A DARPA/IPTO grant (June 2004 - December 2005) to Johns Hopkins Univesity with a subcontract to Purdue University. A component of the DARPA Self-Regenerative Systems (SRS) effort.
Principal Investigator: Yair Amir. Subcontract PI: Cristina Nita-Rotaru.
Network-centric warfare calls for survivable command control communication and intelligence (C3I) systems that are resilient to a broad range of attacks. The focus of this project is to construct a realistic solution for the broad malicious attack problem where part of the C3I system is compromised.
The project targets three main limitations with current solutions: they are not scalable to high latency wide area networks underlying C3I systems; they have no protection against malicious clients providing incorrect input that is within their authority; and they often unnecessarily delay applying updates, withholding important information from clients until updates can be globally ordered.
From a research perspective, there is a broad class of distributed data management applications based on replication infrastructure. This project takes the C3I problem as a representative example of this broader class.
The resulting system will have considerably better performance and much higher availability then existing symmetric solutions and offer a clear path for technology transition.
- Scalable wide-area intrusion-tolerant architecture: By inventing a hierarchical approach in which Byzantine replication is used locally in each site, and efficient fault tolerant replication is used on the wide area network, we overcome the strong connectivity requirements and multiple all-peer exchanges of current Byzantine replication solutions. Symmetric Byzantine replication in conjunction with threshold cryptography is used in each site to create one logical trusted entity, over which the non-malicious tolerant replication can be safely used. The effects of malicious server replicas are then confined to the local site.
- Accountability for updates: Once bad data is discovered, we identify the client that injected it and quickly mark corrupted and suspected data. We can then backtrack and regenerate the C3I state based on non-corrupted and/or non-suspected data, and identify the extent of potential damage. Accountability for updates also provides protection against a complete site compromise, enabling a reduction in the number of replicas for a slightly higher risk and better performance.
- Instant Information Access: Our architecture propagates updates to other sites as soon as network connectivity exists and exploits commutative update semantics to efficiently make update effects available immediately. In contrast, Byzantine replication solutions may only provide access to the effects of updates that are globally ordered on the wide area network.
Questions or comments to:
webmaster (at) dsn.jhu.edu
TEL: (410) 516-5562
FAX: (410) 516-6134
Distributed Systems and Networks Lab|
Computer Science Department
Johns Hopkins University
3400 N. Charles Street
Baltimore, MD 21218-2686