Aeolus Reference Manual

This document describes the interface that the Aeolus information flow platform provides for users who are implementing applications using Java. The document explains how the Aeolus features are made available by means of a Java library

Automatic Reconfiguration for Large-Scale Reliable Storage Systems

Byzantine-fault-tolerant replication enhances the availability and reliability of Internet services that store critical state and preserve it despite attacks or software errors. However, existing Byzantine-fault-tolerant storage systems either assume a static set of replicas, or have limitations in how they handle reconfigurations (e.g., in terms of the scalability of the solutions or the consistency levels they provide). This can be problematic in long-lived, large-scale systems where system membership is likely to change during the system lifetime. In this paper, we present a complete solution for dynamically changing system membership in a large-scale Byzantine-fault-tolerant system. We present a service that tracks system membership and periodically notifies other system nodes of membership changes. The membership service runs mostly automatically, to avoid human configuration errors; is itself Byzantine-fault-tolerant and reconfigurable; and provides applications with a sequence of consistent views of the system membership. We demonstrate the utility of this membership service by using it in a novel distributed hash table called dBQS that provides atomic semantics even across changes in replica sets. dBQS is interesting in its own right because its storage algorithms extend existing Byzantine quorum protocols to handle changes in the replica set, and because it differs from previous DHTs by providing Byzantine fault tolerance and offering strong semantics. We implemented the membership service and dBQS. Our results show that the approach works well, in practice: the membership service is able to manage a large system and the cost to change the system membership is low

Viewstamped Replication Revisited

This paper presents an updated version of Viewstamped Replication, a replication technique that handles failures in which nodes crash. It describes how client requests are handled, how the group reorganizes when a replica fails, and how a failed replica is able to rejoin the group. The paper also describes a number of important optimizations and presents a protocol for handling reconfigurations that can change both the group membership and the number of failures the group is able to handle

Solving the At-Most-Once Problem with Nearly Optimal Effectiveness

We present and analyze a wait-free deterministic algorithm for solving the at-most-once problem: how m shared-memory fail-prone processes perform asynchronously n jobs at most once. Our algorithmic strategy provides for the first time nearly optimal effectiveness, which is a measure that expresses the total number of jobs completed in the worst case. The effectiveness of our algorithm equals n-2m+2. This is up to an additive factor of m close to the known effectiveness upper bound n-m+1 over all possible algorithms and improves on the previously best known deterministic solutions that have effectiveness only n-log m o(n). We also present an iterative version of our algorithm that for any $m = O\left(\sqrt[3+\epsilon]{n/\log n}\right)$ is both effectiveness-optimal and work-optimal, for any constant $\epsilon > 0$. We then employ this algorithm to provide a new algorithmic solution for the Write-All problem which is work optimal for any $m=O\left(\sqrt[3+\epsilon]{n/\log n}\right)$.Comment: Updated Version. A Brief Announcement was published in PODC 2011. An Extended Abstract was published in the proceeding of ICDCN 2012. A full version was published in Theoretical Computer Science, Volume 496, 22 July 2013, Pages 69 - 8

Object orientation without extending Z

The good news of this paper is that without extending Z, we can elegantly specify object-oriented systems, including encapsulation, inheritance and subtype polymorphism (dynamic dispatch). The bad news is that this specification style is rather different to normal Z specifications, more abstract and axiomatic, which means that it is not so well supported by current Z tools such as animators. It also enforces behavioural subtyping, unlike most object-oriented programming languages. This paper explains the proposed style, with examples, and discusses its advantages and disadvantages

A practical, perfectly secure password scheme in the bounded retrieval model

In this paper, we present a practical password scheme due to Spilman, which is perfectly secure in the bounded retrieval model, assuming ideal hash functions. The construction is based on a hash-like function com- puted by a third party “facilitator”. The facilitator is trusted, and security derives from the facilitator’s long random secret, although the adversary is assumed to be able to retrieve a large fraction of that secret. Unlike the traditional “salted and hashed password” approach, this scheme is secure against an adversary capable of performing brute force dictionary attacks offline. The key security property for the facilitator function is a form of uncloneability, that prevents the adversary from calculating function values offline

The universality of iterated hashing over variable-length strings

Iterated hash functions process strings recursively, one character at a time. At each iteration, they compute a new hash value from the preceding hash value and the next character. We prove that iterated hashing can be pairwise independent, but never 3-wise independent. We show that it can be almost universal over strings much longer than the number of hash values; we bound the maximal string length given the collision probability

HQ Replication: Properties and Optimizations

There are currently two approaches to providing Byzantine-fault-tolerant state machine replication: a replica-based approach, e.g., BFT, that uses communication between replicas to agree on a proposed ordering of requests, and a quorum-based approach, such as Q/U, in which clients contact replicas directly to optimistically execute operations. Both approaches have shortcomings: the quadratic cost of inter-replica communication is unnecessary when there is no contention, and Q/U requires a large number of replicas and performs poorly under contention.We present HQ, a hybrid Byzantine-fault-tolerant state machine replication protocol that overcomes these problems. HQ employs a lightweight quorum-based protocol when there is no contention, but uses BFT to resolve contention when it arises. Furthermore, HQ uses only 3f+1 replicas to tolerate f faults, providing optimal resilience to node failures.We implemented a prototype of HQ, and we compare its performance to BFT and Q/U analytically and experimentally. Additionally, in this work we use a new implementation of BFT designed to scale as the number of faults increases. Our results show that both HQ and our new implementation of BFT scale as f increases; additionally our hybrid approach of using BFT to handle contention works well

What Happens Next? A Grounded Theory Exploration of the Psychological Impact of Leaving the Gang

Very little research exists regarding the psychological impacts of gang membership and the mental health needs of gang members. Of the few studies that have been conducted, gang members were found to have increased rates of post-traumatic stress disorder (1.77 odds), current substance abuse (2.58 odds), oppositional defiant disorder, (1.24 odds) and conduct disorder (4.05 odds) (Harris, Elkins, Butler, Shelton, Robles, Kwok, Simpson, Young, Mayhew, Brown, & Sargent, 2013). Violent ruminative thinking, violent victimization and fear of further victimization were also significantly higher in gang members and believed to account for high levels of psychosis and anxiety disorder in gang members (Coid, Ullrich, Keers, Bebbington, DeStavola, Kallis, Yang, Reiss, Jenkins, & Donnelly, 2013). A gap remains in the gang literature for the role of psychology generally, as well as research focusing on the psychological implications of gang membership, and the mental health needs of former gang members. This study will address these gaps and add to the current gang desistance literature by focusing on the psychological process involved with gang desistance using a qualitative approach. The primary purpose of this grounded theory study is to understand the psychological process an individual experiences when leaving a gang. 11 youth associated with the gang prevention program GRASP, and who identified as former gang members, or in the process of leaving the gang, were interviewed. The study aimed to create a model representing the psychological process a former gang member experiences after deciding to leave the gang and end their gang ties, as well as to better understand the specific mental health impacts for this population. In the resulting model, Negative Impacts on Mental Health falls under the Core Category: Living with Continuous Internal Struggles and Emotional Discord. Youth described various negative impacts on their mental health, including experiencing stress and anxiety, depression, bipolar disorder, trauma symptoms, and the impact of grief and loss

Expressing Measurement Uncertainty in OCL/UML Datatypes

Uncertainty is an inherent property of any measure or estimation performed in any physical setting, and therefore it needs to be considered when modeling systems that manage real data. Although several modeling languages permit the representation of measurement uncertainty for describing certain system attributes, these aspects are not normally incorporated into their type systems. Thus, operating with uncertain values and propagating uncertainty are normally cumbersome processes, di cult to achieve at the model level. This paper proposes an extension of OCL and UML datatypes to incorporate data uncertainty coming from physical measurements or user estimations into the models, along with the set of operations de ned for the values of these types.Universidad de Málaga. Campus de Excelencia Internacional Andalucía Tech