Share

Simulation of attacks on distributed systems

Crédit : Fotolia
How do you test the robustness of a distributed system against
realistic attackers? To round out the more conventional
theoretical analyses used to assess robustness, we integrated detailed simulations into our multi-agent tool, MAX, to determine the real impact of attacks on security.

The control of much of the internet by a small number of companies has raised increasing societal, economic, and geopolitical concerns—and some very valid questions about cybersecurity. Some of these issues could be addressed by new Distributed Ledger Technologies (DLT), members of the
blockchain family. Unlike centralized, hierarchical systems, DLTs are secure systems where information is replicated on every machine in the network and decisions, made by a subset of users on the network, are distributed. This setup makes it more difficult for attackers to take control of the system.

Despite these advantages, the adoption of DLTs has been hindered by the high power consumption and hardware requirements of replicating data and communicating between machines on the network.

New algorithms that attempt to address these issues are developed regularly. However, because of the complexity of these systems and the properties that need to be verified, security verification remains a challenge.

CEA-List developed its MAX software platform to simulate and assess DLT behavior in a variety of conditions. For example, the underlying communication network can be configured to assign a probabilistic distribution of the routing times of messages between two actors. Simulations of bad actors doing things like creating or intercepting messages or taking control of other machines on the network can also be configured. MAX can be used to assess properties like the consistency of
local data between each machine. Metrics for assessing system behavior—like the order in which queries were submitted or processed—can also be extracted from the simulations.

 

An adversary takes control of an actor


These metrics can then be used to assess the relative robustness of different decentralized systems under different attacks and test how effective different countermeasures are against these attacks.

 

MAX can be used to assess properties like the consistency of local data between each machine. A variety of metrics for quantitatively assessing system behavior can also be extracted from the simulations. One such metric consists of measuring the distance between the order in which requests were submitted to the system and the order in which they were
processed, for example.

 

MAX simulations: CEA-List countermeasure (triangles)improves digital ledger technology (DLT) resilience

«With MAX, we have been able to simulate and measure the success of attacks on various distributed systems.»

Rebecca Cabean

Erwan Mahe

Research Engineer — CEA-List

«One of EDF R&D’s scientific objectives is to simulate and test the resilience of large distributed systems in conditions as close to real operations as possible. This research helped us achieve this objective.»

Rebecca Cabean

Pierre-Yves Piriou

Expert researcher EDF Lab, PRISM Dpt. — CEA-List

En savoir plus

Projects

  • Our most recent research using MAX was conducted for the CyberQL project with EDF.

Flagship publications

Contributors

  • Erwan Mahe, Rouwaida Abdallah, Sara
    Tucci-Piergiovanni.