Safety on Untrusted Network Devices
The goal of the SOUND (Safety On Untrusted Network Devices) project is to design a distributed system that can offer cloud-style services but is highly resilient to cyber-attacks. Rather than focusing on specific known attacks, we would like to provide resiliency against a broad range of known and unknown (Byzantine) attacks; for instance, an adversary could compromise a certain number of nodes and modify them in some arbitrary way. Our goal is to detect and mitigate such attacks whenever possible, e.g., by reconfiguring the system to exclude any compromised nodes.
We approach this problem using the principle of mutual suspicion: Nodes continually monitor each other and check for unusual actions or changes in behavior that could be related to an attack. However, since we are assuming a very strong adversary, the bar for a successful solution is high: We require a strong, provable guarantee that the adversary cannot circumvent the system, as well as a practical design that can efficiently provide this guarantee. We expect that the SOUND project will build on results from the CRASH/SAFE effort at the level of individual nodes; however, SOUND goes beyond CRASH/SAFE by considering an entire distributed system with a heterogeneous mix of nodes, many of which may not be operating in a secure environment.