Cookies
O website necessita de alguns cookies e outros recursos semelhantes para funcionar. Caso o permita, o INESC TEC irá utilizar cookies para recolher dados sobre as suas visitas, contribuindo, assim, para estatísticas agregadas que permitem melhorar o nosso serviço. Ver mais
Aceitar Rejeitar
  • Menu
Tópicos
de interesse
Detalhes

Detalhes

  • Nome

    Tadeu Augusto Freitas
  • Cargo

    Assistente de Investigação
  • Desde

    18 janeiro 2017
Publicações

2023

Deterministic or probabilistic?- A survey on Byzantine fault tolerant state machine replication

Autores
Freitas, T; Soares, J; Correia, ME; Martins, R;

Publicação
COMPUTERS & SECURITY

Abstract
Byzantine Fault tolerant (BFT) protocols are implemented to guarantee the correct system/application behavior even in the presence of arbitrary faults (i.e., Byzantine faults). Byzantine Fault tolerant State Machine Replication (BFT-SMR) is a known software solution for masking arbitrary faults and malicious attacks (Liu et al., 2020). In this survey, we present and discuss relevant BFT-SMR protocols, focusing on deterministic and probabilistic approaches. The main purpose of this paper is to discuss the characteristics of proposed works for each approach, as well as identify the trade-offs for each different approach.& COPY; 2023 The Author(s). Published by Elsevier Ltd. This is an open access article under the CC BY license ( http://creativecommons.org/licenses/by/4.0/ )

2023

Skynet: a Cyber-Aware Intrusion Tolerant Overseer

Autores
Freitas, T; Soares, J; Correia, ME; Martins, R;

Publicação
2023 53RD ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS - SUPPLEMENTAL VOLUME, DSN-S

Abstract
The increasing level of sophistication of cyber attacks which are employing cross-cutting strategies that leverage multi-domain attack surfaces, including but not limited to, software defined networking poisoning, biasing of machine learning models to suppress detection, exploiting software (development), and leveraging system design deficiencies. While current defensive solutions exist, they only partially address multi-domain and multi-stage attacks, thus rendering them ineffective to counter the upcoming generation of attacks. More specifically, we argue that a disruption is needed to approach separated knowledge domains, namely Intrusion Tolerant systems, cybersecurity, and machine learning. We argue that current solutions tend to address different concerns/facets of overlapping issues and they tend to make strong assumptions of supporting infrastructure, e.g., assuming that event probes/metrics are not compromised. To address these issues, we present Skynet, a platform that acts as a secure overseer that merges traditional roles of SIEMs with conventional orchestrators while being rooted on the fundamentals introduced by previous generations of intrusion tolerant systems. Our goal is to provide an open-source intrusion tolerant platform that can dynamically adapt to known and unknown security threats in order to reduce potential vulnerability windows.

2023

HAL 9000: Skynet's Risk Manager

Autores
Freitas, T; Serra Neto, MTR; Dutra, I; Soares, J; Correia, ME; Martins, R;

Publicação
CoRR

Abstract

2021

ZERMIA - A Fault Injector Framework for Testing Byzantine Fault Tolerant Protocols

Autores
Soares, J; Fernandez, R; Silva, M; Freitas, T; Martins, R;

Publicação
NETWORK AND SYSTEM SECURITY, NSS 2021

Abstract
Byzantine fault tolerant (BFT) protocols are designed to increase system dependability and security. They guarantee liveness and correctness even in the presence of arbitrary faults. However, testing and validating BFT systems is not an easy task. As is the case for most concurrent and distributed applications, the correctness of these systems is not solely dependant on algorithm and protocol correctness. Ensuring the correct behaviour of BFT systems requires exhaustive testing under real-world scenarios. An approach is to use fault injection tools that deliberate introduce faults into a target system to observe its behaviour. However, existing tools tend to be designed for specific applications and systems, thus cannot be used generically. We argue that more advanced and powerful tools and frameworks are needed for testing the security and safety of distributed applications in general, and BFT systems in particular. Specifically, a fault injection framework that can be integrated into both client and server side applications, for testing them exhaustively. We present ZERMIA, a modular and extensible fault injection framework, designed for testing and validating concurrent and distributed applications. We validate ZERMIA’s principles by conduction a series of experiments on a distributed applications and a state of the art BFT library, to show the benefits of ZERMIA for testing and validating applications. © 2021, Springer Nature Switzerland AG.

2018

Panoptic, Privacy over Edge-Clouds

Autores
Freitas, T; Rodrigues, J; Bogas, D; Coimbra, M; Martins, R;

Publicação
2018 IEEE 6TH INTERNATIONAL CONFERENCE ON FUTURE INTERNET OF THINGS AND CLOUD (FICLOUD 2018)

Abstract
The increasing capabilities of smartphones is paving way to novel applications through the crowd-sourcing of these untapped resources, to form hyperlocal meshes commonly known as edge-clouds. While a relevant body-of-work is already available for the underlying networking, computing and storage facilities, security and privacy remain second class citizens. In this paper we present Panoptic, an edge-cloud system that enables the search for missing people, similar to the commonly known Amber alert system, in high density scenarios where wireless infrastructure might be limited (WiFi and LTE), e.g. concerts, while featuring privacy and security by design. Since the limited resources present in the mobile devices, namely battery capacity, Panoptic offers a computing offloading that tries to minimize data leakage while offering acceptable levels of performance. Our results show that it is achievable to run these algorithms in an edge-cloud configuration and that it is beneficial to use this architecture to lower data transfer through the wireless infrastructure while enforcing privacy. Results from our experimental evaluation show that the security layer does not impose a significant overhead, and only accounts for 2% of the total execution time for an edge cloud comprised by, but not limited to, 8 devices.