19,122 research outputs found
Hosting Byzantine Fault Tolerant Services on a Chord Ring
In this paper we demonstrate how stateful Byzantine Fault Tolerant services
may be hosted on a Chord ring. The strategy presented is fourfold: firstly a
replication scheme that dissociates the maintenance of replicated service state
from ring recovery is developed. Secondly, clients of the ring based services
are made replication aware. Thirdly, a consensus protocol is introduced that
supports the serialization of updates. Finally Byzantine fault tolerant
replication protocols are developed that ensure the integrity of service data
hosted on the ring.Comment: Submitted to DSN 2007 Workshop on Architecting Dependable System
Kompics: a message-passing component model for building distributed systems
The Kompics component model and programming framework was designedto simplify the development of increasingly complex distributed systems. Systems built with Kompics leverage multi-core machines out of the box and they can be dynamically reconfigured to support hot software upgrades. A simulation framework enables deterministic debugging and reproducible performance evaluation of unmodified Kompics distributed systems.
We describe the component model and show how to program and compose event-based distributed systems. We present the architectural patterns and abstractions that Kompics facilitates and we highlight a case study of a complex
distributed middleware that we have built with Kompics. We show how our approach enables systematic development and evaluation of large-scale and dynamic distributed systems
An Alloy Verification Model for Consensus-Based Auction Protocols
Max Consensus-based Auction (MCA) protocols are an elegant approach to
establish conflict-free distributed allocations in a wide range of network
utility maximization problems. A set of agents independently bid on a set of
items, and exchange their bids with their first hop-neighbors for a distributed
(max-consensus) winner determination. The use of MCA protocols was proposed,
, to solve the task allocation problem for a fleet of unmanned aerial
vehicles, in smart grids, or in distributed virtual network management
applications. Misconfigured or malicious agents participating in a MCA, or an
incorrect instantiation of policies can lead to oscillations of the protocol,
causing, , Service Level Agreement (SLA) violations.
In this paper, we propose a formal, machine-readable, Max-Consensus Auction
model, encoded in the Alloy lightweight modeling language. The model consists
of a network of agents applying the MCA mechanisms, instantiated with
potentially different policies, and a set of predicates to analyze its
convergence properties. We were able to verify that MCA is not resilient
against rebidding attacks, and that the protocol fails (to achieve a
conflict-free resource allocation) for some specific combinations of policies.
Our model can be used to verify, with a "push-button" analysis, the convergence
of the MCA mechanism to a conflict-free allocation of a wide range of policy
instantiations
The Weakest Failure Detector for Eventual Consistency
In its classical form, a consistent replicated service requires all replicas
to witness the same evolution of the service state. Assuming a message-passing
environment with a majority of correct processes, the necessary and sufficient
information about failures for implementing a general state machine replication
scheme ensuring consistency is captured by the {\Omega} failure detector. This
paper shows that in such a message-passing environment, {\Omega} is also the
weakest failure detector to implement an eventually consistent replicated
service, where replicas are expected to agree on the evolution of the service
state only after some (a priori unknown) time. In fact, we show that {\Omega}
is the weakest to implement eventual consistency in any message-passing
environment, i.e., under any assumption on when and where failures might occur.
Ensuring (strong) consistency in any environment requires, in addition to
{\Omega}, the quorum failure detector {\Sigma}. Our paper thus captures, for
the first time, an exact computational difference be- tween building a
replicated state machine that ensures consistency and one that only ensures
eventual consistency
Reconfigurable Lattice Agreement and Applications
Reconfiguration is one of the central mechanisms in distributed systems. Due to failures and connectivity disruptions, the very set of service replicas (or servers) and their roles in the computation may have to be reconfigured over time. To provide the desired level of consistency and availability to applications running on top of these servers, the clients of the service should be able to reach some form of agreement on the system configuration. We observe that this agreement is naturally captured via a lattice partial order on the system states. We propose an asynchronous implementation of reconfigurable lattice agreement that implies elegant reconfigurable versions of a large class of lattice abstract data types, such as max-registers and conflict detectors, as well as popular distributed programming abstractions, such as atomic snapshot and commit-adopt
Model Checking Paxos in Spin
We present a formal model of a distributed consensus algorithm in the
executable specification language Promela extended with a new type of guards,
called counting guards, needed to implement transitions that depend on majority
voting. Our formalization exploits abstractions that follow from reduction
theorems applied to the specific case-study. We apply the model checker Spin to
automatically validate finite instances of the model and to extract
preconditions on the size of quorums used in the election phases of the
protocol.Comment: In Proceedings GandALF 2014, arXiv:1408.556
Towards formal models and languages for verifiable Multi-Robot Systems
Incorrect operations of a Multi-Robot System (MRS) may not only lead to
unsatisfactory results, but can also cause economic losses and threats to
safety. These threats may not always be apparent, since they may arise as
unforeseen consequences of the interactions between elements of the system.
This call for tools and techniques that can help in providing guarantees about
MRSs behaviour. We think that, whenever possible, these guarantees should be
backed up by formal proofs to complement traditional approaches based on
testing and simulation.
We believe that tailored linguistic support to specify MRSs is a major step
towards this goal. In particular, reducing the gap between typical features of
an MRS and the level of abstraction of the linguistic primitives would simplify
both the specification of these systems and the verification of their
properties. In this work, we review different agent-oriented languages and
their features; we then consider a selection of case studies of interest and
implement them useing the surveyed languages. We also evaluate and compare
effectiveness of the proposed solution, considering, in particular, easiness of
expressing non-trivial behaviour.Comment: Changed formattin
- …