Miguel Correia | INESC-ID - Academia.edu (original) (raw)
Papers by Miguel Correia
Anais do VI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2006)
A coordenação por espaços de tuplas é um dos mais interessantes modelos de comunicação para siste... more A coordenação por espaços de tuplas é um dos mais interessantes modelos de comunicação para sistemas distribuídos abertos, devido as suas características de desacoplamento espacial e temporal e ao seu poder de sincronização. Muitos destes sistemas estão sujeitos a faltas, ataques e intrusões, porém é fundamental que a estrutura de comunicação neles empregada permaneça provendo seu serviço corretamente mesmo na presença desses eventos. Para fornecer este nível de qualidade de serviço uma abordagem interessante é a tolerância a intrusões, onde o sistema é implementado por um conjunto de réplicas que provêm o serviço corretamente mesmo que uma parte delas sejam controladas por um adversário. Este trabalho apresenta um esquema de confidencialidade para espaços de tuplas tolerantes a intrusões baseado em compartilhamento de segredo, onde uma tupla (unidade de dados armazenada no espaço) não é revelada a partes não autorizadas mesmo que algumas das réplicas do espaço sejam faltosas. Visan...
Anais do X Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2010)
Soluções práticas para o desenvolvimento de aplicações distribuídas tolerantes a faltas bizantina... more Soluções práticas para o desenvolvimento de aplicações distribuídas tolerantes a faltas bizantinas tem sido alvo de pesquisas nos últimos anos. Tais soluções visam oferecer resistência aos sistemas contra ataques de todos os tipos, inclusive maliciosos, tornando-os assim tolerantes a intrusões. Recentemente, o uso de virtualização para construção de um ambiente confiável tem sido considerado por alguns desses trabalhos. Este artigo apresenta SMIT, uma arquitetura tolerante a intrusões que toma proveito de uma área de memória compartilhada entre máquinas virtuais residentes em uma máquina singular para simplificar o protocolo de consenso. O artigo também apresenta uma abordagem distribuída para SMIT, que utiliza um modelo híbrido de falhas.
Minicursos do V Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais
IntroductionGroup communication is a well-known paradigm for the construction of distributed appl... more IntroductionGroup communication is a well-known paradigm for the construction of distributed applications. Thisabstract is about the design of a Wormhole-based Intrusion-Tolerant Group Communication System--WIT-GCS. The system is intrusion-tolerant in the sense that it tolerates arbitrary faults, including bothaccidental and malicious faults such as attacks and intrusions [12]. The system is expected to continueto provide correct results despite intrusions on a number of processors and attacks in the network, eg, delay, ...
Submitted for publication, 2003
2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2017
Despite the significant efforts put in building more secure web applications, cases of high impac... more Despite the significant efforts put in building more secure web applications, cases of high impact breaches continue to appear. Vulnerabilities in web applications are often created due to inconsistencies in the way SQL queries are believed to be run and the way they are actually executed by a Database Management System (DBMS). This paper presents a demonstration of SEPTIC, a mechanism that detects and blocks injection attacks inside the DBMS. The demonstration considers a scenario of a non-trivial PHP web application, backed by a MySQL DBMS, which was modified to include SEPTIC. It presents how SEPTIC blocks injection attacks without compromising the application correctness and performance. In addition, SEPTIC is compared to alternative approaches, such as sanitizations carried out with standard functions provided language and a web application firewall.
SSL/TLS communication channels play a very important role in Internet security, including cloud c... more SSL/TLS communication channels play a very important role in Internet security, including cloud computing and server infrastructures. There are often concerns about the strength of the encryption mechanisms used in TLS channels. Vulnerabilities can lead to some of the cipher suites once thought to be secure to become insecure and no longer recommended for use or in urgent need of a software update. However, the deprecation/update process is very slow and weeks or months can go by before most web servers and clients are protected, and some servers and clients may never be updated. In the meantime, the communications are at risk of being intercepted and tampered by attackers. In this paper we propose an alternative to TLS to mitigate the problem of secure communication channels being susceptible to attacks due to unexpected vulnerabilities in its mechanisms. Our solution, called Vulnerability-Tolerant Transport Layer Security (vtTLS), is based on diversity and redundancy of cryptograp...
2017 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID), 2017
MapReduce is a framework for processing large data sets much used in the context of cloud computi... more MapReduce is a framework for processing large data sets much used in the context of cloud computing. MapReduce implementations like Hadoop can tolerate crashes and file corruptions, but not arbitrary faults. Unfortunately, there is evidence that arbitrary faults do occur and can affect the correctness of MapReduce job executions. Furthermore, many outages of major cloud offerings have been reported, raising concerns about the dependence on a single cloud. In this paper we propose a novel execution system that allows to scale out MapReduce computations to a cloud-of-clouds and tolerate arbitrary faults, malicious faults, and cloud outages. Our system, Chrysaor, is based on a fine-grained replication scheme that tolerates faults at the task level. Our solution has three important properties: it tolerates the above-mentioned classes of faults at reasonable cost; it requires minimal modifications to the users' applications; and it does not involve changes to the Hadoop source code. We performed an extensive evaluation of our system in Amazon EC2, showing that our fine-grained solution is efficient in terms of computation by recovering only faulty tasks. This is achieved without incurring a significant penalty for the baseline case (i.e., without faults) in most workloads.
Advances in Computational Intelligence, 2017
A few exploratory works studied Restricted Boltzmann Machines (RBMs) as an approach for network i... more A few exploratory works studied Restricted Boltzmann Machines (RBMs) as an approach for network intrusion detection, but did it in a rather empirical way. It is possible to go one step further taking advantage from already mature theoretical work in the area. In this paper, we use RBMs for network intrusion detection showing that it is capable of learning complex datasets. We also illustrate an integrated and systematic way of learning. We analyze learning procedures and applications of RBMs and show experimental results for training RBMs on a standard network intrusion detection dataset.
Proceedings - 13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007, 2007
the FCT through LASIGE and project POSI/EIA/60334/2004 (RITAS), and by CAPES/GRICES through proje... more the FCT through LASIGE and project POSI/EIA/60334/2004 (RITAS), and by CAPES/GRICES through project TISD. 1 These latter buffer overflow attacks consist in injecting data in a buffer for which the limits are not checked, writing over memory used for other purposes, with effects that may range from crashing the application to running arbitrary code on the attacked machine.
Journal of Systems and Software, 2007
This paper presents Worm-IT, a new intrusion-tolerant group communication system with a membershi... more This paper presents Worm-IT, a new intrusion-tolerant group communication system with a membership service and a view-synchronous atomic multicast primitive. The system is intrusion-tolerant in the sense that it behaves correctly even if some nodes are corrupted and become malicious. It is based on a novel approach that enhances the environment with a special secure distributed component used by the protocols to execute securely a few crucial operations. Using this approach, we manage to bring together two important features: Worm-IT tolerates the maximum number of malicious members possible; it does not have to detect the failure of primary-members, a problem in previous intrusion-tolerant group communication systems.
IEEE Transactions on Computers, 2013
We present two asynchronous Byzantine fault-tolerant state machine replication (BFT) algorithms, ... more We present two asynchronous Byzantine fault-tolerant state machine replication (BFT) algorithms, which improve previous algorithms in terms of several metrics. First, they require only 2f + 1 replicas, instead of the usual 3f + 1. Second, the trusted service in which this reduction of replicas is based is quite simple, making a verified implementation straightforward (and even feasible using commercial trusted hardware). Third, in nice executions the two algorithms run in the minimum number of communication steps for non-speculative and speculative algorithms, respectively 4 and 3 steps. Besides the obvious benefits in terms of cost, resilience and management complexity-fewer replicas to tolerate a certain number of faults-our algorithms are simpler than previous ones, being closer to crash fault-tolerant replication algorithms. The performance evaluation shows that, even with the trusted component access overhead, they can have better throughput than Castro and Liskov's PBFT, and better latency in networks with non-negligible communication delays.
gsd.inesc-id.pt
Resumo. Soluç oes práticas para o desenvolvimento de aplicaç oes distribuıdas tolerantes a faltas... more Resumo. Soluç oes práticas para o desenvolvimento de aplicaç oes distribuıdas tolerantes a faltas bizantinas tem sido alvo de pesquisas nos últimos anos. Tais soluçoes visam oferecer resistência aos sistemas contra ataques de todos os tipos, inclusive maliciosos, tornando-os assim tolerantes a intrusoes. Recentemente, o uso de virtualizaçao para construçao de um ambiente confiável tem sido considerado por alguns desses trabalhos. Este artigo apresenta SMIT, uma arquitetura tolerante a intrusoes que toma proveito de ...
Journal of Systems and Software, Feb 28, 2007
This paper presents Worm-IT, a new intrusion-tolerant group communication system with a membershi... more This paper presents Worm-IT, a new intrusion-tolerant group communication system with a membership service and a view-synchronous atomic multicast primitive. The system is intrusion-tolerant in the sense that it behaves correctly even if some nodes are corrupted and become malicious. It is based on a novel approach that enhances the environment with a special secure distributed component used by the protocols to execute securely a few crucial operations. Using this approach, we manage to bring together two important ...
Applications such as web search and social networking have been moving from centralized to decent... more Applications such as web search and social networking have been moving from centralized to decentralized cloud architectures to improve their scalability. MapReduce, a programming framework for processing large amounts of data using thousands of machines in a single cloud, also needs to be scaled out to multiple clouds to adapt to this evolution. The challenge of building a multi-cloud distributed architecture is substantial. Notwithstanding, the ability to deal with the new types of faults introduced by such setting, such as the outage of a whole datacenter or an arbitrary fault caused by a malicious cloud insider, increases the endeavor considerably. In this paper we propose Medusa, a platform that allows MapReduce computations to scale out to multiple clouds and tolerate several types of faults. Our solution fulfills four objectives. First, it is transparent to the user, who writes her typical MapReduce application without modification. Second, it does not require any modificatio...
2015 IEEE Trustcom/BigDataSE/ISPA, 2015
The management of complex network infrastructures continues to be a difficult endeavor today. The... more The management of complex network infrastructures continues to be a difficult endeavor today. These infrastructures can contain a huge number of devices that may misbehave in unpredictable ways. Many of these devices keep logs that contain valuable information about the infrastructures' security, reliability, and performance. However, extracting information from that data is far from trivial. The paper presents a novel approach to assess the security of such an infrastructure using its logs, inspired on data from a real telecommunications network. We use machine learning and data mining techniques to analyze the data and semi-automatically discover misbehaving hosts, without having to instruct the system about how hosts misbehave.
Entrepreneurs, enterprises, and governments are using distributed ledger technology (DLT) as a co... more Entrepreneurs, enterprises, and governments are using distributed ledger technology (DLT) as a component of complex information systems, and therefore interoperability capabilities are required. Interoperating DLTs enables network effects, synergies and, similarly to the rise of the Internet, it unlocks the full potential of the technology. However, due to the novelty of the area, interoperability mechanisms (IM) are still not well understood, as interoperability is studied in silos. Consequently, choosing the proper IM for a use case is challenging.Our paper has three contributions: first, we systematically study the research area of DLT interoperability by dissecting and analyzing previous work. We study the logical separation of interoperability layers, how a DLT can connect to others (connection mode), the object of interoperation (interoperation mode), and propose a new categorization for IMs. Second, we propose the first interoperability assessment for DLTs that systematically...
Abstract—MapReduce is a framework for processing large data sets largely used in cloud computing.... more Abstract—MapReduce is a framework for processing large data sets largely used in cloud computing. MapReduce imple-mentations like Hadoop can tolerate crashes and file corruptions, but there is evidence that general arbitrary faults do occur and can affect the correctness of job executions. Furthermore, many individual cloud outages have been reported, raising concerns about depending on a single cloud. We present a MapReduce runtime that tolerates arbitrary faults and runs in a set of clouds at a reasonable cost in terms of computation and execution time. The main challenge is to avoid sending through the internet the huge amount of data that would normally be exchanged between map and reduce tasks. I.
Anais do VI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2006)
A coordenação por espaços de tuplas é um dos mais interessantes modelos de comunicação para siste... more A coordenação por espaços de tuplas é um dos mais interessantes modelos de comunicação para sistemas distribuídos abertos, devido as suas características de desacoplamento espacial e temporal e ao seu poder de sincronização. Muitos destes sistemas estão sujeitos a faltas, ataques e intrusões, porém é fundamental que a estrutura de comunicação neles empregada permaneça provendo seu serviço corretamente mesmo na presença desses eventos. Para fornecer este nível de qualidade de serviço uma abordagem interessante é a tolerância a intrusões, onde o sistema é implementado por um conjunto de réplicas que provêm o serviço corretamente mesmo que uma parte delas sejam controladas por um adversário. Este trabalho apresenta um esquema de confidencialidade para espaços de tuplas tolerantes a intrusões baseado em compartilhamento de segredo, onde uma tupla (unidade de dados armazenada no espaço) não é revelada a partes não autorizadas mesmo que algumas das réplicas do espaço sejam faltosas. Visan...
Anais do X Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2010)
Soluções práticas para o desenvolvimento de aplicações distribuídas tolerantes a faltas bizantina... more Soluções práticas para o desenvolvimento de aplicações distribuídas tolerantes a faltas bizantinas tem sido alvo de pesquisas nos últimos anos. Tais soluções visam oferecer resistência aos sistemas contra ataques de todos os tipos, inclusive maliciosos, tornando-os assim tolerantes a intrusões. Recentemente, o uso de virtualização para construção de um ambiente confiável tem sido considerado por alguns desses trabalhos. Este artigo apresenta SMIT, uma arquitetura tolerante a intrusões que toma proveito de uma área de memória compartilhada entre máquinas virtuais residentes em uma máquina singular para simplificar o protocolo de consenso. O artigo também apresenta uma abordagem distribuída para SMIT, que utiliza um modelo híbrido de falhas.
Minicursos do V Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais
IntroductionGroup communication is a well-known paradigm for the construction of distributed appl... more IntroductionGroup communication is a well-known paradigm for the construction of distributed applications. Thisabstract is about the design of a Wormhole-based Intrusion-Tolerant Group Communication System--WIT-GCS. The system is intrusion-tolerant in the sense that it tolerates arbitrary faults, including bothaccidental and malicious faults such as attacks and intrusions [12]. The system is expected to continueto provide correct results despite intrusions on a number of processors and attacks in the network, eg, delay, ...
Submitted for publication, 2003
2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2017
Despite the significant efforts put in building more secure web applications, cases of high impac... more Despite the significant efforts put in building more secure web applications, cases of high impact breaches continue to appear. Vulnerabilities in web applications are often created due to inconsistencies in the way SQL queries are believed to be run and the way they are actually executed by a Database Management System (DBMS). This paper presents a demonstration of SEPTIC, a mechanism that detects and blocks injection attacks inside the DBMS. The demonstration considers a scenario of a non-trivial PHP web application, backed by a MySQL DBMS, which was modified to include SEPTIC. It presents how SEPTIC blocks injection attacks without compromising the application correctness and performance. In addition, SEPTIC is compared to alternative approaches, such as sanitizations carried out with standard functions provided language and a web application firewall.
SSL/TLS communication channels play a very important role in Internet security, including cloud c... more SSL/TLS communication channels play a very important role in Internet security, including cloud computing and server infrastructures. There are often concerns about the strength of the encryption mechanisms used in TLS channels. Vulnerabilities can lead to some of the cipher suites once thought to be secure to become insecure and no longer recommended for use or in urgent need of a software update. However, the deprecation/update process is very slow and weeks or months can go by before most web servers and clients are protected, and some servers and clients may never be updated. In the meantime, the communications are at risk of being intercepted and tampered by attackers. In this paper we propose an alternative to TLS to mitigate the problem of secure communication channels being susceptible to attacks due to unexpected vulnerabilities in its mechanisms. Our solution, called Vulnerability-Tolerant Transport Layer Security (vtTLS), is based on diversity and redundancy of cryptograp...
2017 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID), 2017
MapReduce is a framework for processing large data sets much used in the context of cloud computi... more MapReduce is a framework for processing large data sets much used in the context of cloud computing. MapReduce implementations like Hadoop can tolerate crashes and file corruptions, but not arbitrary faults. Unfortunately, there is evidence that arbitrary faults do occur and can affect the correctness of MapReduce job executions. Furthermore, many outages of major cloud offerings have been reported, raising concerns about the dependence on a single cloud. In this paper we propose a novel execution system that allows to scale out MapReduce computations to a cloud-of-clouds and tolerate arbitrary faults, malicious faults, and cloud outages. Our system, Chrysaor, is based on a fine-grained replication scheme that tolerates faults at the task level. Our solution has three important properties: it tolerates the above-mentioned classes of faults at reasonable cost; it requires minimal modifications to the users' applications; and it does not involve changes to the Hadoop source code. We performed an extensive evaluation of our system in Amazon EC2, showing that our fine-grained solution is efficient in terms of computation by recovering only faulty tasks. This is achieved without incurring a significant penalty for the baseline case (i.e., without faults) in most workloads.
Advances in Computational Intelligence, 2017
A few exploratory works studied Restricted Boltzmann Machines (RBMs) as an approach for network i... more A few exploratory works studied Restricted Boltzmann Machines (RBMs) as an approach for network intrusion detection, but did it in a rather empirical way. It is possible to go one step further taking advantage from already mature theoretical work in the area. In this paper, we use RBMs for network intrusion detection showing that it is capable of learning complex datasets. We also illustrate an integrated and systematic way of learning. We analyze learning procedures and applications of RBMs and show experimental results for training RBMs on a standard network intrusion detection dataset.
Proceedings - 13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007, 2007
the FCT through LASIGE and project POSI/EIA/60334/2004 (RITAS), and by CAPES/GRICES through proje... more the FCT through LASIGE and project POSI/EIA/60334/2004 (RITAS), and by CAPES/GRICES through project TISD. 1 These latter buffer overflow attacks consist in injecting data in a buffer for which the limits are not checked, writing over memory used for other purposes, with effects that may range from crashing the application to running arbitrary code on the attacked machine.
Journal of Systems and Software, 2007
This paper presents Worm-IT, a new intrusion-tolerant group communication system with a membershi... more This paper presents Worm-IT, a new intrusion-tolerant group communication system with a membership service and a view-synchronous atomic multicast primitive. The system is intrusion-tolerant in the sense that it behaves correctly even if some nodes are corrupted and become malicious. It is based on a novel approach that enhances the environment with a special secure distributed component used by the protocols to execute securely a few crucial operations. Using this approach, we manage to bring together two important features: Worm-IT tolerates the maximum number of malicious members possible; it does not have to detect the failure of primary-members, a problem in previous intrusion-tolerant group communication systems.
IEEE Transactions on Computers, 2013
We present two asynchronous Byzantine fault-tolerant state machine replication (BFT) algorithms, ... more We present two asynchronous Byzantine fault-tolerant state machine replication (BFT) algorithms, which improve previous algorithms in terms of several metrics. First, they require only 2f + 1 replicas, instead of the usual 3f + 1. Second, the trusted service in which this reduction of replicas is based is quite simple, making a verified implementation straightforward (and even feasible using commercial trusted hardware). Third, in nice executions the two algorithms run in the minimum number of communication steps for non-speculative and speculative algorithms, respectively 4 and 3 steps. Besides the obvious benefits in terms of cost, resilience and management complexity-fewer replicas to tolerate a certain number of faults-our algorithms are simpler than previous ones, being closer to crash fault-tolerant replication algorithms. The performance evaluation shows that, even with the trusted component access overhead, they can have better throughput than Castro and Liskov's PBFT, and better latency in networks with non-negligible communication delays.
gsd.inesc-id.pt
Resumo. Soluç oes práticas para o desenvolvimento de aplicaç oes distribuıdas tolerantes a faltas... more Resumo. Soluç oes práticas para o desenvolvimento de aplicaç oes distribuıdas tolerantes a faltas bizantinas tem sido alvo de pesquisas nos últimos anos. Tais soluçoes visam oferecer resistência aos sistemas contra ataques de todos os tipos, inclusive maliciosos, tornando-os assim tolerantes a intrusoes. Recentemente, o uso de virtualizaçao para construçao de um ambiente confiável tem sido considerado por alguns desses trabalhos. Este artigo apresenta SMIT, uma arquitetura tolerante a intrusoes que toma proveito de ...
Journal of Systems and Software, Feb 28, 2007
This paper presents Worm-IT, a new intrusion-tolerant group communication system with a membershi... more This paper presents Worm-IT, a new intrusion-tolerant group communication system with a membership service and a view-synchronous atomic multicast primitive. The system is intrusion-tolerant in the sense that it behaves correctly even if some nodes are corrupted and become malicious. It is based on a novel approach that enhances the environment with a special secure distributed component used by the protocols to execute securely a few crucial operations. Using this approach, we manage to bring together two important ...
Applications such as web search and social networking have been moving from centralized to decent... more Applications such as web search and social networking have been moving from centralized to decentralized cloud architectures to improve their scalability. MapReduce, a programming framework for processing large amounts of data using thousands of machines in a single cloud, also needs to be scaled out to multiple clouds to adapt to this evolution. The challenge of building a multi-cloud distributed architecture is substantial. Notwithstanding, the ability to deal with the new types of faults introduced by such setting, such as the outage of a whole datacenter or an arbitrary fault caused by a malicious cloud insider, increases the endeavor considerably. In this paper we propose Medusa, a platform that allows MapReduce computations to scale out to multiple clouds and tolerate several types of faults. Our solution fulfills four objectives. First, it is transparent to the user, who writes her typical MapReduce application without modification. Second, it does not require any modificatio...
2015 IEEE Trustcom/BigDataSE/ISPA, 2015
The management of complex network infrastructures continues to be a difficult endeavor today. The... more The management of complex network infrastructures continues to be a difficult endeavor today. These infrastructures can contain a huge number of devices that may misbehave in unpredictable ways. Many of these devices keep logs that contain valuable information about the infrastructures' security, reliability, and performance. However, extracting information from that data is far from trivial. The paper presents a novel approach to assess the security of such an infrastructure using its logs, inspired on data from a real telecommunications network. We use machine learning and data mining techniques to analyze the data and semi-automatically discover misbehaving hosts, without having to instruct the system about how hosts misbehave.
Entrepreneurs, enterprises, and governments are using distributed ledger technology (DLT) as a co... more Entrepreneurs, enterprises, and governments are using distributed ledger technology (DLT) as a component of complex information systems, and therefore interoperability capabilities are required. Interoperating DLTs enables network effects, synergies and, similarly to the rise of the Internet, it unlocks the full potential of the technology. However, due to the novelty of the area, interoperability mechanisms (IM) are still not well understood, as interoperability is studied in silos. Consequently, choosing the proper IM for a use case is challenging.Our paper has three contributions: first, we systematically study the research area of DLT interoperability by dissecting and analyzing previous work. We study the logical separation of interoperability layers, how a DLT can connect to others (connection mode), the object of interoperation (interoperation mode), and propose a new categorization for IMs. Second, we propose the first interoperability assessment for DLTs that systematically...
Abstract—MapReduce is a framework for processing large data sets largely used in cloud computing.... more Abstract—MapReduce is a framework for processing large data sets largely used in cloud computing. MapReduce imple-mentations like Hadoop can tolerate crashes and file corruptions, but there is evidence that general arbitrary faults do occur and can affect the correctness of job executions. Furthermore, many individual cloud outages have been reported, raising concerns about depending on a single cloud. We present a MapReduce runtime that tolerates arbitrary faults and runs in a set of clouds at a reasonable cost in terms of computation and execution time. The main challenge is to avoid sending through the internet the huge amount of data that would normally be exchanged between map and reduce tasks. I.