4th Workshop on Recent Advances in Intrusion-Tolerant Systems
WRAITS 2010
In conjunction with The 40th IEEE/IFIP International Conference on Dependable Systems and Networks - DSN 2010
June 28, 2010
OVERVIEW
The 4th edition of the Workshop on Recent Advances on Intrusion-Tolerant Systems aims to continue the collaborative discourse on the challenges of building intrusion-tolerant systems and innovative ideas to address them. As a technical area, Intrusion Tolerance is at the intersection of Fault Tolerance and Security. Having focused on intrusion tolerance technologies in the past workshops and having substantiated intrusion tolerance as a practical discipline that combines software engineering, adaptive system development, advanced reasoning and analyses, and coordination and control of distributed mechanisms and resources, this year’s workshop will be especially interested in “evaluating intrusion tolerance”: how to assess the assurance conferred by intrusion tolerance technologies, and “the overlap of intrusion tolerance and emerging information technologies”; how emerging technologies like Web 2.0, semantic web systems, clouds and service-oriented architectures challenge or enhance intrusion tolerance. The workshop will provide a forum for researchers and practitioners to present architectures for intrusion-tolerant systems, new defense mechanisms, recent results, discuss open problems that still need research, and survivability challenge problems in specific application and domain areas.
Authors are invited to submit papers to the workshop, which will be held in conjunction with the 40th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), June 28 - July 1, 2010. Papers can present ongoing work and/or speculative/futuristic ideas. Experimental results or other forms of validation are especially encouraged. The workshop papers will be published in a supplementary volume of the conference proceedings.
Previous editions: WRAITS 2009, WRAITS 2008, WRAITS 2007
PROGRAM
Session 1 – Keynote speech
Using
Formal Methods to Build Systems that Survive Attacks
Professor Robert L.
Constable
Computer Science Department, Cornell University, USA
Abstract
We are building components of distributed systems that change their protocols on-the-fly in response to apparent attacks from the environment. They substitute functionally equivalent versions possibly more resistant to detected threats. We are experimenting with libraries of protocol variants that are synthesized and correct-by-construction. Formal synthesis allows us to efficiently create a diverse variety of provably correct versions that we test in environments that simulate specified threats such as intrusion and denial of service attacks. Among the threats we study are those arising from implementing constructive versions of the famous Fischer/Lynch/Paterson imaginary adversary against deterministic fault-tolerant consensus.
Session 2 – Detection and Analysis
Analysis
of the Effect of Java Software Faults on Security Vulnerabilities and Their
Detection by Commercial Web Vulnerability Scanner Tool
Tania Basso, Plinio Fernandes, Mario Jino and Regina Moraes
UNICAMP, Brazil
Analysis
of a Markov Decision Process Model for Intrusion Tolerance
O. Patrick Kreidl
MIT, USA
On
Rootkit and Malware Detection in Smartphones
Bryan Dixon and Shivakant Mishra.
University of Colorado, USA
Session 3 – Systems and Architecture
SCIT and
IDS Architectures for Reduced Data Ex-filtration
Ajay Nagarajan and Arun Sood
George Mason University, USA
RAVE: Replicated AntiVirus
Engine
Carlos Silva, Paulo Sousa and Paulo Veríssimo
University of Lisboa, Portugal
Realizing S-Reliability for Services via Recovery-driven Intrusion Tolerance
Mechanism
Quyen Nguyen and Arun Sood
George Mason University, USA
Session 4 – Evaluation, Assessment and Governance
Assessing the Attack Resilience Capabilities of a Fortified Primary Backup
System
Dylan Clarke and Paul Ezhilchelvan
Newcastle University, UK
A
Security Evaluation of a Novel Resilient Web Serving Architecture: Lessons
Learned through Industry/Academia Collaboration
Yih Huang, Anup Ghosh, Tom Bracewell and Brian Mastropietro
George Mason University and Raytheon Company, USA
Survivability and Information Assurance in the Cloud
Melvin Greer
Lockheed Martin, USA
TOPICS
Topics of interest related to advances in intrusion-tolerant systems include, but are not limited to:
* Assessment and evaluation of intrusion-tolerant systems
* Intrusion-tolerant web-scale systems
* Intrusion tolerance in cyber-physical systems and critical infrastructure
protection
* Survivability and information assurance in the Cloud
* Assurance and survivability benefits of hardware and software virtualization
* Threat of botnet herds and surviving them
* Byzantine fault-tolerant algorithms in intrusion tolerance
* Biologically inspired defenses
* Diversity and failure independence
* Theoretical limits/boundaries of intrusion tolerance
* Real world case studies
More information about the workshop can be obtained by emailing to wraits10_AT_di.fc.ul.pt
SUBMISSION INSTRUCTIONS
The workshop will accept two formats of papers: regular papers (maximum 6
pages) and position papers (maximum 2 pages). Position papers allow researchers
to present more speculative/futuristic ideas to stimulate discussion and further
work. Papers have to adhere to the IEEE Computer Society camera-ready 8.5”x11”
two-column camera-ready format, like regular DSN papers:
Submitions are upload of final versions: http://www.easychair.org/conferences/?conf=wraits2010
At least one author of an accepted paper must register at the conference and present the paper at the workshop.
IMPORTANT DATES
Submission deadline: March 15, 2010
Author notification: April 13, 2010
Final version: May 3, 2010
WORKSHOP ORGANIZERS
Miguel Correia, University of Lisboa,
Portugal
Partha Pal, BBN
Technologies, USA
PROGRAM COMMITTEE
Saurabh Bagchi, Purdue U., USA
Byung-Gon Chun, Intel Labs Berkeley, USA
Manuel Costa, Microsoft Research, UK
Flavio Junqueira, Yahoo! Research, Spain
Rama Kotla, Microsoft Research, USA
Patrick Kreidl, MIT, USA
Peng Liu, Penn State U., USA, USA
Jean-Phillipe Martin, Microsoft Research, UK
Nuno Neves, U. Lisboa, Portugal
Rodrigo Rodrigues, MPI-SWS, Germany
William H. Sanders, U. Illinois UC, USA
Arun Sood, George Mason U., USA
Paulo Verissimo, U. Lisboa, Portugal
SPONSORS