Resilient self-organizing overlay networks for security update delivery

Rapid and widespread dissemination of security updates throughout the Internet will be invaluable for many purposes, including sending early-warning signals, updating certificate revocation lists, distributing new virus signatures, etc. Notifying a large number of machines securely, quickly, and reliably is challenging. Such a system must outpace the propagation of threats, handle complexities in a large-scale environment, deal with interruption attacks on dissemination, and also secure itself. Revere addresses these problems by building a large-scale, self-organizing, and resilient overlay network on top of the Internet. We discuss how to secure the dissemination procedure and the overlay network, considering possible attacks and countermeasures. We present experimental measurements of a prototype implementation of Revere gathered using a large-scale-oriented approach. These measurements suggest that Revere can deliver security updates at the required scale, speed and resiliency for a reasonable cost.