Hosting Byzantine Fault Tolerant Services on a Chord Ring

In this paper we demonstrate how stateful Byzantine Fault Tolerant services may be hosted on a Chord ring. The strategy presented is fourfold: firstly a replication scheme that dissociates the maintenance of replicated service state from ring recovery is developed. Secondly, clients of the ring based services are made replication aware. Thirdly, a consensus protocol is introduced that supports the serialization of updates. Finally Byzantine fault tolerant replication protocols are developed that ensure the integrity of service data hosted on the ring.Comment: Submitted to DSN 2007 Workshop on Architecting Dependable System

A Peer-to-Peer Middleware Framework for Resilient Persistent Programming

The persistent programming systems of the 1980s offered a programming model that integrated computation and long-term storage. In these systems, reliable applications could be engineered without requiring the programmer to write translation code to manage the transfer of data to and from non-volatile storage. More importantly, it simplified the programmer's conceptual model of an application, and avoided the many coherency problems that result from multiple cached copies of the same information. Although technically innovative, persistent languages were not widely adopted, perhaps due in part to their closed-world model. Each persistent store was located on a single host, and there were no flexible mechanisms for communication or transfer of data between separate stores. Here we re-open the work on persistence and combine it with modern peer-to-peer techniques in order to provide support for orthogonal persistence in resilient and potentially long-running distributed applications. Our vision is of an infrastructure within which an application can be developed and distributed with minimal modification, whereupon the application becomes resilient to certain failure modes. If a node, or the connection to it, fails during execution of the application, the objects are re-instantiated from distributed replicas, without their reference holders being aware of the failure. Furthermore, we believe that this can be achieved within a spectrum of application programmer intervention, ranging from minimal to totally prescriptive, as desired. The same mechanisms encompass an orthogonally persistent programming model. We outline our approach to implementing this vision, and describe current progress.Comment: Submitted to EuroSys 200

Promoting Component Reuse by Separating Transmission Policy from Implementation

In this paper we present a methodology and set of tools which assist the construction of applications from components, by separating the issues of transmission policy from component definition and implementation. This promotes a greater degree of software reuse than is possible using traditional middleware environments. Whilst component technologies are usually presented as a mechanism for promoting reuse, reuse is often limited due to design choices that permeate component implementation. The programmer has no direct control over inter-address-space parameter passing semantics: it is fixed by the distributed application's structure, based on the remote accessibility of the components. Using traditional middleware tools and environments, the application designer may be forced to use an unnatural encoding of application level semantics since application parameter passing semantics are tightly coupled with the component deployment topology. This paper describes how inter-address-space parameter passing semantics may be decided independently of component implementation. Transmission policy may be dynamically defined on a per-class, per-method or per-parameter basis.Comment: Submitted to ICDCS 200

Towards Adaptable and Adaptive Policy-Free Middleware

We believe that to fully support adaptive distributed applications, middleware must itself be adaptable, adaptive and policy-free. In this paper we present a new language-independent adaptable and adaptive policy framework suitable for integration in a wide variety of middleware systems. This framework facilitates the construction of adaptive distributed applications. The framework addresses adaptability through its ability to represent a wide range of specific middleware policies. Adaptiveness is supported by a rich contextual model, through which an application programmer may control precisely how policies should be selected for any particular interaction with the middleware. A contextual pattern mechanism facilitates the succinct expression of both coarse- and fine-grain policy contexts. Policies may be specified and altered dynamically, and may themselves take account of dynamic conditions. The framework contains no hard-wired policies; instead, all policies can be configured.Comment: Submitted to Dependable and Adaptive Distributed Systems Track, ACM SAC 200

RAFDA: A Policy-Aware Middleware Supporting the Flexible Separation of Application Logic from Distribution

Middleware technologies often limit the way in which object classes may be used in distributed applications due to the fixed distribution policies that they impose. These policies permeate applications developed using existing middleware systems and force an unnatural encoding of application level semantics. For example, the application programmer has no direct control over inter-address-space parameter passing semantics. Semantics are fixed by the distribution topology of the application, which is dictated early in the design cycle. This creates applications that are brittle with respect to changes in distribution. This paper explores technology that provides control over the extent to which inter-address-space communication is exposed to programmers, in order to aid the creation, maintenance and evolution of distributed applications. The described system permits arbitrary objects in an application to be dynamically exposed for remote access, allowing applications to be written without concern for distribution. Programmers can conceal or expose the distributed nature of applications as required, permitting object placement and distribution boundaries to be decided late in the design cycle and even dynamically. Inter-address-space parameter passing semantics may also be decided independently of object implementation and at varying times in the design cycle, again possibly as late as run-time. Furthermore, transmission policy may be defined on a per-class, per-method or per-parameter basis, maximizing plasticity. This flexibility is of utility in the development of new distributed applications, and the creation of management and monitoring infrastructures for existing applications.Comment: Submitted to EuroSys 200

A peer-to-peer infrastructure for resilient web services

This work is funded by GR/M78403 “Supporting Internet Computation in Arbitrary Geographical Locations” and GR/R51872 “Reflective Application Framework for Distributed Architectures”, and by Nuffield Grant URB/01597/G “Peer-to-Peer Infrastructure for Autonomic Storage Architectures”This paper describes an infrastructure for the deployment and use of Web Services that are resilient to the failure of the nodes that host those services. The infrastructure presents a single interface that provides mechanisms for users to publish services and to find hosted services. The infrastructure supports the autonomic deployment of services and the brokerage of hosts on which services may be deployed. Once deployed, services are autonomically managed in a number of aspects including load balancing, availability, failure detection and recovery, and lifetime management. Services are published and deployed with associated metadata describing the service type. This same metadata may be used subsequently by interested parties to discover services. The infrastructure uses peer-to-peer (P2P) overlay technologies to abstract over the underlying network to deploy and locate instances of those services. It takes advantage of the P2P network to replicate directory services used to locate service instances (for using a service), Service Hosts (for deployment of services) and Autonomic Managers which manage the deployed services. The P2P overlay network is itself constructed using novel Web Services-based middleware and a variation of the Chord P2P protocol, which is self-managing.Postprin

Generating a Family of Byzantine Tolerant Protocol Implementations Using a Meta-Model Architecture

We describe an approach to modelling a Byzantine tolerant distributed algorithm as a family of related finite state machines, generated from a single meta-model. Various artefacts are generated from each state machine, including diagrams and source-level protocol implementations. The approach allows a state machine formulation to be applied to problems for which it would not otherwise be suitable, increasing confidence in correctness.Comment: DSN 2007 Workshop on Architecting Dependable Systems, Edinburgh, Scotland. pp. 178-18

Deriving distributed garbage collectors from distributed termination algorithms

This thesis concentrates on the derivation of a modularised version of the DMOS distributed garbage collection algorithm and the implementation of this algorithm in a distributed computational environment. DMOS appears to exhibit a unique combination of attractive characteristics for a distributed garbage collector but the original algorithm is known to contain a bug and, previous to this work, lacks a satisfactory, understandable implementation. The relationship between distributed termination detection algorithms and distributed garbage collectors is central to this thesis. A modularised DMOS algorithm is developed using a previously published distributed garbage collector derivation methodology that centres on mapping centralised collection schemes to distributed termination detection algorithms. In examining the utility and suitability of the derivation methodology, a family of six distributed collectors is developed and an extension to the methodology is presented. The research work described in this thesis incorporates the definition and implementation of a distributed computational environment based on the ProcessBase language and a generic definition of a previously unimplemented distributed termination detection algorithm called Task Balancing. The role of distributed termination detection in the DMOS collection mechanisms is defined through a process of step-wise refinement. The implementation of the collector is achieved in two stages; the first stage defines the implementation of two distributed termination mappings with the Task Balancing algorithm; the second stage defines the DMOS collection mechanisms

Kinematic Differences Between Motorized and Nonmotorized Treadmill Locomotion

There are few scientific publications comparing human locomotion between motorized and nonmotorized treadmills. Lakomy (1987) and Gamble et al (1988) reported that forward lean is greater on a nonmotorized treadmill to aid in the generation of horizontal force necessary for belt propulsion, but there are no data concerning lower limb kinematics. During long-term spaceflight, astronauts use locomotive exercise to mitigate the physiological effects caused by long-term exposure to microgravity. A critical decision for mission planners concerns the requirements for a treadmill to be used during potential trips to the Moon and Mars. Treadmill operation in an un-powered configuration could reduce mission resource demands, but also may impact the efficacy of treadmill exercise countermeasures. To ascertain the most appropriate type of treadmill to be used, it is important to understand biomechanical differences between motorized (M) and nonmotorized (NM) locomotion. The purpose of this evaluation was to test for differences in lower limb kinematics that occur during M and NM treadmill locomotion at two speeds. It was hypothesized that hip and knee joint angle trajectories would differ between the conditions

Ground Reaction Forces and Gait Parameters during Motorized and Non-Motorized Treadmill Walking and Runing on the International Space Station Treadmill

Both motorized (T-M) and non-motorized (T-NM) treadmill locomotion are used on the International Space Station (ISS) as countermeasures to the deleterious effects of prolonged weightlessness. However, the ground reaction forces (GRF) and gait parameters of these exercise modes have not been examined. The purpose of this study was to determine if differences in GRF and gait parameters exist while walking (1.34 m/s) and running (3.13 m/s) on T-M and T-NM. Dissimilar GRF and gait parameters suggest that T-M and T-NM locomotion may elicit different physiologic effects. T-NM may result in a reduced stimulus to bone formation due to a lower LR, but an increased energy cost as a result of shorter, more frequent strides. Therefore, the usage of each mode should depend upon the desired training stimulus