scispace - formally typeset
Search or ask a question
Author

Hans P. Reiser

Bio: Hans P. Reiser is an academic researcher from University of Passau. The author has contributed to research in topics: Virtual machine & Replication (computing). The author has an hindex of 14, co-authored 86 publications receiving 651 citations. Previous affiliations of Hans P. Reiser include University of Lisbon & University of Erlangen-Nuremberg.


Papers
More filters
Proceedings ArticleDOI
10 Oct 2007
TL;DR: This paper investigates the benefits that a virtualization-based replication infrastructure can offer for implementing proactive recovery and uses the hypervisor to initialize a new replica in parallel to normal system execution and minimizes the time in which a proactive reboot interferes with system operation.
Abstract: Proactive recovery is a promising approach for building fault and intrusion tolerant systems that tolerate an arbitrary number of faults during system lifetime. This paper investigates the benefits that a virtualization-based replication infrastructure can offer for implementing proactive recovery. Our approach uses the hypervisor to initialize a new replica in parallel to normal system execution and thus minimizes the time in which a proactive reboot interferes with system operation. As a consequence, the system maintains an equivalent degree of system availability without requiring more replicas than a traditional replication system. Furthermore, having the old replica available on the same physical host as the rejuvenated replica helps to optimize state transfer. The problem of remote transfer is reduced to remote validation of the state in the frequent case when the local replica has not been corrupted.

72 citations

Proceedings ArticleDOI
10 Dec 2018
TL;DR: This paper provides a broad analysis of various optimization techniques and approaches used in recent protocols to scale Byzantine consensus for large environments such as BFT blockchain infrastructures and presents an overview of both efforts and assumptions made by existing protocols.
Abstract: Blockchains and distributed ledger technology (DLT) that rely on Proof-of-Work (PoW) typically show limited performance. Several recent approaches incorporate Byzantine fault-tolerant (BFT) consensus protocols in their DLT design as Byzantine consensus allows for increased performance and energy efficiency, as well as it offers proven liveness and safety properties. While there has been a broad variety of research on BFT consensus protocols over the last decades, those protocols were originally not intended to scale for a large number of nodes. Thus, the quest for scalable BFT consensus was initiated with the emerging research interest in DLT. In this paper, we first provide a broad analysis of various optimization techniques and approaches used in recent protocols to scale Byzantine consensus for large environments such as BFT blockchain infrastructures. We then present an overview of both efforts and assumptions made by existing protocols and compare their solutions.

47 citations

Journal ArticleDOI
01 Dec 2017
TL;DR: This paper classifies attacks in IaaS cloud that can be investigated using VMI-based mechanisms and provides a statistical analysis of the reported vulnerabilities exploited by the classified attacks and their financial impact on actual business processes.
Abstract: In the last few years, research has been motivated to provide a categorization and classification of security concerns accompanying the growing adaptation of Infrastructure as a Service (IaaS) clouds. Studies have been motivated by the risks, threats and vulnerabilities imposed by the components within the environment and have provided general classifications of related attacks, as well as the respective detection and mitigation mechanisms. Virtual Machine Introspection (VMI) has been proven to be an effective tool for malware detection and analysis in virtualized environments. In this paper, we classify attacks in IaaS cloud that can be investigated using VMI-based mechanisms. This infers a special focus on attacks that directly involve Virtual Machines (VMs) deployed in an IaaS cloud. Our classification methodology takes into consideration the source, target, and direction of the attacks. As each actor in a cloud environment can be both source and target of attacks, the classification provides any cloud actor the necessary knowledge of the different attacks by which it can threaten or be threatened, and consequently deploy adapted VMI-based monitoring architectures. To highlight the relevance of attacks, we provide a statistical analysis of the reported vulnerabilities exploited by the classified attacks and their financial impact on actual business processes.

43 citations

Proceedings Article
01 Jan 2011
TL;DR: SPARE is presented, a cloud-aware approach that harnesses virtualization to reduce the resource demand of BFT replication and to provide efficient support for proactive recovery and focuses on the main source of software bugs and intrusions.
Abstract: Despite numerous improvements in the development and maintenance of software, bugs and security holes exist in today’s products, and malicious intrusions happen frequently. While this is a general problem, it explicitly applies to webbased services. However, Byzantine fault-tolerant (BFT) replication and proactive recovery offer a powerful combination to tolerate and overcome these kinds of faults, thereby enabling long-term service provision. BFT replication is commonly associated with the overhead of 3f + 1 replicas to handle f faults. Using a trusted component, some previous systems were able to reduce the resource cost to 2f +1 replicas. In general, adding support for proactive recovery further increases the resource demand. We believe this enormous resource demand is one of the key reasons why BFT replication is not commonly applied and considered unsuitable for web-based services. In this paper we present SPARE, a cloud-aware approach that harnesses virtualization to reduce the resource demand of BFT replication and to provide efficient support for proactive recovery. In SPARE, we focus on the main source of software bugs and intrusions; that is, the services and their associated execution environments. This approach enables us to restrict replication and request execution to only f + 1 replicas in the fault-free case while rapidly activating up to f additional replicas by utilizing virtualization in case of timing violations and faults. For an instant reaction, we keep spare replicas that are periodically updated in a paused state. In the fault-free case, these passive replicas require far less resources than active replicas and aid efficient proactive recovery.

42 citations

01 Jan 2007
TL;DR: The VM-FIT architecture, which uses virtualisation for realising fault and intrusion tolerant networkbased services, allows the implementation of more efficient strategies for proactive recovery in order to cope with the undetectability of malicious intrusions.
Abstract: The use of virtualisation technology on modern standard PC hardware has become popular in the recent years. This paper presents the VM-FIT architecture, which uses virtualisation for realising fault and intrusion tolerant networkbased services. The VM-FIT infrastructure intercepts the client–service interaction at the hypervisor level, below the guest operating system that hosts a service implementation, and distributes requests to a replica group. The hypervisor is fully isolated from the guest operating system and provides a trusted component, which is not affected by malicious intrusions into guest operating system, middleware, or service. Furthermore, the hypervisor allows the implementation of more efficient strategies for proactive recovery in order to cope with the undetectability of malicious intrusions.

35 citations


Cited by
More filters
Patent
13 Mar 2012
Abstract: System, method, and tangible computer-readable storage media are disclosed for providing a brokering service for compute resources The method includes, at a brokering service, polling a group of separately administered compute environments to identify resource capabilities and information, each compute resource environment including the group of managed nodes for processing workload, receiving a request for compute resources at the brokering service system, the request for compute resources being associated with a service level agreement (SLA) and based on the resource capabilities across the group of compute resource environments, selecting compute resources in one or more of the group of compute resource environments The brokering service system receives workload associated with the request and communicates the workload to the selected resources for processing The brokering services system can aggregate resources for multiple cloud service providers and act as an advocate for or a guarantor of the SLA associated with the workload

563 citations

Proceedings ArticleDOI
06 Oct 2014
TL;DR: This chapter describes code-pointer integrity (CPI), a new design point that guarantees the integrity of all code pointers in a program and thereby prevents all control-flow hijack attacks that exploit memory corruption errors, including attacks that bypass control- flow integrity mechanisms, such as control-flows bending.
Abstract: Systems code is often written in low-level languages like C/C++, which offer many benefits but also delegate memory management to programmers. This invites memory safety bugs that attackers can exploit to divert control flow and compromise the system. Deployed defense mechanisms (e.g., ASLR, DEP) are incomplete, and stronger defense mechanisms (e.g., CFI) often have high overhead and limited guarantees [19, 15, 9].We introduce code-pointer integrity (CPI), a new design point that guarantees the integrity of all code pointers in a program (e.g., function pointers, saved return addresses) and thereby prevents all control-flow hijack attacks, including return-oriented programming. We also introduce code-pointer separation (CPS), a relaxation of CPI with better performance properties. CPI and CPS offer substantially better security-to-overhead ratios than the state of the art, they are practical (we protect a complete FreeBSD system and over 100 packages like apache and postgresql), effective (prevent all attacks in the RIPE benchmark), and efficient: on SPEC CPU2006, CPS averages 1.2% overhead for C and 1.9% for C/C++, while CPI's overhead is 2.9% for C and 8.4% for C/C++.A prototype implementation of CPI and CPS can be obtained from http://levee.epfl.ch.

454 citations

Proceedings ArticleDOI
07 Mar 2009
TL;DR: Kendo is a new software-only system that provides deterministic multithreading of parallel applications that is easier to develop, debug, and test and can run on today's commodity hardware while incurring only a modest performance cost.
Abstract: Although chip-multiprocessors have become the industry standard, developing parallel applications that target them remains a daunting task. Non-determinism, inherent in threaded applications, causes significant challenges for parallel programmers by hindering their ability to create parallel applications with repeatable results. As a consequence, parallel applications are significantly harder to debug, test, and maintain than sequential programs.This paper introduces Kendo: a new software-only system that provides deterministic multithreading of parallel applications. Kendo enforces a deterministic interleaving of lock acquisitions and specially declared non-protected reads through a novel dynamically load-balanced deterministic scheduling algorithm. The algorithm tracks the progress of each thread using performance counters to construct a deterministic logical time that is used to compute an interleaving of shared data accesses that is both deterministic and provides good load balancing. Kendo can run on today's commodity hardware while incurring only a modest performance cost. Experimental results on the SPLASH-2 applications yield a geometric mean overhead of only 16% when running on 4 processors. This low overhead makes it possible to benefit from Kendo even after an application is deployed. Programmers can start using Kendo today to program parallel applications that are easier to develop, debug, and test.

388 citations

Journal ArticleDOI
TL;DR: It is shown how virtualization can increase the security of cloud computing, by protecting both the integrity of guest virtual machines and the cloud infrastructure components and a novel architecture, Advanced Cloud Protection System, aimed at guaranteeing increased security to cloud resources.

367 citations

Journal ArticleDOI
TL;DR: Two asynchronous Byzantine fault-tolerant state machine replication (BFT) algorithms, which improve previous algorithms in terms of several metrics, and can have better throughput than Castro and Liskov's PBFT, and better latency in networks with nonnegligible communication delays.
Abstract: We present two asynchronous Byzantine fault-tolerant state machine replication (BFT) algorithms, which improve previous algorithms in terms of several metrics. First, they require only 2f+1 replicas, instead of the usual 3f+1. Second, the trusted service in which this reduction of replicas is based is quite simple, making a verified implementation straightforward (and even feasible using commercial trusted hardware). Third, in nice executions the two algorithms run in the minimum number of communication steps for nonspeculative and speculative algorithms, respectively, four and three steps. Besides the obvious benefits in terms of cost, resilience and management complexity-fewer replicas to tolerate a certain number of faults-our algorithms are simpler than previous ones, being closer to crash fault-tolerant replication algorithms. The performance evaluation shows that, even with the trusted component access overhead, they can have better throughput than Castro and Liskov's PBFT, and better latency in networks with nonnegligible communication delays.

310 citations