Experiências com tolerância a faltas no CORBA e extensões ao FT-CORBA para sistemas distribuidos de larga escala

Tese (doutorado) - Universidade Federal de Santa Catarina, Centro Tecnológico. Programa de Pós-Graduação em Engenharia Elétrica.Esta tese apresenta nossas experiências com tolerância a faltas no CORBA e uma proposta de extensão das especificações Fault-Tolerant CORBA para sistemas distribuídos de larga escala. A motivação deste trabalho foi a inadequação ou a falta de definições nas especificações FT-CORBA que permitissem atender a requisitos de tolerância a falta para sistemas de larga escala, tal como a Internet. Neste trabalho é apresentado um conjunto de soluções, englobando detecção de falhas, membership e comunicação de grupo, que visam principalmente atender aspectos de escalabilidade, necessários quando são tratados sistemas desta natureza. A principal contribuição desta trabalho é a proposta de um modelo de hierarquia de domínios de tolerância a faltas que facilita o gerenciamento e comunicação de grupo interdomínio

Sharing Memory between Byzantine Processes using Policy-enforced Tuple Spaces

Abstract—Despite the large amount of Byzantine fault-tolerant algorithms for message-passing systems designed through the years, only recent algorithms for the coordination of processes subject to Byzantine failures using shared memory have appeared. This paper presents a new computing model in which shared memory objects are protected by fine-grained access policies, and a new shared memory object, the Policy-Enforced Augmented Tuple Space (PEATS). We show the benefits of this model by providing simple and efficient consensus algorithms. These algorithms are much simpler and require less shared memory operations, using also less memory bits than previous algorithms based on access control lists (ACLs) and sticky bits. We also prove that PEATS objects are universal, i.e., that they can be used to implement any other shared memory object, and present lock-free and wait-free universal constructions. Index Terms—Byzantine fault-tolerance, shared memory algorithms, tuple spaces, consensus, universal constructions. Ç

Asynchronous Byzantine Consensus with 2f+1 Processes (extended version)

Reviewed by Paulo J. SousaByzantine consensus in asynchronous message-passing systems has been shown to require at least $3f+1$ processes to be solvable in several system models (e.g., with failure detectors, partial synchrony or randomization). Recently a couple of solutions to implement Byzantine fault-tolerant state-machine replication using only $2f+1$ replicas have appeared. This reduction from $3f+1$ to $2f+1$ is possible with a hybrid system model, i.e., by extending the system model with trusted/trustworthy components that constrain the power of faulty processes to have certain behaviors. Despite these important results, the problem of solving Byzantine consensus with only $2f+1$ processes is still far from being well understood. In this paper we present a methodology to transform crash consensus algorithms into Byzantine consensus algorithms with different characteristics, with the assistance of a reliable broadcast primitive that requires trusted/trustworthy components to be implemented. We exemplify the methodology with two algorithms, one that uses failure detectors and one that is randomized. We also define a new flavor of consensus and use it to solve atomic broadcast with only $2f+1$ processes, showing the practical interest of the consensus algorithms presented

Low Complexity Byzantine-Resilient Consensus

The application of the tolerance paradigm to security intrusion tolerance has been raising a good deal of attention in the dependability and security communities. This paper is concerned with a novel approach to intrusion tolerance. The idea is to use privileged distributed components generically designated by wormholes to support the execution of intrusion-tolerant protocols, often called Byzantine-resilient protocols in the literature. The paper introduces the design of wormhole-aware intrusion-tolerant protocols using a classical distributed systems problem: consensus. The system where the consensus protocol runs is mostly asynchronous and can fail in an arbitrary way, except for the wormhole, which is secure and synchronous. Using the wormhole to execute a few critical steps, the protocol manages to have a low time complexity: in the best case, it runs in a single round, even if some processes are malicious. The protocol is also arguably faster than classical Byzantine protocols, because it does not use public-key cryptography in runtime. The protocol has the interesting feature of not being bound by the FLP impossibility resul

How Practical Are Intrusion-Tolerant Distributed Systems?

Building secure, inviolable systems using traditional mechanisms is becoming increasingly an unattainable goal. The recognition of this fact has fostered the interest in alternative approaches to security such as intrusion tolerance, which applies fault tolerance concepts and techniques to security problems. Albeit this area is quite promising, intrusion-tolerant distributed systems typically rely on the assumption that the system components fail or are compromised independently. This is a strong assumption that has been repeatedly questioned. In this paper we discuss how this assumption can be implemented in practice using diversity of system components. We present a taxonomy of axes of diversity and discuss how they provide failure independence. Furthermore, we provide a practical example of an intrusion-tolerant system built using diversity

Minimal Byzantine Fault Tolerance: Algorithm and Evaluation

This paper presents two asynchronous Byzantine faulttolerant state machine replication (BFT) algorithms that are minimal in several senses. First, they require only 2 f +1 replicas, instead of the usual 3 f +1. Second, the trusted service in which this reduction of replicas is based is arguably minimal, so it is simple to verify and implement (which is possible even using commercial trusted hardware). Third, in nice executions the two algorithms run in the minimum number of communication steps for nonspeculative and speculative algorithms, respectively 4 and 3 steps. Besides the obvious benefits in terms of cost, resilience and management complexity of having less replicas to tolerate a certain number of faults, our algorithms are simpler than previous ones (being closer to crash faulttolerant replication algorithms). The performance evaluation shows that, even with the trusted component access overhead, they can have better throughput than Castro and Liskov’s PBFT, and better latency in networks with nonnegligible communication delays. Comparing with the previous paper [49], this version presents a slight modifications of the algorithms, the proof of their correctness and a new performance evaluation

Is respiratory viral infection really an important trigger of asthma exacerbations in children?

We performed a prospective cohort study from September 2003 to December 2004 to delineate attributing the effect of different respiratory viral infections including newly discovered ones to asthma exacerbations in children in Hong Kong. One hundred and fourteen children aged 6–14 years with chronic stable asthma and on regular inhaled steroid were monitored for respiratory symptoms over a full calendar year from recruitment. They would attend the study clinic if peak expiratory flow rate decreased to below 80% of their baselines, if they met a predefined symptom score, or if parents subjectively felt them developing a cold. Virological diagnosis using virus culture, antigen detection, and polymerase chain reaction methods on nasal swab specimens would be attempted for all these visits irrespective of triggers. Physician diagnosed outcome of each episode was documented. Three hundred and five episodes of respiratory illnesses were captured in the cohort. Nasal specimens were available in 166 episodes, 92 of which were diagnosed as asthma exacerbations, and 74 non-asthma related episodes. Respiratory viruses were detected in 61 of 166 episodes (36.7%). There was no significant difference in virus detection rate between asthma exacerbations (32 out of 97 episodes, 34.8%) and non-asthma respiratory illnesses (29 out of 79 episodes, 39.2%). Although newly discovered respiratory viruses were identified in these episodes, rhinovirus was the commonest organism associated with both asthma exacerbations and non-asthma related episodes. Plausible explanations for much lower virus detection rate than previously reported include improved personal hygiene and precautionary measures taken during respiratory tract infections in the immediate post-severe acute respiratory syndrome period together with a significant contribution of other adverse factors like environmental air pollution. We conclude that not all viral infections in children with asthma lead to an asthma exacerbation and the attributing effect of different triggers of asthma exacerbations in children vary across different time periods and across different localities

First Specification of APIs and Protocols for the MAFTIA Middleware

This document describes the first specification of the APIs and Protocols for the MAFTIA Middleware. The architecture of the middleware subsystem has been described in a previous document, where the several modules and services were introduced: Activity Services; Communication Services; Network Abstraction; Trusted and Untrusted Components. The purpose of the present document is to make concrete the functionality of the middleware components, by defining their application programming interfaces, and describing the protocols implementing the above-mentioned functionalit