The Byzantine Agreement Protocol Applied to Security

Toth, David

12 January 2005

Intrusion Detection & Countermeasure Systems (IDCS) and architectures commonly used in commercial, as well as research environments, suffer from a number of problems that limit their effectiveness. The most common shortcoming of current IDCSs is their inability to tolerate failures. These failures can occur naturally, such as hardware or software failures, or can be the result of attackers attempting to compromise the IDCS itself. Currently, the WPI System Security Laboratory at Worcester Polytechnic Institute is developing a Secure Architecture and Fault-Resilient Engine (S.A.F.E.), a system capable of tolerating failures. This system makes use of solutions to the Byzantine General's Problem, developed earlier by Lamport and others. Byzantine Agreement Protocols will be used to achieve consensus about which nodes have been compromised or failed, with a series of synchronized, secure rounds of message exchanges. Once a consensus has been reached, the offending nodes can be isolated and countermeasure actions can be initiated by the system. We consider the necessary and sufficient conditions for the application of Byzantine Agreement Protocols to the intrusion detection problem. Further, a first implementation of this algorithm will be embedded in the Distributed Trust Manager (DTM) module of S.A.F.E. The DTM is the key module responsible for assuring trust amongst the members of the system. Finally, we will evaluate the DTM, as a standalone unit, to ensure that it performs correctly.

intrusion detection system

Byzantine Agreement Protocol

Computer security

Fault-tolerant computing