Repairable Architecture for Intrusion-Tolerant Network-Centric Systems

摘要

In summary, given an internet service, Arachne automatically instruments its application components to keep track of inter-request dependencies and associations between incoming requests and persistent state update operations. In addition, Arachne keeps proper update logs to ensure every file system and DBMS update operation is undoable. At repair time, Arachne derives the set of requests that are directly or indirectly dependent on the error/attack request in question, initiates file systems and DBMS undo operations to erase the side effects of these requests, and finally re- executes them according to their timestamps to re-incorporate their effects into the state of the internet service.