Journal of the Institute of Electronics Engineers of Korea CI (전자공학회논문지CI)

The Institute of Electronics and Information Engineers (대한전자공학회)
권호 표지

Intrusion-Tolerant Jini Service Architecture for Enhancing Survivability of Ubiquitous Services

유비쿼터스 서비스 생존성 제고를 위한 침입감내 Jini 서비스 구조

  • Kim, Sung-Ki (IT Education Center, University of Incheon) ;
  • Park, Kyung-No (Dept. of Computer Science and Eng., University of Incheon) ;
  • Min, Byoung-Joon (Dept. of Computer Science and Eng., University of Incheon)
  • 김성기 (인천대학교 정보기술교육원) ;
  • 박경노 (인천대학교 컴퓨터공학과) ;
  • 민병준 (인천대학교 컴퓨터공학과)
  • Published : 2008.07.25
Download PDF
⟨ Previous Next ⟩

Abstract

Ubiquitous service environment is poor in reliability of connection and has a high probability that the intrusion and the system failure may occur. Therefore, in the environment, the capability of a system to collectively accomplish its mission in spite of active intrusions and various failure scenarios, that is, the survivability of services are needed. In this paper, we analyze the Jgroup/ARM framework that was developed in order to help the development of fault- tolerant Jini services. More importantly, we propose an intrusion-tolerant Jini service architecture to satisfy the security availability and quality of services on the basis of the analysis. The proposed architecture is able to protect a Jini system not only from faults such as network partitioning or server crash, but also from attacks exploiting flaws. It is designed to provides performance enough to show a low response latency so as to support seamless service usage. Through the experiment on a test-bed, we have confirmed that the architecture is able to provide high security and availability at the level that degraded services quality is ignorable.

유비쿼터스 서비스 환경에서는 연결의 신뢰성이 낮고 서비스를 제공하는 시스템에 대한 침입이나 서비스 실패가 발생할 확률이 높다. 따라서 유비쿼터스 컴퓨팅 환경에서는 본연의 서비스를 지연 없이 제공할 수 있는 시스템 능력, 즉 서비스 생존성을 제고해야할 필요가 있다. 본 논문에서는 유비쿼터스 정보 서비스 환경에서 결함감내 Jini 서비스 개발을 돕는 Jgroup/ARM 프레임워크를 분석한다. 이 분석을 토대로 보안성과 가용성 서비스 품질을 만족하는 침입감내 Jini 서비스 구조를 제시한다. 제시된 침입감내 Jini 서비스 구조는 네트워크 분할이나 서버 붕괴와 같은 결함뿐만 아니라 취약점을 악용한 공격으로부터 시스템을 보호할 수 있으며 심리스 서비스 지속이 가능하도록 낮은 응답지연의 성능을 보여준다. 테스트베드를 통해 실험한 결과, 서비스 품질 저하를 무시할 수 있는 수준에서 높은 보안성과 가용성을 제공할 수 있음을 확인하였다.

Keywords

References

  1. Sun Microsystems, "JiniTM Architecture Specification", Published Specification, http://java.sun.com/products/jini/2.0/doc/specs/html/jini-spec.html, 2003
  2. D. Szentivanyi and S. Nadjm-Tehrani, "Middle- ware Support for Fault Tolerance", Chapter 28 in Middleware for Communications, Q. Mahmoud (Ed.), John Wiley & Sons, 2004
  3. Marc Schonefeld. "Hunting Flaws in JDK", In Blackhat Europe 2003. May 2003
  4. Hein Meling, et al., "Jgroup/ARM: a distributed object group platform with autonomous replication managements", Software Practice and Experience, John Wiley & Sons, 2007
  5. R.J.Ellison et.al., ""Survivable Network Systems : An Emerging Discipline", Technical Report CMU/SEI-97-TR013, 1999
  6. Johannes Osrael, et al.,"Using Replication to Build Highly Available .Net Applications", Proceedings of the 17th International Conference on Database and Expert Systems Applications, pp. 385-398, 2006
  7. Heine Kolltveit et al., "Preventing Orphan Requests by Integrating Replication and Transactions", LNCS 4690, Springer-Verlag Berlin, 2007
  8. Hein Meling, et al., "Performance Consequences of Inconsistent Client-side Membership Information in the Open Group Model", Proceedings of the 23rd IEEE International Performance, Computing and Communications Conference. pp.777-782, 2004
  9. M. Tichy, H. Giese. "An Architecture for Configurable Dependability of Application Services", Proc. of the ICSE 2003 Workshop on Software Architectures for Dependable Systems. pp. 65-70, Portland, OR. April 2003
  10. Peer Hasselmeyer, et al., "Trade-offs in a Secure Jini Service Architecture", LNCS 1890, Springer-Verlag Berlin, 2000
  11. Pasi Eronen and Pekka Nikander. "Decentralized Jini security", In Proceedings of the Network and Distributed System Security Symposium (NDSS 2001), pages 161-172, San Diego, California, February 2001
  12. Thomas Schoch, et al. "Making Jini Secure", Proc. 4th International Conference on Electronic Commerce Research, pages 276-286, Nov. 2001
  13. Frank Sommers, "Jini Starter Kit 2.0 tightens Jini's security framework," Los Alamitos, CA., IEEE Computer Society Press, 2003
  14. Sun Microsystems, "Java Secure Socket Extension(JSSE) Reference Guide for Java Platform Standard Edition 6", http://java.sun.com/javase/6/docs/tech-notes/guides/security/jsse/JSSERefGuide.html#Fe-atures
  15. Reynolds, J. et al, "The Design and Implementation of an Intrusion Tolerant System", Proc. of Int'l Conference on Dependable Systems and Networks, 2002
  16. Wang F., et al, "SITAR: A Scalable Intrusion-Tolerant Architecture for Distributed Services", DARPA Information Survivability Conference & EXposition, 2001
  17. Byoung Jun Min, et al. "Committing Secure Results with Replicated Servers", LNCS 3043, Springer-Verlag Berlin, 2004
  18. Marshall Pease, Robert Shostak, Leslie Lamport, "Reaching Agreement in the Presence of Faults", Journal of the ACM 27/2 228-234 1980 https://doi.org/10.1145/322186.322188
  19. Amir. Y. et al. "Secure Group Communication Using Robust Contributory Key Agreement", IEEE Transactions on Parallel and Distributed Systems (TPDS), vol. 15, no. 5, pp. 468-480, May 2004 https://doi.org/10.1109/TPDS.2004.1278104
  20. Sun Microsystems, "Jini Technology Starter Kit Overview v2.0," Published Specification, http://java.sun.com/developer/products/jini/arch2_0.html, 2003