In 1775, Paul Revere, the folk hero of the American Revolution, galloped
wildly on horseback through small towns to warn American colonists that
the British were coming. In today's Internet age, how do we warn vast
numbers of computers about impending cyber attacks?
Rapid and widespread dissemination of security updates throughout the
Internet would be invaluable for many purposes, including sending
early-warning signals, distributing new virus signatures, updating
certificate revocation lists, dispatching event information for
intrusion detection systems, etc. However, notifying a large number of
machines securely, quickly, and with high assurance is very challenging.
Such a system must compete with the propagation of threats, handle
complexities in large-scale environments, address interruption attacks
toward dissemination, and also secure itself.
Disseminating Security Updates at Internet Scale describes a new
system, "Revere", that addresses these problems. "Revere" builds
large-scale, self-organizing and resilient overlay networks on top of
the Internet to push security updates from dissemination centers to
individual nodes. "Revere" also sets up repository servers for
individual nodes to pull missed security updates. This book further
discusses how to protect this push-and-pull dissemination procedure and
how to secure "Revere" overlay networks, considering possible attacks
and countermeasures. Disseminating Security Updates at Internet
Scale presents experimental measurements of a prototype implementation
of "Revere" gathered using a large-scale oriented approach. These
measurements suggest that "Revere" can deliver security updates at the
required scale, speed and resiliency for a reasonable cost.
Disseminating Security Updates at Internet Scale is designed to meet
the needs of researchers and practitioners in industry and graduate
students in computer science. This book will also be helpful to those
trying to design peer systems at large scale when security is a concern,
since many of the issues faced by these designs are also faced by
"Revere". The "Revere" solutions may not always be appropriate for other
peer systems with very different goals, but the analysis of the problems
and possible solutions discussed here will be helpful in designing a
customized approach for such systems.
