In 1775, Paul Revere, the folk hero of the American Revolution, galloped wildly on horseback through small towns to warn American colonists that the British were coming. In the Internet age, how do we warn vast numbers of computers about impending cyber attacks? Rapid and widespread dissemination of security updates throughout the Internet would be invaluable for many purposes, including sending early-warning signals, distributing new virus signatures, updating certificate revocation lists, dispatching event information for intrusion detection systems and so forth. However, notifying a large number of machines securely, quickly, and with high assurance is very challenging. Such a system must compete with the propagation of threats, handle complexities in large-scale environments, address interruption attacks toward dissemination, and also secure itself. This work describes an alternative system, "Revere", that addresses these problems. Revere builds large-scale, self-organizing and resilient overlay networks on top of the Internet to push security updates from dissemination centers to individual nodes.
It also sets up repository servers for individual nodes to pull missed security updates. This book further discusses how to protect this push-and-pull dissemination procedure and how to secure Revere overlay networks, considering possible attacks and countermeasures. The book presents experimental measurements of a prototype implementation of Revere gathered using a large-scale oriented approach. These measurements suggest that Revere can deliver security updates at the required scale, speed and resiliency for a reasonable cost. The text is designed to meet the needs of researchers and practitioners in industry and graduate students in computer science. It should also be helpful to those trying to design peer systems at large scale when security is a concern, since many of the issues faced by these designs are also faced by Revere. The Revere solutions may not always be appropriate for other peer systems with very different goals, but the analysis of the problems and possible solutions discussed here should be helpful in designing a customized approach for such systems.
It also sets up repository servers for individual nodes to pull missed security updates. This book further discusses how to protect this push-and-pull dissemination procedure and how to secure Revere overlay networks, considering possible attacks and countermeasures. The book presents experimental measurements of a prototype implementation of Revere gathered using a large-scale oriented approach. These measurements suggest that Revere can deliver security updates at the required scale, speed and resiliency for a reasonable cost. The text is designed to meet the needs of researchers and practitioners in industry and graduate students in computer science. It should also be helpful to those trying to design peer systems at large scale when security is a concern, since many of the issues faced by these designs are also faced by Revere. The Revere solutions may not always be appropriate for other peer systems with very different goals, but the analysis of the problems and possible solutions discussed here should be helpful in designing a customized approach for such systems.
Share This Book: