Design, implementation, and evaluation of repairable file service

The data contents of an information system may be corrupted due to security breaches or human errors. The financial loss of such corruption is typically proportional to the amount of time required to recover the systems data/service. Recognizing that it is impossible to build absolutely secure computer systems and that human errors are inevitable, this project focuses on intrusion tolerance techniques that speed up the process of repairing a damaged system after an intrusion/error takes place. The proposed system, called Repairable File Service (or RFS), is specifically designed to facilitate the reparation of compromised network file servers. An architectural innovation of RFS is that it is decoupled from and requires no modifications on the shared file server that is being protected. RFS supports fine-grained logging to allow roll-back of any file update operation, and keeps track of inter-process dependencies to quickly determine the extent of system damage after an attack/error. Compared with the current practice of manual post-intrusion damage repair, RFS significantly reduces the mean time to repair and thus improves the overall system availability. Empirical measurements on the fully operational RFS prototype shows that the performance overhead of RFS is less than 6%, and that RFS is able to speed up the repair process by at least two orders of magnitude compared to manual repair.