Architecture and Execution Model for a Survivable Workflow Transaction Infrastructure

We present a novel architecture and execution model for an infrastructure supporting fault-tolerant, long-running distributed applications spanning multiple administrative domains. Components for both transaction processing and persistent state are replicated across multiple servers, en-suring that applications continue to function correctly de-spite arbitrary (Byzantine) failure of a bounded number of servers. We give a formal model of application execution, based on atomic execution steps, linearizability and a sep-aration between data objects and transactions that act on them. The architecture is designed for robust interoperability across domains, in an open and shared Internet computing infrastructure. A notable feature supporting cross-domain applications is that they may declare invariant constraints between data objects and furthermore declare dependencies on constraints maintained by other applications, leading to flexible, incidental atomicity between applications. The ar-chitecture is highly evolvable, maintaining system availabil-ity and integrity during upgrades to both application com-ponents and the system software itself

Perpetual: Byzantine Fault Tolerance for Federated Distributed Applications

Modern distributed applications rely upon the functionality of services from multiple providers. Mission-critical services, possibly shared by multiple applications, must be replicated to guarantee correct execution and availability in spite of arbitrary (Byzantine) faults. Furthermore, shared services must enforce strict fault isolation policies to prevent cascading failures across organizational and application boundaries. Most existing protocols for Byzantine fault-tolerant execution do not support interoperability between replicated services while others provide poor fault isolation. Moreover, existing protocols place impractical limitations on application development by disallowing long-running threads of computation, asynchronous operation invocation, and asynchronous request processing. We present Perpetual, a protocol that facilitates unrestricted interoperability between replicated services while enforcing strict fault isolation criteria. Perpetual supports both asynchronous operation invocation and asynchronous request processing. Perpetual also supports long-running threads of computation, enabling Byzantine fault-tolerant execution of services that carry out active computations. We present performance evaluations demonstrating a moderate overhead due to replication

Preserving Performance of Byzantine Fault Tolerant Replica Groups in the Presence of Malicious Clients

The Castro and Liskov Byzantine Fault Tolerance protocol for replicated state machines (CLBFT) provides a practical means of tolerating arbitrary replica failures in replicated passive data servers. For better performance, CLBFT uses Message Authentication Codes (MAC) instead of public Key cryptography to authenticate messages and preserves replica consistency even in the presence of malicious clients. However, CLBFT is susceptible to potential attacks by malicious clients using corrupted MACs to force replica groups into expensive configuration changes repeatedly. While not affecting correctness, this vulnerability can seriously impair the performance of the replica group. We propose modifications to CLBFT that address this problem. We identify two key forms of attacks and present a viable solution to each