Revere --- Dissemination of Security Updates

In 1775, Paul Revere, the folk hero of the American Revolution, galloped wildly on horseback through small towns to warn American colonists that the British were coming. In today's Internet age, how do we warn vast numbers of computers about impending cyber attacks?

Rapid and widespread dissemination of security updates throughout the Internet would be invaluable for many purposes, including sending early-warning signals, distributing new virus signatures, updating certificate revocation lists, dispatching event information for intrusion detection systems, etc. However, notifying a large number of machines securely, quickly, and with high assurance is very challenging. Such a system must compete with the propagation of threats, handle complexities in large-scale environments, address interruption attacks toward dissemination, and also secure itself.

A new system, called Revere, addresses these problems. Revere builds large-scale, self-organizing and resilient overlay networks on top of the Internet to push security updates from dissemination centers to individual nodes. Revere also sets up repository servers for individual nodes to pull missed security updates. Furthermore, Revere tries to protect this push-and-pull dissemination procedure and secure Revere overlay networks, considering possible attacks and countermeasures. Our measurements suggest that Revere can deliver security updates at the required scale, speed and resiliency for a reasonable cost.

Researchers

Jun Li
Peter Reiher
Gerald Popek

Our colleagues at the Laboratory for Advanced Systems Research at UCLA greatly enhanced the quality and experience of this research, including Mark Yarvis, Geoff Kuenning, Jelena Mirkovic, Scott Michel, Arnell Pablo, Janice Wheeler.

Publications

Jun Li, Peter Reiher, and Gerald Popek. "Resilient Self-Organizing Overlay Networks for Security Update Delivery," to appear at IEEE Journal on Selected Areas in Communications, special issue on Service Overlay Networks, 2003.
Jun Li, Peter Reiher, and Gerald Popek. Disseminating Security Updates at Internet Scale, Kluwer Academic Publishers, October 2002.
Jun Li. "Revere - Delivering Security Updates at Internet Scale," PhD dissertation, June 2002.
Jun Li, Peter Reiher, Gerald Popek, Mark Yarvis, and Geoff Kuenning. "Position Statement: An Approach to Measuring Large-Scale Distributed Systems," presented at the IFIP 14th International Conference on Testing of Communicating Systems (TestCom 2002), Berlin, Germany, March 2002.
Jun Li, Peter Reiher, and Gerald Popek. "Securing Information Transmission by Redundancy," Proceedings of New Security Paradigms Workshop, ACM SIGSAC, September 1999.

Presentations

Jun Li's PhD defense talk. "Revere - Disseminating Security Updates at Internet Scale, June, 2002. ppt
Jun Li, Peter Reiher, Gerald Popek, Mark Yarvis, and Geoff Kuenning. "An Approach to Measuring Large-Scale Distributed Systems," presented by Geoff Kuenningat the IFIP 14th International Conference on Testing of Communicating Systems (TestCom 2002), Berlin, Germany, March 2002. ppt
Jun Li, Peter Reiher, and Gerald Popek. "Securing Information Transmission by Redundancy," presented by Peter Reiher at 22nd National Information Systems Security Conference, October 1999. ppt
Jun Li, Peter Reiher, Richard Guy, Gerald Popek, Geoff Kuenning. "Revere - Dissemination of Security Updates," poster presentation at UCLA Computer Science Department Annual Research Review, April 1999. jpg.gz (268KB)
Jun Li, Peter Reiher, and Gerald Popek. "Securing Information Transmission by Redundancy," Presented by Jun Li at The Fifth New Security Paradigms Workshop, ACM SIGSAC, September 1999. ppt.gz (18KB) and ps.gz ((30KB).

Other Documents

Dissertation proposal for Revere
Revere research white paper

Miscellaneous

POEM by Longfellow 1860: Paul Revere's ride
History: Paul Revere's midnight ride
Paul Revere biography

Maintained by Jun Li.