Concurrent Multipath Transferring in IP Networks: Two IP-level solutions for TCP and UDP

Having multiple network interfaces or gateways available, the Internet users can transfer their data through multiple paths to achieve load balancing, fault-tolerance, and more aggregate bandwidth. However, transferring the packets of the same flow over multiple paths with diverse delays could introduce reordering among the received packets at the destination. In TCP, fast-retransmit/recovery might mistake reordered packets for lost packets and hence degrades the throughput. In UDP, we require larger buffers to keep out-of-order received packets. In this thesis, we propose two approaches at the IP layer to address the reordering problem of TCP and UDP. In the case of TCP, the key observation is that the interleaved reception of the packets at the destination does not trigger the fast-retransmit/recovery mechanism, even though the packets are received reordered. Therefore, the IP layer who is in charge of alternating the packets among the multipath available paths needs to linger on the slower path for at least the delay difference between the paths. In the case of UDP, the proposed approach schedules the packets at the source to have them received in-order at the destination

Model Checking Tools for Software System Implementations

Systematic State Exploration or Model Checking techniques have been used for years to check the model of softwares against user-specified properties. Nevertheless, they never achieved a wide-spread usage because of the difficulties and problems in translating from the programming languages, which are used to develop the software, to the modeling language on which the model checker can work. Recently, there have been several efforts in direct state exploration of software system implementations. In this survey, we illustrate the challenges in this domain and explain the different solutions adopted by the state-of-the-art developed tools for state exploration of software systems. The focus of this paper in on the developed model checking tools for software systems, and it does not include solutions for unit testing and selecting the optimal test scenarios

Improving Independence of Failures in BFT

International audienceIndependence of failures is a basic assumption for the correctness of BFT protocols. In literature, this subject was addressed by providing N-version like abstractions. Though this can provide a good level of obfuscation against semantic- based attacks, if the replicas know each others identities then non-semantic attacks like DoS can still compromise all replicas together. In this paper, we address the obfuscation problem in a different way by keeping replicas unaware of each other. This makes it harder for attackers to sneak from one replica to another and reduces the impact of simultaneous attacks on all replicas. For this sake, we present a new obfuscated BFT protocol, called OBFT, where the replicas remain unaware of each other by exchanging their messages through the clients. Thus, OBFT assumes honest, but possibly crash-prone clients. We show that obfuscation in our context could not be achieved without this assumption, and we give possible applications where this assumption can be accepted. We evaluated our protocol on an Emulab cluster with a wide area topology. Our experiments show that the scalability and throughput of OBFT remain comparable to existing BFT protocols despite the obfuscation overhead

Model Checking a Networked System Without the Network

Current approaches to model checking distributed systems reduce the problem to that of model checking centralized systems: global states involving all nodes and communication links are systematically explored. The frequent changes in the network element of the global states lead however to a rapid state explosion and make it impossible to model check any non-trivial distributed system. We explore in this paper an alternative: a local approach where the network is ignored, a priori: only the local nodes' states are explored and in a separate manner. The set of valid system states is a subset of all combinations of the node local states and checking validity of such a combination is only performed a posteriori, in case of a possible bug. This approach drastically reduces the number of transitions executed by the model checker. It takes for example the classic global approach several minutes to explore the interleaving of messages in the celebrated Paxos distributed protocol even considering only three nodes and a single proposal. Our local approach explores the entire system state in a few seconds. Our local approach does clearly not eliminate the state exponential explosion problem. Yet, it postpones its manifestations till some deeper levels. This is already good enough for online testing tools that restart the model checker periodically from the current live state of a running system. We show for instance how this approach enables us to find two bugs in variants of Paxos

Local Model Checking

Current approaches to model checking distributed systems reduce the problem to that of model checking centralized systems: global states involving all nodes and communication links are systematically explored. The frequent changes in the network element of the global states lead however to a rapid state explosion and make it impossible to model check any non-trivial distributed system. We explore in this paper an alternative: a local approach where the network is ignored, a priori: only the local nodes’ states are explored and in a separate manner. The set of valid system states is a subset of all combinations of the node local states and checking validity of such a combination is only performed a posteriori, in case of a possible bug. This approach drastically reduces the number of transitions executed by the model checker. It takes for example the classic global approach several minutes to explore the interleaving of messages in the celebrated Paxos distributed protocol even considering only three nodes and a single proposal. Our local approach explores the entire system state in a few seconds. Our local approach does clearly not eliminate the state exponential explosion problem. Yet, it postpones its manifestations till some deeper levels. This is already good enough for online testing tools that restart the model checker periodically from the current live state of a running system. We show for instance how this approach enables us to find two bugs in variants of Paxos

The new face of East-West migration in Europe

In order to contextualise the papers in this special issue, this paper presents an overview and framework for understanding the importance of East–West migration in Europe associated with the EU enlargement process. The new patterns and forms of migration seen among East European migrants in the West—in terms of circular and temporary free movement, informal labour market incorporation, cultures of migration, transnational networks, and other phenomena documented in the following papers—illustrate the emergence of a new migration system in Europe. Textbook narratives, in terms of standard accounts of immigration, integration and citizenship based on models of post-colonial, guestworker and asylum migration, will need to be rethought. One particularly fertile source for this is the large body of theory and research developed in the study of Mexican–US migration, itself a part of a regional integration process of comparative relevance to the new European context. While the benefits of open migration from the East will likely triumph over populist political hostility, it is a system that may encourage an exploitative dual labour market for Eastern movers working in the West, as well as encouraging a more effective racial or ethnically-based closure to immigrants from South of the Mediterranean and further afield

Reducing Buffer Space in Multipath Schemes

One major drawback of multipath transferring schemes, which is inspired by the usage of different paths with diverse delays, is the emergence of reordering among packets of a flow. This reordering brings some substantial problems (like larger delay and buffer space) to the transport applications. In this paper, we present a novel UDP-based multipath scheme for in-order delivery to the receiver by scheduling of packets among multiple paths. This method imposes the minimum possible delay and a small buffer space on the receiver’s application. We theoretically prove the optimality of the proposed method. Finally, through simulation experiments, we show that the performance of our multipath method is comparable with the best-case one-path transmission with aggregated bandwidth

Trustful Cumulus Clouds

Cloud computing offers an appealing business model and it is tempting for companies to delegate their IT services to the cloud. Yet, a company might find it risky to do so for sensible services and to depend entirely on a single provider, which can be vulnerable and constitute a clearly identified target for attackers. We explore in this paper a replication approach where copies of the same IT service are placed on several (cumulus) clouds that are not only independent but actually unaware of each other. Replica consistency is ensured using CBFT, a new BFT protocol designed for wide area networks. CBFT uses a primary to handle contention among multiple client requests but shares the load of multi- casting and encrypting them among the clients. We evaluate CBFT on an Emulab cluster with a wide area topology and convey its scalability with respect to state of the art BFT protocols

DPOR-DS: Dynamic Partial Order Reduction in Distributed Systems

In this paper, we present DPOR-DS, an algorithm for dynamic partial order reduction in model checking of distributed systems. This work is inspired by the techniques introduced in the seminal work of DPOR which is designed for multi-threaded systems. Different characteristics between distributed systems and multi-threaded systems raises new challenges for implementing the idea in distributed system domain. By developing techniques to address those challenges, we prove the soundness and completeness of DPOR-DS. The performance of DPOR-DS is then compared to exhaustive search and state-of-the-art heuristics. The experimental results show that even though dynamic partial order reduction can alleviate the exponential explosion problem of state space exploration algorithms, the exponential growth still shows up after some certain steps