State Street Corporation
Fault tolerance via redundancy or replication is contradictory to the notion of a limited trusted computing base. Thus, normal security techniques cannot be applied to fault-tolerant systems. As a result, a multi-phased approach is employed that includes fault/threat avoidance/prevention, detection and recovery. However, a determined adversary can still defeat system security by staging an attack on the recovery phase. This paper presents a hardware-based, proactive solution that can be built into any fault-tolerant, mission-critical system to secure the recovery phase.