Cryptography Reference
In-Depth Information
are designed to be more reliable but they introduce new threats and vulnerabilities which
exploit the specifics of each architecture. To counter the shortcomings, researchers pro-
posed a number of implementations [21] and theoretical studies [11,2] with the aim
to improve the reliability of distributed systems. Specific example of control channel
which supervises the entire system's operation and becomes a viable target to the ad-
versary is the BitTorrent tracker network. Although originally designed as a centralized
control, extensions have been proposed to enhance the reliability of the tracker by hav-
ing distributed tracker or multiple trackers. Unlike previous studies on BitTorrent [4,19]
where the primary interests were performance related factors such as latency and fair-
ness of resource utilization, recent studies [16,17,14] focus more on the system's relia-
bility.
2.3
Secure Message Propagation Systems
The goal of alert distribution systems is to deliver small size messages to many partici-
pants under a strict time constraint. Ever since fast, self-replicating worms (for instance
Slammer and Nimda viruses) crippled the Internet, there have been many theoretical
studies [30,1,26,24] to build an alert distribution system which can compete against
such worms. The outcome of this line of research was guidelines regarding how fast
the patch propagation should be. However, none of these works consider scenarios of
active adversary who also wants to take over the alert propagation processes.
In addition, RapidUpdate [23] is a research performed by research groups of com-
mercial security vendors. It offers a specific solution to their own alert propagation
model. The goal of the system is to propagate small sized alert messages (less than
200K) and meet distribution deadlines. Having assistance from peers, the RapidUpdate
tries to alleviate the workload of servers/vendors. Another work [7] by a major soft-
ware vendor quantifies the performance of the world's biggest patch distribution system
- Microsoft's Windows update. Based on trace analysis, this work delivers interesting
observations on traffic characteristics of patch distribution and end-user's behavioral
patterns. Nonetheless, no previous study considers the presence of a sophisticated ad-
versary that attempts to disrupt the operation of the alert distribution network.
3
Application Environment and Adversarial Scenarios
The key element of our work is the evaluation of different mechanisms for implement-
ing a rapid and reliable alert distribution system in the adversarial context. Previous
analyses of such systems were largely done without taking into account sophisticated
(or, in many cases, even simple) adversaries who might seek to disrupt the operation of
the system. Such disruption may, for example, be attempted in parallel with an attack,
so as to maximize its impact and minimize the effectiveness of any defenses.
The goal of the adversaries would be to delay distribution and delivery of such alerts,
or to prevent their delivery altogether to as large a fraction of the nodes as possible.
We consider different adversaries, at varying levels of sophistication and resources.
For generality, our evaluation considers the
impact
such adversaries would have on the
system, in terms of inhibiting communications to/from some fraction of nodes.
Search WWH ::
Custom Search