Sharing Memory between Byzantine Processes using Policy-enforced Tuple Spaces

Abstract—Despite the large amount of Byzantine fault-tolerant algorithms for message-passing systems designed through the years, only recent algorithms for the coordination of processes subject to Byzantine failures using shared memory have appeared. This paper presents a new computing model in which shared memory objects are protected by fine-grained access policies, and a new shared memory object, the Policy-Enforced Augmented Tuple Space (PEATS). We show the benefits of this model by providing simple and efficient consensus algorithms. These algorithms are much simpler and require less shared memory operations, using also less memory bits than previous algorithms based on access control lists (ACLs) and sticky bits. We also prove that PEATS objects are universal, i.e., that they can be used to implement any other shared memory object, and present lock-free and wait-free universal constructions. Index Terms—Byzantine fault-tolerance, shared memory algorithms, tuple spaces, consensus, universal constructions. Ç

The Impact of RDMA on Agreement

Remote Direct Memory Access (RDMA) is becoming widely available in data centers. This technology allows a process to directly read and write the memory of a remote host, with a mechanism to control access permissions. In this paper, we study the fundamental power of these capabilities. We consider the well-known problem of achieving consensus despite failures, and find that RDMA can improve the inherent trade-off in distributed computing between failure resilience and performance. Specifically, we show that RDMA allows algorithms that simultaneously achieve high resilience and high performance, while traditional algorithms had to choose one or another. With Byzantine failures, we give an algorithm that only requires $n \geq 2f_P + 1$ processes (where $f_P$ is the maximum number of faulty processes) and decides in two (network) delays in common executions. With crash failures, we give an algorithm that only requires $n \geq f_P + 1$ processes and also decides in two delays. Both algorithms tolerate a minority of memory failures inherent to RDMA, and they provide safety in asynchronous systems and liveness with standard additional assumptions.Comment: Full version of PODC'19 paper, strengthened broadcast algorith

Sharing memory between Byzantine processes using policy-enforced tuple spaces

Despite the large amount of Byzantine fault-tolerant algorithms for message-passing systems designed through the years, only recently algorithms for the coordination of processes subject to Byzantine failures using shared memory have appeared. This paper presents a new computing model in which shared memory objects are protected by fine-grained access policies, and a new shared memory object, the Policy-Enforced Augmented Tuple Space (PEATS). We show the benefits of this model by providing simple and efficient consensus algorithms. These algorithms are much simpler and require less shared memory operations, using also less memory bits than previous algorithms based on ACLs and sticky bits. We also prove that PEATS objects are universal, i.e., that they can be used to implement any other shared memory object, and present lockfree and wait-free universal constructions

Sharing Memory between Byzantine Processes using Policy-Enforced Tuple Spaces

Despite the large amount of Byzantine fault-tolerant algorithms for message-passing systems designed through the years, only recently algorithms for the coordination of processes subject to Byzantine failures using shared memory have appeared. This paper presents a new computing model in which shared memory objects are protected by fine-grained access policies, and a new shared memory object, the policy-enforced augmented tuple space (PEATS). We show the benefits of this model by providing simple and efficient consensus algorithms. These algorithms are much simpler and use less memory bits than previous algorithms based on ACLs and sticky bits. We also prove that PEATSs are universal (they can be used to implement any shared memory object), and present an universal construction. 1

Provendo privacidade no modelo de coordenação por Espaço de Tuplas

Dissertação (mestrado)—Universidade de Brasília, Instituto de Ciências Exatas, Departamento de Ciência da Computação, 2018.A coordenação entre processos se configura como um grande desafio no desenvolvimento de sistemas distribuídos. Um dos modelos utilizados para realização de coordenação entre processos temporal e espacialmente desacoplados é por Espaços de Tuplas, que consiste em uma implementação de memória compartilhada que provê armazenamento e recuperação de objetos de dados chamados tuplas. Buscas de tuplas são realizadas de modo associativo, através do conteúdo de seus campos. Este tipo de acesso pode impedir que haja privacidade dos dados armazenados, tornando-as vulneráveis a uma série de ataques, já que os servidores precisam acessar dados em claro para realizar buscas. Com o objetivo de sanar este problema, este trabalho apresenta propostas visando prover privacidade no sistema DepSpace, um sistema de coordenação que implementa mecanismos de tolerância a falhas e confiabilidade combinadas com aspectos de segurança. A ideia principal é utilizar esquemas criptográficos de computação privativa, que possibilitam a busca e computação sobre dados cifrados. Assim, os servidores podem operar sobre dados sem tomarem conhecimento dos mesmos. O sistema resultante além de prover privacidade, aumenta suas funcionalidades, tornando-se mais flexível. Apresentamos ainda uma análise de segurança do sistema com as melhorias propostas, juntamente com sua análise de desempenho, explicitando o impacto causado pelos algoritmos criptográficos. Experimentos foram realizados aplicando as propostas à coordenação distribuída extensível, um modelo que utiliza computação dos dados nos servidores para tornar a coordenação mais ágil. Os resultados mostram uma redução de até 90% na latência do sistema e um aumento de até quase 9x na vazão (throughput) no processamento de mecanismos de coordenação em comparação à abordagem tradicional não extensível.The coordination of distributed processes is a big challenge in the development of dis- tributed applications. Tuple spaces provide a model for processes coordination that is decoupled in space and time. Conceptually, tuple spaces are shared memory objects that provide operations to store and retrieve ordered sets of data, called tuples. Tuples stored in a tuple space are accessed by the contents of their fields, working as an associative memory. This kind of access could impair user and data privacy, making these Systems susceptible to several types of attacks since servers need to access plaintext data to search for tuples. In order to deal with this problem, this work proposes mechanisms to provide privacy on DepSpace, a fault-tolerant coordination system that combines dependability and security properties. The main idea is to use privacy-preserving cryptography schemes, that allow search and computation over encrypted data. Consequently, servers could operate over data without knowing them. Beyond to provide privacy, the resulting system increases its functionalities, being more flexible. This work also presents a security analysis of the system with the proposed improvements, together with its performance analysis that shows the impact caused by the cryptographic algorithms. A set of experiments was implemented applying this proposals for extensible distributed coordination, a model that uses data computing on the servers side to make the coordination faster. The results show that it could bring a reduction of up to 90% on the system latency and increase almost 9x its throughput on processing coordination mechanisms, comparing to the non-extensible traditional approach

Tolerância a faltas bizantinas através de hibridização do sistema distribuído

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Ciência da Computação, Florianópolis, 2013.A ocorrência de faltas e falhas nos sistemas computacionais pode levar a catástrofes e prejuízos humanos, estruturais e financeiros. Recentemente, as faltas em sistemas computacionais têm aparecido mais frequentemente sob a forma de intrusões, que são o resultado de um ataque que obtém sucesso ao explorar uma ou mais vulnerabilidades. Uma questão recorrente é a discussão de quanto podemos confiar no funcionamento destes sistemas, demonstrando a necessidade de uma melhor aplicação de conceitos como dependabilidade, onde é esperado que o sistema funcione conforme suas especificações, ainda que alguns componentes apresentem problemas. Replicação de Máquina de Estados é uma técnica comumente utilizada na implementação de serviços distribuídos que toleram faltas e intrusões. Originalmente as abordagens baseadas nesta técnica necessitavam 3f + 1 servidores para tolerar f faltas. Recentemente, através do uso de modelos híbridos, que possuem componentes confiáveis, algumas abordagens conseguiram reduzir este número para 2f + 1. Para construir estes componentes confiáveis é necessário fazer algumas modificações complexas nos servidores, tanto do ponto de vista de software quanto de hardware. A arquitetura de sistema proposta neste trabalho é baseada em um modelo, chamado de modelo híbrido, em que as suposições de sincronismo, presença e severidade de faltas e falhas variam de componente para componente. O modelo aqui proposto utiliza uma abstração de compartilhamento de dados - os Registradores Compartilhados Distribuídos - e explora o uso de tecnologias de virtualização para simplificar a criação da componente inviolável de tolerância a faltas. Com esta arquitetura é possível diminuir a quantidade de recursos computacionais necessários de 3f + 1 para 2f + 1, além de alcançar uma latência (em números de passos para comunicação) comparável apenas com algoritmos especulativos.Abstract : The occurrence of faults and failures in computer systems can lead to disastersand damages in human, structural and financial meanings. Recently,faults in computer systems have appeared most often in the form of intrusions,which are the result of an attack that succeeds by exploiting one ormore vulnerabilities. A recurrent issue is the discussion of how much we cantrust in the execution of these systems, demonstrating the need for better implementationof concepts such as dependability, where it is expected that thesystem works according to their specifications, although some componentshave problems. State Machine Replication is a technique commonly usedin the implementation of distributed services that tolerate faults and intrusions.Originally approaches based on this technique needed 3 f +1 servers totolerate f faults. Recently, through the use of hybrid models that have reliablecomponents, some approaches have succeeded in reducing this numberto 2 f +1. To build these reliable components is necessary to make somecomplex modifications in the servers, in meanings of software and hardware.The system architecture proposed in this work is based on a hybrid model, inwhich the assumptions of timing, presence and severity of faults and failuresvary from component to component. The proposed model uses an abstractionof data sharing - Distributed Shared Registers - and explores the use of virtualizationtechnologies to simplify the creation of the fault tolerant tamperproofcomponent. With this architecture it is possible to reduce the amount of computationalresources needed from 3 f +1 to 2 f+ 1, and achieve a latency(in terms of number of communication steps) comparable only to speculativealgorithms