On the Effects of Diversity on Intrusion Tolerance
Alysson Neves Bessani, Rafael Obelheiro, Paulo Sousa, Ilir Gashi
Submitted to publication.
Available as Technical Report DI/FCUL TR-08-30.
No Comments » | 
Publications | 
Permalink
Posted by pjsousa
JBP aims to provide a complete, modular and clear implementation of the Byzantine Paxos agreement protocol in Java programming language. Since there are several variants of this algorithm, we choose to implement Paxos at War, by Piotr Zielinski, for consensus and extended it to for total order multicast adding only one communication step and maintaining the quadratic message complexity using the usual technique proposed by Leslie Lamport in the Classical Paxos algorithm and later extended by Castro and Liskov in the BFT system.
JBP was developed because there was no implementation of a fast Byzantine fault-tolerant Total order multicast protocol in Java. Moreover, JBP implementation follow the same line of the BFT system (implemented in C), but we want to separate state management (basically, checkpoints) from the core total order multicast algorithm.
JBP is available to download, you are welcome to try it!
No Comments » | Software | Permalink
Posted by pjsousa
Towards Intrusion-Tolerant Process Control Software
Hugo Ortiz, Paulo Sousa, Paulo Veríssimo
In Proceedings of the 4th Portuguese National Conference of Informatics Security in Organizations (SINO 2008 ), Coimbra, Portugal, November 2008.
No Comments » | Publications | Permalink
Posted by pjsousa
DSN’09 – International Conference on Distributed Systems and Networks
Estoril, Portugal, 29th June – 2nd July, 2009
http://www.dsn.org/
Important dates:
Workshop Proposals: October 13, 2008
Mandatory Paper Abstracts: December 8, 2008
Full Papers: December 15, 2008
Panel Proposals: December 15, 2008
Tutorial Proposals: January 12, 2009
Fast Abstracts & Student Forum: April 6, 2009
No Comments » | Events | Permalink
Posted by pjsousa
Pedro Miguel Machado de Almeida, Measuring Software Diversity through Vulnerability Data, Master/Mestrado em Informática.
No Comments » | Ongoing, Students | Permalink
Posted by pjsousa
SINO 2008: 4th Portuguese National Conference of Informatics Security in Organizations, Nov 18-19, 2008.
Summary (in portuguese):
A Segurança Informática está na ordem do dia, no que diz respeito à segurança das organizações e indivíduos. Esta conferência constituirá uma excelente oportunidade de reflexão e discussão das diversas questões inerentes à segurança informática, quer na visão da investigação científica, quer como fórum de discussão envolvendo as empresas e instituições, para troca de experiências sobre aspectos teóricos e práticos bem como sobre projectos de I&D e experiências de adopção de diferentes tecnologias e práticas de segurança para sistemas computacionais.
O evento juntará, num fórum aberto de discussão e debate, diferentes especialistas, investigadores, consultores, administradores de sistemas, responsáveis pela segurança e outros representantes das empresas e das diversas instituições.
No Comments » | Committees, Events, Program | Permalink
Posted by pjsousa
Segurança e Disponibilidade através de Resiliência Proactiva (in portuguese)
Paulo Sousa
Prémio Científico IBM 2007 | IBM 2007 Scientific Award
Available as Technical Report DI/FCUL TR-08-15.
(media coverage)
No Comments » | Publications | Permalink
Posted by pjsousa
The FOREVER Service for Fault/Intrusion Removal
[paper]
Paulo Sousa, Alysson Neves Bessani, Rafael R. Obelheiro
In Proceedings of the 2nd Workshop on Recent Advances on Intrusion-Tolerant Systems (WRAITS 2008). Glasgow, UK, April 2008.
No Comments » | Publications | Permalink
Posted by pjsousa
EDCC-7: 7th European Dependable Computing Conference, May 7-9, 2008.
Summary:
There is an increasing dependency of the society on computing services and their underlying computing systems. This dependency creates strict requirements for the delivered services. These requirements affect to the quality of service, continuous availability, survivability in the advent of catastrophic failures, confidentiality, intrusion tolerance, etc. Dependability is a concept that considers all these cross-cutting concerns and required attributes, such as reliability, availability, safety, and security, as well as human factors.
The 7th European Dependable Computing Conference aims at providing a European-hosted venue for researchers and practioners from all over the world to present and discuss their latest research achievements. Original papers are solicited on theory, techniques, systems, and tools for the design, validation, operation and evaluation of dependable computing systems. All kinds of faults are of interest, from traditional hardware and software faults to accidental and malicious human interactions.
No Comments » | Committees, Program | Permalink
Posted by pjsousa
WRAITS 2008: 2nd Workshop on Recent Advances on Intrusion-Tolerant Systems, April 1st, 2008 (in conjunction with the European Conference on Computer Systems – EuroSys 2008).
Summary:
The 2nd Workshop on Recent Advances on Intrusion- Tolerant Systems aims to bring together researchers in the related areas of Intrusion Tolerance, Distributed Trust, Survivability, Byzantine Fault Tolerance, and Resilience. These areas have the purpose of enhancing the Dependability and Security of computer systems by tolerating both malicious faults (attacks, intrusions) and accidental faults. The workshop will be specially interested in “intrusion-tolerant systems”: how to build them? How to evaluate and test their dependability and security? What systems need to be intrusion-tolerant? The workshop will provide a forum for researchers in these areas to present recent results, discuss open problems that still need research, the steps that need to be taken for intrusion-tolerant systems to be deployed in practice, and the target application domains for intrusion tolerance.
No Comments » | Committees, Program | Permalink
Posted by pjsousa