and the increasing complexity of software makes it unlikely that vulnerabilities will disappear soon.
An intrusion-tolerant system is one that continues to function properly in spite of malicious intrusions in some parts of the systems. However, the number of simultaneous intrusions that such a system can tolerate is limited. Given enough time, there is the chance that an attacker compromises more parts of the system than the system can tolerate. Proactive recovery is an important mechanism to remedy this problem.
Proactive recovery periodically cleans up replicas of a service. In the recovery operation, the replica is re-initialized to an clean state, removing all potential malicious intrusions. This step is performed independent of whether an intrusion actually happend. This approach guarantees correct system operations as long as nodes are recovered more frequently than an attacker can compromise them.
VM-FIT is a novel system that harnesses virtualization technology for architecting dependable distributed systems with proactive recovery. The virtualization-based approach yields a hybrid system model with low replication costs. It allows minimizing the impact that the proactive recovery has on system operations. Furthermore, it allows an efficient implementation of secure distributed state transfer.