We are interested in the construction of trustworthy distributed systems: systems that tolerate both malicious attacks and benign faults while preserving data integrity and confidentiality. The development of high-assurance systems has been dominated by work on two separate themes: security and fault tolerance. The security viewpoint holds that a trustworthy system must be able to defend against malicious attacks, building from a trusted computing base. The fault tolerance viewpoint is that a trustworthy system cannot depend on any single component functioning correctly, because that component becomes a vulnerability. These two views are incompatible because a trusted computing base could become a single point of failure, and because efficient fault-tolerant replication protocols assume non-malicious failures. Under the auspices of this project, we are exploring new ways to synthesize these two approaches. Our goal is new methods for constructing distributed systems that are trustworthy in the aggregate even when some nodes in the system have been compromised by malicious attackers.
Project Publications
|
Current areas of investigationWith Birman, Mahesh Balakrishnan is developing Tempest, a new way to program clusters by drag-and-drop importation of Web Services applications, automatically replicated and managed to preserve time-critical properties despite faults, node restart, or load surges. Working in this drag-and-drop paradigm, Tudor Marian is exploring chain-replication scenarios in which gossip mechanisms can be used for infrastructure management and repair of inconsistencies. Birman and Krzysztof Ostrowski are developing QuickSilver, a scalable, reliable, eventing (publish-subscribe) architecture. His initial focus is on scalability in numbers of communication subjects (modeled as process groups and supported by a protocol stack capable of implementing virtual synchrony). Robbert van Renesse, Maya Haridasan, and Andre Allavena are investigating support for intrusion-tolerant overlay networking. Myers and Lantian Zheng are investigating automatic synthesis of distributed systems that use quorum protocols to meet integrity and availability requirements. Myers, Steve Chong, and K. Vikram are developing a secure servlet architecture using static information flow to track confidential information end-to-end through web browser interactions. Myers, Schneider, and Michael Clarkson are exploring a new way of measuring and enforcing information flow quantitatively, based on attacker beliefs rather than on changes in uncertainty. Schneider and Clarkson are exploring hyperproperties, a unified mathematical characterization of a wide range of system properties, including security and fault tolerance. Myers, Clarkson, and Chong are building a secure remote voting system called Civitas. It provides universal verifiability and coercion resistance. |