In environments like the Internet, faults follow unusual patterns, dictated by the combination of malicious attacks with accidental faults such as long communication delays caused by temporary network partitions. In this scenario, attackers can force buffer overflows in order to leave the system in an inconsistent state or to prevent it from doing progress, causing a denial of service. This paper is about the effects that finite memory has on intrusion-tolerant protocols and systems. We present the problem and propose a generic mitigation technique based on repair nodes that reduces the buffer space requirements. An experimental evaluation of the buffer usage with and without this technique is presented, allowing to assess in practice the effects of finite memory in a real, albeit simple, intrusion-tolerant system. © 2008 IEEE.
|Original language||English (US)|
|Title of host publication||Proceedings of the 7th IEEE International Symposium on Networking Computing and Applications, NCA 2008|
|Publisher||IEEE Computer Societyhelp@computer.org|
|Number of pages||8|
|State||Published - Jan 1 2008|