Vita Bortnikov

Defending financial infrastructures through early warning systems: the intelligence cloud approach

Recent evidence of successful Internet-based attacks and frauds involving financial institutions highlights the inadequacy of the existing protection mechanisms, in which each instutition implements its own isolated monitoring and reaction strategy. Analyzing on-line activity and detecting attacks on a large scale is an open issue due to the huge amounts of events that should be collected and processed. In this paper, we propose a large-scale distributed event processing system, called intelligence cloud, allowing the financial entities to participate in a widely distributed monitoring and detection effort through the exchange and processing of information locally available at each participating site. We expect this approach to be able to handle large amounts of events arriving at high rates from multiple domains of the financial scenario. We describe a framework based on the intelligence cloud where each participant can receive early alerts enabling them to deploy proactive countermeasures and mitigation strategies.

Bulletin board: a scalable and robust eventually consistent shared memory over a peer-to-peer overlay

We present the design and early experience with a completely new implementation of the Bulletin Board, a topicbased distributed shared memory service employed by commercial-grade application middleware, to achieve robustness and administrative simplicity with adequate latency and costs at the required throughput and scale. To facilitate scalability, only weak consistency is provided. For robustness and ease of use, the implementation is designed in a fully peer-to-peer fashion leveraging the weakly consistent group communication services provided by a semi-structured overlay network. We discuss issues in providing good (while not perfect) stability and reliability at tolerable cost. We address scalability issues, such as supporting large numbers of processes, large subscription spaces, and complex interest patterns. We also consider comprehensive API instrumentation.

Scalable communication middleware for permissioned distributed ledgers

Distributed Ledger Technology (DLT) is rapidly emerging as a new paradigm for automating complex business processes in secure and decentralised fashion. Currently, however, its wider adoption is hampered by scalability problems [3] rooted in an inherent tension between stringent consistency, security, and robustness requirements on one hand, and growing application demand coupled with high performance expectations on the other. For example, popular peer-to-peer DLTs based on proof-of-work consensus [4] can only improve the transaction throughput by degrading their security and consistency guarantees, which is unacceptable in the enterprise and mission-critical settings.

Brief announcement: reconfigurable state machine replication from non-reconfigurable building blocks

Reconfigurable state machine replication is an important enabler of elasticity for replicated cloud services, which must be able to dynamically adjust their size as a function of changing load and resource availability. We introduce a new generic framework to allow the reconfigurable state machine implementation to be derived from a collection of arbitrary non-reconfigurable state machines. Our reduction framework follows the black box approach, and does not make any assumptions with respect to its execution environment apart from reliable channels. It allows higher-level services to leverage speculative command execution to ensure uninterrupted progress during the reconfiguration periods as well as in situations where failures prevent the reconfiguration agreement from being reached in a timely fashion. We apply our framework to obtain a reconfigurable speculative state machine from the non-reconfigurable Paxos implementation, and analyze its performance on a realistic distributed testbed. Our results show that our framework incurs negligible overheads in the absence of reconfiguration, and allows steady throughput to be maintained throughout the reconfiguration periods.

Shared Cloud Object Store, governed by permissioned blockchain

1 SYSTEM DESCRIPTION Introduction. We present a design of the Shared Cloud Object Store, in which the data access control plane is governed by Hyperledger Fabric (HLF) [2]. Our system facilitates decentralized management of cloud storage, shared between mutually distrusting business parties. Finally, we leverage the cloud object store (COS) to store the objects o -chain, anchoring the proof-of-retrievability inside the blockchain, preventing ledger to scale to unmanageable size.

CoMiFin Architecture and Semantic Rooms

We present the architecture of a middleware platform, called Collaborative Middleware for Monitoring Financial Critical Infrastructure (CoMiFin), that facilitates collaborative protection of the financial critical infrastructure (CI). At the core of CoMiFin is a new abstraction of Semantic Room (SR), allowing the interested participants to share information and combine their computing powers to collectively resist massive scale attacks against their IT and business assets. We describe a full stack of software components aiming at realizing SR in a distributed setting. At the lowest level, the SR functionality relies on a customizable event processing platform, which can be supported through a variety of event processing and analytics containers. The containers abstract away the intricacies of the distributed environment, and allow the application developers to focus on implementing the processing logic at hand. The higher level aspects of the SR abstraction are supported by the SR Management layer, which includes components to control the SR lifecycle and deployment, inter-SR connectivity, and the contract compliance monitoring. The proposed architecture is modular and flexible, allowing the developers to easily create and customize the processing logic according to the SR business goals, plug in different types of processing platforms, and deploy the implementation in a variety of realistic settings.