Integrating Security and Fault Tolerance in Distributed Systems
Cornell University, Ithaca NY
Investigators
Abstract
Proposal Number: NSF-0430161 TITLE: Integrating Security and Fault Tolerance in Distributed Systems PI: Andrew C. Myers, Ken Birman, Fred B. Schneider Trustworthy distributed systems should tolerate both malicious attacks and benign faults while preserving data integrity and confidentiality. This research aims to produce methods for constructing distributed systems that are trustworthy in the aggregate, even when some nodes in the system have been compromised by malicious attackers. The security and fault-tolerance communities have developed their own solutions to aspects of these problems, but the solutions are incompatible. The goal of this project is to reconcile that incompatibility. One key idea is to use automatic compile-time transformations to rewrite programs to run securely, even when some host machines are untrustworthy. Code and data are transformed to synthesize distributed systems that, by construction, provide confidentiality, integrity, and availability. The planned research also includes new distributed computation techniques needed to make these transformations effective. These techniques include proactive recovery, proactive obfuscation, and threshold cryptography, which can help systems survive malicious intrusions and denial of service attacks while offering data integrity, high availability, and cryptographic protection for secrets. Gossip-based and epidemic communication algorithms can provide robust, scalable, and efficient information aggregration over a large distributed system. In summary, the plan is to combine new compile-time and run-time techniques to make distributed systems more trustworthy.
View original record on NSF Award Search →