Safety on Untrusted Network Devices


The goal of the SOUND (Safety On Untrusted Network Devices) project is to design a distributed system that can offer cloud-style services but is highly resilient to cyber-attacks. Rather than focusing on specific known attacks, we would like to provide resiliency against a broad range of known and unknown (Byzantine) attacks; for instance, an adversary could compromise a certain number of nodes and modify them in some arbitrary way. Our goal is to detect and mitigate such attacks whenever possible, e.g., by reconfiguring the system to exclude any compromised nodes.

We approach this problem using the principle of mutual suspicion: Nodes continually monitor each other and check for unusual actions or changes in behavior that could be related to an attack. However, since we are assuming a very strong adversary, the bar for a successful solution is high: We require a strong, provable guarantee that the adversary cannot circumvent the system, as well as a practical design that can efficiently provide this guarantee. We expect that the SOUND project will build on results from the CRASH/SAFE effort at the level of individual nodes; however, SOUND goes beyond CRASH/SAFE by considering an entire distributed system with a heterogeneous mix of nodes, many of which may not be operating in a secure environment.

Related Publications

Contributors (Penn)

Matt Blaze
André DeHon
Andreas Haeberlen
Jonathan M. Smith
Steve Zdancewic

Antonis Papadimitriou


This work is funded by DARPA under the MRC program. This is a joint project with BAE systems and Portland State University.

Web site contact: Andreas Haeberlen