The Architecture of the Starfish System: Mapping the Survivability Space

K.P. Kihlstrom, P. Narasimhan, C. Phillips, C. Ritchey, and B. LaBarbera (USA)


survivability, middleware, object-oriented systems, faulttolerant systems, security


Starfish1 is a new system that provides intrusion detection and intrusion tolerance for middleware applications oper ating in an asynchronous distributed system. The Starfish system contains a central, highly secure and tightly cou pled "body." This body is augmented by "arms" that are less tightly coupled and that have less stringent security guarantees, each of which can be removed from the body if a significant security breach occurs. New arms can be "grown" as needed. Residing between the body and arms are "shoulders" that have intermediate guarantees. The Starfish system aims to employ a number of tech niques for providing proactive survivability, allowing the system to provide critical services even after the occur rence of attacks, accidents, or faults. Starfish is aimed at supporting distributed applications such as Web Services. The specific contributions that we make in this paper are to present dimensions in the survivability space, to provide a mapping of a number of prior systems to the survivability space, and to give a mapping of the three regions in Starfish to that space. We describe the architecture of the Starfish system, and identify specific mechanisms present in each of the regions of Starfish.

