Skip to Main Content
Intrusion-tolerant group membership protocols constitute an important part of intrusion-tolerant group communication systems. This protocol maintains a consistent system-wide view of correct group members in the presence of malicious failures. This paper presents a new intrusion-tolerant group membership protocol, which provides two unique features. First, it introduces a new membership state called a suspended membership state. This new state provides a good balance between the amount of time a malicious/compromised group member gets to launch attacks before being removed from the group and the increased vulnerability to denial-of-service attacks if a suspected member is removed too early from the group. Second, it introduces a clean, logical separation between the functionality of detecting malicious processes and removing malicious group members from the group. This logical separation aids in simplifying the group membership protocol design and efficiently detecting suspicious process behaviors.