Gatling: Automatic Attack Discovery in Large-Scale Distributed Systems.

In this paper, we propose Gatling, a framework that au- tomatically finds performance attacks caused by insider at- tackers in large-scale message-passing distributed systems. In performance attacks, malicious nodes deviate from the protocol when sending or creating messages, with the goal of degrading system performance. We identify a represen- tative set of basic malicious message delivery and lying ac- tions and design a greedy search algorithm that finds effec- tive attacks consisting of a subset of these actions. While lying malicious actions are protocol dependent, requiring the format and meaning of messages, Gatling captures them without needing to modify the target system, by using a type- aware compiler. We have implemented and used Gatling on six systems, a virtual coordinate system, a distributed hash table lookup service and application, two multicast systems and one file sharing application, and found a total of 41 attacks, ranging from a few minutes to a few hours to find each attack.