The main goal of this project is to design, implement, and evaluate a group communication service that can tolerate malicious process behaviors. Group communication services have provided a sound platform in the past for constructing highly available and dependable applications in the presence of node crashes and omission/performance communication failures. However, very little work has been done to handle malicious failures in group communication.

We have have designed and implemented a group communication system called FITS (Flexible Intrusion Tolerant Group Communication System). FITS consists of a trustworthiness detector, a trustworthy group membership protocol, and an atomic broadcast protocol. It provides two unique features. First, unlike most group communication services proposed in the past, FITS is designed to support object replication in the presence of Byzantine failures. Second, FITS explicitly incorporates techniques to address the fundamental problem of correctly detecting Byzantine failures in a timely manner.

The trustworthiness detector of FITS raises a suspicion event, whenever one or more group members can no longer be trusted. We have designed and implemented a generic trustworthiness detector that is independent of the actual broadcast or group membership protocols, and can be incorporated in most group communication systems. Performance measurements from our prototype implementation show that the detector provides good performance, and copes well with multiple malicious faults.

The intrusion-tolerant group membership protocol of FITS maintains a consistent, system-wide view of correct group members in the presence of malicious faults. This protocol introduces a new concept of suspended group membership state. A suspended group membership state provides a balance between the length of time interval during which a compromised group member can launch malicious attacks (after being compromised and before being removed from the group), and the possibility of denial-of-service attacks if a suspect member is removed too soon from the group.

Publications

• N. Subraveti, S. Tanaraksiritavorn, and S. Mishra. Intrusion Tolerant Group Membership Protocol. To appear in the Tenth IEEE International Conference on Parallel and Distributed Systems (ICPADS 2004), Newport Beach, CA (July 2004).
• N. Subraveti, S. Tanaraksiritavorn, and S. Mishra. Flexible Intrusion Tolerant Group Membership Protocol. Technical Report CU-CS-967-04. Department of Computer Science, University of Colorado, February 2004.
• S. Tanaraksiritavorn and S. Mishra.  A Trustworthiness Detector for Intrusion-Tolerant Group Communication Systems.  In the 2004 Hawaii International Conference on Computer Sciences (HICCS 2004), Honolulu, Hawaii (January 2004). 
• N. Subraveti, S. Tanaraksiritavorn and S. Mishra. Issues in Building Intrusion Tolerant Group Membership Protocols. In the 16th ISCA International Conference on Parallel and Distributed Computing Systems (PDCS 2003), Reno, NV (August 2003).