| Title | Toward Intrusion Tolerance as a Service: Confidentiality in Partially Cloud-Based BFT Systems |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Khan, Maher, Babay, Amy |
| Conference Name | 2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) |
| Keywords | Byzantine Fault Tolerance, cloud, confidentiality, data centers, Fault tolerance, Fault tolerant systems, human factors, intrusion tolerance, power grids, privacy, Protocols, pubcrawl, resilience, Resiliency, SCADA systems, Timing |
| Abstract | Recent work on intrusion-tolerance has shown that resilience to sophisticated network attacks requires system replicas to be deployed across at least three geographically distributed sites. While commodity data centers offer an attractive solution for hosting these sites due to low cost and management overhead, their use raises significant confidentiality concerns: system operators may not want private data or proprietary algorithms exposed to servers outside their direct control. We present a new model for Byzantine Fault Tolerant replicated systems that moves toward "intrusion tolerance as a service". Under this model, application logic and data are only exposed to servers hosted on the system operator's premises. Additional offsite servers hosted in data centers can support the needed resilience without executing application logic or accessing unencrypted state. We have implemented this approach in the open-source Spire system, and our evaluation shows that the performance overhead of providing confidentiality can be less than 4% in terms of latency. |
| DOI | 10.1109/DSN48987.2021.00019 |
| Citation Key | khan_toward_2021 |
Toward Intrusion Tolerance as a Service: Confidentiality in Partially Cloud-Based BFT Systems