Sharing Memory between Byzantine Processes using Policy-enforced Tuple Spaces

Abstract—Despite the large amount of Byzantine fault-tolerant algorithms for message-passing systems designed through the years, only recent algorithms for the coordination of processes subject to Byzantine failures using shared memory have appeared. This paper presents a new computing model in which shared memory objects are protected by fine-grained access policies, and a new shared memory object, the Policy-Enforced Augmented Tuple Space (PEATS). We show the benefits of this model by providing simple and efficient consensus algorithms. These algorithms are much simpler and require less shared memory operations, using also less memory bits than previous algorithms based on access control lists (ACLs) and sticky bits. We also prove that PEATS objects are universal, i.e., that they can be used to implement any other shared memory object, and present lock-free and wait-free universal constructions. Index Terms—Byzantine fault-tolerance, shared memory algorithms, tuple spaces, consensus, universal constructions. Ç

The Impact of RDMA on Agreement

Remote Direct Memory Access (RDMA) is becoming widely available in data centers. This technology allows a process to directly read and write the memory of a remote host, with a mechanism to control access permissions. In this paper, we study the fundamental power of these capabilities. We consider the well-known problem of achieving consensus despite failures, and find that RDMA can improve the inherent trade-off in distributed computing between failure resilience and performance. Specifically, we show that RDMA allows algorithms that simultaneously achieve high resilience and high performance, while traditional algorithms had to choose one or another. With Byzantine failures, we give an algorithm that only requires $n \geq 2f_P + 1$ processes (where $f_P$ is the maximum number of faulty processes) and decides in two (network) delays in common executions. With crash failures, we give an algorithm that only requires $n \geq f_P + 1$ processes and also decides in two delays. Both algorithms tolerate a minority of memory failures inherent to RDMA, and they provide safety in asynchronous systems and liveness with standard additional assumptions.Comment: Full version of PODC'19 paper, strengthened broadcast algorith

Frugal Byzantine Computing

Traditional techniques for handling Byzantine failures are expensive: digital signatures are too costly, while using 3f+1 replicas is uneconomical (f denotes the maximum number of Byzantine processes). We seek algorithms that reduce the number of replicas to 2f+1 and minimize the number of signatures. While the first goal can be achieved in the message-and-memory model, accomplishing the second goal simultaneously is challenging. We first address this challenge for the problem of broadcasting messages reliably. We study two variants of this problem, Consistent Broadcast and Reliable Broadcast, typically considered very close. Perhaps surprisingly, we establish a separation between them in terms of signatures required. In particular, we show that Consistent Broadcast requires at least 1 signature in some execution, while Reliable Broadcast requires O(n) signatures in some execution. We present matching upper bounds for both primitives within constant factors. We then turn to the problem of consensus and argue that this separation matters for solving consensus with Byzantine failures: we present a practical consensus algorithm that uses Consistent Broadcast as its main communication primitive. This algorithm works for n = 2f+1 and avoids signatures in the common case - properties that have not been simultaneously achieved previously. Overall, our work approaches Byzantine computing in a frugal manner and motivates the use of Consistent Broadcast - rather than Reliable Broadcast - as a key primitive for reaching agreement

Software-implemented attack tolerance for critical information retrieval

The fast-growing reliance of our daily life upon online information services often demands an appropriate level of privacy protection as well as highly available service provision. However, most existing solutions have attempted to address these problems separately. This thesis investigates and presents a solution that provides both privacy protection and fault tolerance for online information retrieval. A new approach to Attack-Tolerant Information Retrieval (ATIR) is developed based on an extension of existing theoretical results for Private Information Retrieval (PIR). ATIR uses replicated services to protect a user's privacy and to ensure service availability. In particular, ATIR can tolerate any collusion of up to t servers for privacy violation and up to ƒ faulty (either crashed or malicious) servers in a system with k replicated servers, provided that k ≥ t + ƒ + 1 where t ≥ 1 and ƒ ≤ t. In contrast to other related approaches, ATIR relies on neither enforced trust assumptions, such as the use of tanker-resistant hardware and trusted third parties, nor an increased number of replicated servers. While the best solution known so far requires k (≥ 3t + 1) replicated servers to cope with t malicious servers and any collusion of up to t servers with an O(n^*^) communication complexity, ATIR uses fewer servers with a much improved communication cost, O(n1/2)(where n is the size of a database managed by a server).The majority of current PIR research resides on a theoretical level. This thesis provides both theoretical schemes and their practical implementations with good performance results. In a LAN environment, it takes well under half a second to use an ATIR service for calculations over data sets with a size of up to 1MB. The performance of the ATIR systems remains at the same level even in the presence of server crashes and malicious attacks. Both analytical results and experimental evaluation show that ATIR offers an attractive and practical solution for ever-increasing online information applications

Coordenação desacoplada tolerante a faltas bizantinas

Tese (doutorado) - Universidade Federal de Santa Catarina, Centro Tecnológico. Programa de Pós-graduação em Engenharia ElétricaSistemas distribuídos abertos são tipicamente compostos por um número desconhecido e variável de processos executando em um ambiente heterogêneo, onde as comunicações muitas vezes requerem desconexões temporárias e segurança contra ações maliciosas. A coordenação por espaço de tuplas é um modelo de comunicação bastante conhecido para estes ambientes pois provê comunicação desacoplada tanto no tempo (os processos não precisam estar ativos ao mesmo tempo para interagirem) quanto no espaço (os processos não necessitam saber os endereços uns dos outros). Vários trabalhos têm tentado melhorar a segurança de funcionamento dos espaços de tuplas através do uso de replicação e transações para tolerância a faltas ou controle de acesso e criptografia para segurança. Entretanto, muitas aplicações práticas na Internet requerem ambas estas dimensões. Nesta tese, o modelo de coordenação por espaços de tuplas é usado para resolver o problema da coordenação desacoplada em ambientes não confiáveis, i.e., onde os processos estão sujeitos a falhas bizantinas (podem desviar-se arbitrariamente de suas especificações). Os resultados aqui apresentados atacam dois problemas básicos: (1) como construir espaços de tuplas com segurança de funcionamento (seguros e tolerantes a faltas bizantinas), e (2) como usar estes espaços para resolução de problemas fundamentais em computação distribuída. Os resultados referentes a (1) são uma arquitetura para espaço de tuplas com segurança de funcionamento que integra mecanismos de segurança e tolerância a faltas, duas construções eficientes para espaços de tuplas tolerantes a faltas bizantinas baseadas em uma nova filosofia de replicação, e um esquema de confidencialidade para espaços de tuplas replicados. Com relação á (2), é mostrado que um espaço de tuplas aumentado protegido por políticas de granularidade fina pode ser usado para resolver eficientemente vários problemas em computação distribuída mesmo com processos sujeitos a falta

Security Engineering of Patient-Centered Health Care Information Systems in Peer-to-Peer Environments: Systematic Review

Background: Patient-centered health care information systems (PHSs) enable patients to take control and become knowledgeable about their own health, preferably in a secure environment. Current and emerging PHSs use either a centralized database, peer-to-peer (P2P) technology, or distributed ledger technology for PHS deployment. The evolving COVID-19 decentralized Bluetooth-based tracing systems are examples of disease-centric P2P PHSs. Although using P2P technology for the provision of PHSs can be flexible, scalable, resilient to a single point of failure, and inexpensive for patients, the use of health information on P2P networks poses major security issues as users must manage information security largely by themselves. Objective: This study aims to identify the inherent security issues for PHS deployment in P2P networks and how they can be overcome. In addition, this study reviews different P2P architectures and proposes a suitable architecture for P2P PHS deployment. Methods: A systematic literature review was conducted following PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) reporting guidelines. Thematic analysis was used for data analysis. We searched the following databases: IEEE Digital Library, PubMed, Science Direct, ACM Digital Library, Scopus, and Semantic Scholar. The search was conducted on articles published between 2008 and 2020. The Common Vulnerability Scoring System was used as a guide for rating security issues. Results: Our findings are consolidated into 8 key security issues associated with PHS implementation and deployment on P2P networks and 7 factors promoting them. Moreover, we propose a suitable architecture for P2P PHSs and guidelines for the provision of PHSs while maintaining information security. Conclusions: Despite the clear advantages of P2P PHSs, the absence of centralized controls and inconsistent views of the network on some P2P systems have profound adverse impacts in terms of security. The security issues identified in this study need to be addressed to increase patients\u27 intention to use PHSs on P2P networks by making them safe to use

Tools and Algorithms for the Construction and Analysis of Systems

This book is Open Access under a CC BY licence. The LNCS 11427 and 11428 proceedings set constitutes the proceedings of the 25th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2019, which took place in Prague, Czech Republic, in April 2019, held as part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2019. The total of 42 full and 8 short tool demo papers presented in these volumes was carefully reviewed and selected from 164 submissions. The papers are organized in topical sections as follows: Part I: SAT and SMT, SAT solving and theorem proving; verification and analysis; model checking; tool demo; and machine learning. Part II: concurrent and distributed systems; monitoring and runtime verification; hybrid and stochastic systems; synthesis; symbolic verification; and safety and fault-tolerant systems

Secure Abstractions for Trusted Cloud Computation

Cloud computing is adopted by most organizations due to its characteristics, namely offering on-demand resources and services that can quickly be provisioned with minimal management effort and maintenance expenses for its users. However it still suffers from security incidents which have lead to many data security concerns and reluctance in further adherence. With the advent of these incidents, cryptographic technologies such as homomorphic and searchable encryption schemes were leveraged to provide solutions that mitigated data security concerns. The goal of this thesis is to provide a set of secure abstractions to serve as a tool for programmers to develop their own distributed applications. Furthermore, these abstractions can also be used to support trusted cloud computations in the context of NoSQL data stores. For this purpose we leveraged conflict-free replicated data types (CRDTs) as they provide a mechanism to ensure data consistency when replicated that has no need for synchronization, which aligns well with the distributed and replicated nature of the cloud, and the aforementioned cryptographic technologies to comply with the security requirements. The main challenge of this thesis consisted in combining the cryptographic technologies with the CRDTs in such way that it was possible to support all of the data structures functionalities over ciphertext while striving to attain the best security and performance possible. To evaluate our abstractions we conducted an experiment to compare each secure abstraction with their non secure counterpart performance wise. Additionally, we also analysed the security level provided by each of the structures in light of the cryptographic scheme used to support it. The results of our experiment shows that our abstractions provide the intended data security with an acceptable performance overhead, showing that it has potential to be used to build solutions for trusted cloud computation