|
eCommons@Cornell >
Faculty of Computing and Information Science >
Computing and Information Science >
Computing and Information Science Technical Reports >
Please use this identifier to cite or link to this item:
http://hdl.handle.net/1813/12138
| Title: | Proactive Obfuscation |
| Authors: | Roeder, Tom
Schneider, Fred B. |
| Keywords: | fault tolerance
security
reliability
distributed systems |
| Issue Date: | 28-Mar-2009 |
| Abstract: | Proactive obfuscation is a new method for creating server
replicas that are likely to have fewer shared vulnerabilities. It
uses semantics-preserving code transformations to generate diverse
executables, periodically restarting servers with these fresh
versions. The periodic restarts help bound the number of compromised
replicas that a service ever concurrently runs, and therefore
proactive obfuscation makes an adversary's job harder. Proactive
obfuscation was used in implementing two prototypes: a distributed
firewall based on state-machine replication and a distributed storage
service based on quorum systems. Costs intrinsic to supporting
proactive obfuscation were quantified by measuring the performance of
these prototypes. |
| URI: | http://hdl.handle.net/1813/12138 |
| Appears in Collections: | Computing and Information Science Technical Reports
|
Items in eCommons are protected by copyright, with all rights reserved, unless otherwise indicated.
|
