How can an attacker abuse a distributed system?

Question

How can an attacker take advantage of a world where state is eventually consistent and vector clocks are used to settle disagreements?

For example, what are the security concerns of using a database like Cassandra to settle finical transactions?

Is anyone aware of exploit code that is leveraging a flaw in a distributed system?

finical transactions :) Regardless, this is a brilliant question. — Deer Hunter, Jun 12 '13 at 18:23
I thought it was a typo until I Googled it. Apparently, it exists. — Adi, Jun 12 '13 at 18:42
This question may be considered a pretty good bait to lure one of the bears out of the lair... My cursory search at CiteSeerX has yielded nothing substantial in the first two pages of results, would be nice to have a bit of literature overview. — Deer Hunter, Jun 12 '13 at 18:58
I seriously doubt the usefulness of a distributed database in the financial setting. For one thing, where is the ground truth on the state of my account supposed to be maintained? We're lacking a credible use case here (hence, no idea about the threats), and may I suggest that Rook should add more details to the question... — Deer Hunter, Jun 13 '13 at 15:04
@Jhong - you are right, of course. Would you care to write down an answer? A neat little bounty is waiting for you :) — Deer Hunter, Jun 19 '13 at 07:17
@Jhong So do you have a hot bitcoin exploit that we should know about? — rook, Jun 20 '13 at 02:10

Deer Hunter · Answer 1 · 2013-06-12T19:38:09.397

This post is going to serve as a repository of references possibly related to the problem. Once there is a substantial answer, please copy the contents into it and ping me or the mods. Please feel free to edit this answer to refine the list.

As I've said, CiteSeerX yields nothing useful (its search system isn't exactly top-notch). However, this query on arXiv gives the following results:

Bing-Rong Lin, Ye Wang, Shantanu Rane. On the Benefits of Sampling in Privacy Preserving Statistical Analysis on Distributed Databases.
Wenbing Zhao. A Byzantine Fault Tolerant Distributed Commit Protocol
Petros Maniatis, Mary Baker. Secure History Preservation Through Timeline Entanglement

Search through Google Scholar:

P.Liu, J.Jing. Architectures for Self-Healing Databases under Cyber Attacks
B.Bhargava, L.Lilien. Vulnerabilities and threats in distributed systems (apparently a neat overview)

How can an attacker abuse a distributed system?

1 Answers1

Linked