Configuration Management of Distributed Systems over Unreliable and Hostile Networks

Karvinen, Tero 2024. Configuration Management of Distributed Systems over Unreliable and Hostile Networks. PhD thesis University of Westminster Applied Management https://doi.org/10.34737/w7vvz

TitleConfiguration Management of Distributed Systems over Unreliable and Hostile Networks
TypePhD thesis
AuthorsKarvinen, Tero
Abstract

Economic incentives of large criminal profits and the threat of legal consequences have pushed criminals to continuously improve their malware, especially command and control channels. This thesis applied concepts from successful malware command and control to explore the survivability and resilience of benign configuration management systems.

This work expands on existing stage models of malware life cycle to contribute a new model for identifying malware concepts applicable to benign configuration management. The Hidden Master architecture is a contribution to master-agent network communication. In the Hidden Master architecture, communication between master and agent is asynchronous and can operate trough intermediate nodes. This protects the master secret key, which gives full control of all computers participating in configuration management. Multiple improvements to idempotent configuration were proposed, including the definition of the minimal base resource dependency model, simplified resource revalidation and the use of imperative general purpose language for defining idempotent configuration.

Following the constructive research approach, the improvements to configuration management were designed into two prototypes. This allowed validation in laboratory testing, in two case studies and in expert interviews. In laboratory testing, the Hidden Master prototype was more resilient than leading configuration management tools in high load and low memory conditions, and against packet loss and corruption. Only the research prototype was adaptable to a network without stable topology due to the asynchronous nature of the Hidden Master architecture.

The main case study used the research prototype in a complex environment to deploy a multi-room, authenticated audiovisual system for a client of an organization deploying the configuration. The case studies indicated that imperative general purpose language can be used for idempotent configuration in real life, for defining new configurations in unexpected situations using the base resources, and abstracting those using standard language features; and that such a system seems easy to learn.

Potential business benefits were identified and evaluated using individual semistructured expert interviews. Respondents agreed that the models and the Hidden Master architecture could reduce costs and risks, improve developer productivity and allow faster time-to-market. Protection of master secret keys and the reduced need for incident response were seen as key drivers for improved security. Low-cost geographic scaling and leveraging file serving capabilities of commodity servers were seen to improve scaling and resiliency. Respondents identified jurisdictional legal limitations to encryption and requirements for cloud operator auditing as factors potentially limiting the full use of some concepts.

Year2024
File
File Access Level
Open (open metadata and files)
ProjectConfiguration Management of Distributed Systems over Unreliable and Hostile Networks
PublisherUniversity of Westminster
Publication dates
Published15 May 2023
Digital Object Identifier (DOI)https://doi.org/10.34737/w7vvz

Related outputs

Investigating Survivability of Configuration Management Tools in Unreliable and Hostile Networks
Karvinen, T. and Li, Shuliang 2017. Investigating Survivability of Configuration Management Tools in Unreliable and Hostile Networks. Proceedings of 2017 3rd International Conference on Information Management (ICIM 2017). Chengdu, China. 21 - 23 Apr 2017 IEEE . https://doi.org/10.1109/INFOMAN.2017.7950402

Permalink - https://westminsterresearch.westminster.ac.uk/item/w7vvz/configuration-management-of-distributed-systems-over-unreliable-and-hostile-networks


Share this

Usage statistics

193 total views
199 total downloads
These values cover views and downloads from WestminsterResearch and are for the period from September 2nd 2018, when this repository was created.