Turret: A platform for automated attack finding in unmodified distributed system implementations

Hyojeong Lee, Jeff Seibert, Endadul Hoque, Charles Killian, Cristina Nita-Rotaru

Research output: Chapter in Book/Entry/PoemConference contribution

16 Scopus citations

Abstract

Security and performance are critical goals for distributed systems. The increased design complexity, incomplete expertise of developers, and limited functionality of existing testing tools often result in bugs and vulnerabilities that prevent implementations from achieving their design goals in practice. Many of these bugs, vulnerabilities, and misconfigurations manifest after the code has already been deployed making the debugging process difficult and costly. In this paper, we present Turret, a platform for automatically finding performance attacks in unmodified implementations of distributed systems. Turret does not require the user to provide any information about vulnerabilities and runs the implementation in the same operating system setup as the deployment, with an emulated network. Turret uses a new attack finding algorithm and several optimizations that allow it to find attacks in a matter of minutes. We ran Turret on 5 different distributed system implementations specifically designed to tolerate insider attacks, and found 30 performance attacks, 24 of which were not previously reported to the best of our knowledge.

Original languageEnglish (US)
Title of host publicationProceedings - International Conference on Distributed Computing Systems
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages660-669
Number of pages10
ISBN (Electronic)9781479951680
DOIs
StatePublished - Aug 29 2014
Externally publishedYes
Event2014 IEEE 34th International Conference on Distributed Computing Systems, ICDCS 2014 - Madrid, Spain
Duration: Jun 30 2014Jul 3 2014

Publication series

NameProceedings - International Conference on Distributed Computing Systems

Other

Other2014 IEEE 34th International Conference on Distributed Computing Systems, ICDCS 2014
Country/TerritorySpain
CityMadrid
Period6/30/147/3/14

Keywords

  • automatic attack finding
  • distributed systems

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Turret: A platform for automated attack finding in unmodified distributed system implementations'. Together they form a unique fingerprint.

Cite this