Functional decomposition and interactions in hybrid intrusion-tolerant systems

摘要

Hybrid wormhole-based architectures have recently been proposed as an approach for building intrusion-tolerant systems. The wormhole, a trusted entity in the system, can be implemented in software using virtualization technology. The architecture of such systems poses the question of distribution of functionality and interactions between three layers: the trusted wormhole, the untrusted part of the replication infrastructure, and the replicated application. For example, a total-ordering service for client requests that is needed for consistent replication can be implemented in the trusted or untrusted part of the infrastructure. In this paper, we discuss this distribution of functionality and the impact on semantics, interfaces, and functional constraints. Finally, we propose a flexible toolkit that eases the implementation and comparison of different architectures.