access_time 27 de junho de 2019 às 14:00 até 27 de junho de 2019 às 16:00
place Anfiteatro PA-3 (Piso -1 do Pavilhão de Matemática) do IST, Alameda
Intrusion prevention mechanisms aim to reduce the probability of intrusions to occur. However, sooner or later an attacker may succeed in exploiting an unknown vulnerability or by stealing a user's access credentials, leading to the execution of undesired operations. These intrusions may corrupt the state of the application requiring intrusion recovery mechanisms to revert the effect of these actions. Simple solutions such as, the use of backups, allow reverting the effects of an intrusion, however, by restoring a previous backup of the system, every legitimate data that is not present in that backup is lost. Intrusion recovery mechanisms aim to revert only the damage caused by intrusions without affecting the legitimate data that was created by authorized users. This thesis explores the problem of intrusion recovery for distributed systems running in the cloud. The presented mechanisms take into account the distribution of the systems, the limitations of the cloud services and the development paradigms for this kind of systems. Given the heterogeneity of the different cloud computing models, there were designed different intrusions recovery mechanisms for the different models. For the infrastructure level of the cloud, namely, for file storage we propose RockFS, an intrusion recovery system designed for cloud-backed file systems. This kind of systems is accessed remotely allowing attackers to illegally modify files by accessing a legitimate user's account. RockFS protects the access credentials of the user through secret sharing mechanisms. which allow distributing fragments of the access credentials through several storage devices. For recovery, RockFS allows reverting unintended actions through the combination of operation logs and a multiversioned of file system. RockFS runs on the client-side and can be used in single-cloud and cloud-of-clouds file systems. At the infrastructure level of the cloud, but for databases, we present NoSQL Undo, an intrusion recovery system for NoSQL databases. This system does not require modifications to the source code of the Database Management System (DBMS), making it possible to be adopted by DBMS that do not provide the source code. NoSQL Undo takes advantage of the logs used by the database for replication, reducing the performance overhead. NoSQL Undo runs on the client-side and can be used to recover from intrusions without a previous installation or configuration. NoSQL Undo provides two algorithms for recovery: focused recovery and full recovery. Focused recovery only fixes the database records that were affected by the attack, while the full recovery fixes the entire database. The use of one algorithm as opposed to the other depends on the amount of affected database records by the attack. At the application level, of the cloud computing model, we propose an intrusion recover system called Rectify that allows reverting the effects of the attack in web applications. It is possible to use Rectify in any web application that uses a SQL database to store its state. Rectify identifies malicious operations in the database that were generated by malicious requests performed by the application. This association, of database operations with application level requests, is done through machine learning algorithms. The main advantage of this technique is that it does not require modifying the source code of the application or the source coed of the database. Rectify allows recovering from intrusions while keeping the application available for users. For modern distributed applications running in the cloud developed in a microservices paradigm, we propose µVerum, an intrusion recovery system that adopts the microservices architecture. In this kind of applications each component of the system is distributed in independent services that interact with each other through the network. µVerum was designed taking into account the distribution and self-contained characteristics of each microservice. µVerum allows propagating the compensating operations, the revert the effects of the intrusion, on the affected services. µVerum presents a modular architecture that allows to replicate the components with higher traffic demands in order to maintain the performance level of the application. µVerum allows the developers of the application to define invariants in order to fulfill the consistency requirements of the application. These invariants can be of two types: atomicity, in which several microservices should be executed together; and ordering, in which a group of microservices should be executed in a specific order. The work presented in this thesis allows applications deployed in the cloud to overcome intrusions. The proposed systems can be deployed in existing cloud services and interfere as less as possible with the user experience.
local_offer Prova de Doutoramento
person Candidato: David Rogério Póvoa de Matos
supervisor_account Orientador: Prof. Miguel Nuno Dias Alves Pupo Correia / Prof. Miguel Filipe Leitão Pardal