06371 Abstracts Collection -- From Security to Dependability

From 10.09.06 to 15.09.06, the Dagstuhl Seminar 06371 ``From Security to Dependability\u27\u27 was held in the International Conference and Research Center (IBFI), Schloss Dagstuhl. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available

Well-formed Properties of Heterogeneous Quorum Systems

Byzantine quorum systems provide higher throughput than proofof-work and incur modest energy consumption. Further, their modern incarnations incorporate personalized and heterogeneous trust. Thus, they are emerging as an appealing candidate for global financial infrastructure. However, since their quorums are not uniform across processes anymore, the properties that they should maintain to support abstractions such as reliable broadcast and consensus are not well-understood. In this paper, we first see a general model of heterogeneous quorum systems where each participant can declare its own quorums, and capture their properties. It has been shown that the two properties quorum intersection and availability are necessary. In this paper, we prove that they are not sufficient. We then define the notion of quorum inclusion, and show that the three conditions together are sufficient: we present reliable broadcast and consensus protocols, and prove their correctness for quorum systems that provide the three properties

Byzantine state machine replication for the masses

Tese de doutoramento, Informática (Ciência da Computação), Universidade de Lisboa, Faculdade de Ciências, 2018The state machine replication technique is a popular approach for building Byzantine fault-tolerant services. However, despite the widespread adoption of this paradigm for crash fault-tolerant systems, there are still few examples of this paradigm for real Byzantine fault-tolerant systems. Our view of this situation is that there is a lack of robust implementations of Byzantine fault-tolerant state machine replication middleware, and that the performance penalty is too high, specially for geo-replication. These hindrances are tightly coupled to the distributed protocols used for enforcing such resilience. This thesis has the objective of finding methodologies for enhancing robustness and performance of state machine replication systems. The first contribution is Mod-SMaRt, a modular protocol that preserves optimal latency in terms of the communications steps exchanged among processes. By being a modular protocol, it becomes simpler to validate and implement, thus resulting in greater robustness; by also preserving optimal message-exchanges among processes, the protocol is capable of delivering desirable performance. The second contribution is concerned with implementing Mod-SMaRt into BFTSMART, a reliable and high-performance codebase that was maintained and improved over the entire course of the PhD that offers multicore-awareness, reconfiguration support, and a flexible API. The third contribution presents WHEAT, a protocol derived from Mod-SMaRt that uses optimizations shown to be effective in reducing latency via a practical evaluation conducted in a geo distributed environment. We additionally conducted an evaluation of both BFT-SMART and WHEAT applied to a relational database middleware and an ordering service for a permissioned blockchain platform. These evaluations revealed encouraging results for both systems and validated our work conducted in the geo-distributed context.A técnica de replicação máquina de estados é um paradigma popular usado em vários sistemas distribuídos modernos. No entanto, apesar da adoção deste paradigma em sistemas reais tolerantes a faltas por paragem, ainda existem poucos exemplos de sistemas reais tolerantes a faltas bizantinas. Segundo a nossa experiência nesta área de investigação, isto deve-se ao fato de existirem poucas concretizações robustas para replicação máquina de estados tolerante a faltas bizantinas, assim como uma perda de desempenho demasiado elevada, especialmente em ambientes geo-replicados. A razão fundamental para a existência destes obstáculos vem dos protocolos distribuídos necessários para assegurar este tipo de resiliência. Esta tese tem como objetivo explorar metodologias para a robustez e eficiência da replicação máquina de estados. A primeira contribuição da tese é o algoritmo Mod-SMaRt, um protocolo modular que preserva latência ótima em termos de passos de comunicação executados pelos processos. Sendo um protocolo modular, torna-se mais simples de validar e concretizar, o que resulta em maior robustez; ao preservar troca de mensagens ótima entre processos, também é capaz de entregar um desempenho desejável. A segunda contribuição consiste em concretizar o protocolo Mod SMaRt na ferramenta BFT-SMART, uma biblioteca fiável de alto desempenho, mantida e melhorada ao longo de todo o período correspondente ao doutoramento, capaz de suportar arquiteturas multi-núcleo, reconfiguração do grupo de réplicas, e uma API de programação flexível. A terceira contribuição consiste em um protocolo derivado do Mod-SMaRt designado WHEAT, que usa otimizações que demostraram serem eficientes na redução da latência segundo uma avaliação prática em ambiente geo-replicado. Adicionalmente, foram também realizadas avaliações de ambos os protocolos quando aplicados num middleware para base de dados relacionais, e num serviço de ordenação para uma plataforma blockchain. Ambas as avaliações revelam resultados encorajadores para ambos os sistemas e validam o trabalho realizado em contexto geo-distribuído.Projeto IRCoC (PTDC/EEI-SCR/6970/2014); Comissão Europeia, FP7 (Seventh Framework Programme for Research and Technological Development), projetos FP7/2007-2013, ICT-25724

Advanced information processing system: The Army fault tolerant architecture conceptual study. Volume 2: Army fault tolerant architecture design and analysis

Described here is the Army Fault Tolerant Architecture (AFTA) hardware architecture and components and the operating system. The architectural and operational theory of the AFTA Fault Tolerant Data Bus is discussed. The test and maintenance strategy developed for use in fielded AFTA installations is presented. An approach to be used in reducing the probability of AFTA failure due to common mode faults is described. Analytical models for AFTA performance, reliability, availability, life cycle cost, weight, power, and volume are developed. An approach is presented for using VHSIC Hardware Description Language (VHDL) to describe and design AFTA's developmental hardware. A plan is described for verifying and validating key AFTA concepts during the Dem/Val phase. Analytical models and partial mission requirements are used to generate AFTA configurations for the TF/TA/NOE and Ground Vehicle missions

CloudAnchor Smart Contracts

The CloudAnchor platform allows the negotiation of IaaS Cloud resources for Small and Medium Sized Enterprises (SME), either as resource providers or consumers. This project entails the research, design, and implementation of a solution based on smart contracts, with the goal of permanently recording and managing the contracts on a blockchain network. The usage of smart contracts enables safe contract code execution and raises the level of trust, integrity, and traceability of the platform contracts by keeping the data stored in a decentralised manner. To do so, a method to coordinate and submit transactions to the blockchain network must be implemented. The tests carried out indicate that the solution has been successfully implemented, with contract registration saved in a decentralised and safe manner. As a result, there was an increase in the platform’s execution time, caused by the new transactions made to the blockchain.A plataforma CloudAnchor permite a negociação e contratualização de recursos Cloud do tipo IaaS a pequenas e médias empresas, sejam elas fornecedoras ou clientes. Este trabalho inclui o estudo, projeto e implementação de uma solução baseada em smart contracts, com o objetivo de administrar e registar de forma permanente os contratos celebrados numa rede blockchain. A utilização de smart contracts permite executar o respetivo código de forma segura e aumentar o nível de confiança, integridade e rastreabilidade dos contratos celebrados na plataforma, guardando-os de forma descentralizada. Para tal, é necessário implementar um mecanismo de coordenação e submissão de transações para a rede blockchain. Os testes realizados permitiram concluir que a implementação da solução foi bem sucedida, passando os contratos a ficar guardados de forma descentralizada e segura. Em consequência, verificou-se um aumento do tempo de execução da plataforma provocado pelas novas transações com a blockchain

Visualization of Consistency in a Distributed Key-Value Store

A wide variety of consistency models are available to designers of key-value storage systems, such as Apache’s Cassandra or Amazon’s Dynamo. Each consistency model has been extensively analyzed for advantages and disadvantages as they relate to a system’s availability and consistency properties. Our purpose is to create a modular visualization tool, described herein as the visualization authority (VA), supported by unique and customizable communication handlers. We have created a prototype of this tool for the purpose of easily comparing and contrasting consistency models available to a key-value store system such that its designers and administrators can fine-tune the trade-offs between availability and consistency to fit their specific needs.Ope

Viitearkkitehtuuri tapahtumapohjaiselle mikropalveluarkkitehtuurille pilvipalveluissa

The emergence of public cloud computing platforms has had a profound effect on how software is being developed. To take advantage of many of the features of cloud platforms, software architecture of applications must aligned with the characteristics of cloud services. Where systems designed for traditional data center deployments have typically consisted of a single large application and a centralized data store, systems targeting cloud platform have become distributed applications. The microservice architecture is a software architecture style for building distributed systems that consist of autonomous services, each responsible for a single problem domain. Decomposing an application to individual components makes is possible to utilize cloud platform features such as scaling each part of the system according to load and performance. Enterprise applications are the context where the microservice architecture pattern is typically applied. These applications are large, long-lived, in state of constant change and highly integrated to other systems. But building complex enterprise applications as distributed systems poses architectural challenges on how to build a system that is evolvable, maintainable and understandable. This thesis describes patterns for building microservice systems that can scale to a large amount of services while retaining the autonomy the services and the maintainability of the system as a whole. A key factor in these patterns is the use of events for communication between the different components of the system. The thesis then presents a reference architecture on how such a system can be developed by utilizing managed services of a public cloud platform.Lisääntyvä pilvipalveluiden käyttö on vaikuttanut merkittävästi siihen, millaisia sovelluksia kehitetään. Sovelluksen arkkitehtuurin täytyy olla suunniteltu siten, että pilvipalveluiden ominaisuuksia voidaan hyödyntää. Sovellukset, jotka ovat suunniteltu ennen pilvipohjaisia arkkitehtuureja koostuvat tyypillisesti yhdestä suuresta asennettavasta komponentista ja keskitetystä tietovarastosta. Pilvipalveluiden myötä tämän mallin sijaan on ruvettu rakentamaan hajautettuja järjestelmiä. Mikropalveluarkkitehtuuri on ohjelmistoarkkitehtuuri, jossa hajautettu järjestelmä koostetaan yksittäisistä erillisistä palveluista. Jokainen palvelu vastaa järjestelmän tietystä toiminnosta tai osa-alueesta. Arkkitehtuuri, jossa sovellus on pilkottu pieniin autonomisiin komponentteihin mahdollistaa monien pilvipalveluiden ominaisuuksien (kuten kuorman mukaisen skaalauksen) käytn. Monimutkaiset yritysjärjestelmät ovat kenttä, jossa mikropalveluarkkitehtuuria tyypillisesti käytetään. Nämä järjestelmät ovat suuria, jatkuvan muutoksen alaisia ja moninaisin tavoin integroituneita useisiin muihin järjestelmiin. Monimutkaisten yritysjärjestelmien rakentaminen mikropalveluarkkitehtuurilla luo omat haasteensa siinä, miten järjestelmästä saadaan ylläpidettävä, jatkokehityskelpoinen ja ymmärrettävä. Tämä diplomityö kuvaa malleja mikropalvelujärjestelmien rakentamiseen siten, että järjestelmän kasvaessa yksittäiset mikropalvelut pysyvät erillisinä ja autonomisina sekä järjestelmä kokonaisuutena pystyy ylläpidettävänä. Avainrakenne näiden tavoitteiden saavuttamisessa on tapahtumien käyttö tiedon välittämisessä palveluiden välillä. Diplomityössä esitetään sitten viitearkkitehtuuri miten nämä mallit voidaan ottaa käyttöön julkisessa pilvipalvelussa