Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 The Case for Byzantine Fault Detection. 2 Challenge: Byzantine faults Distributed systems are subject to a variety of failures and attacks Hacker break-in.

Published byEden Pettyjohn Modified over 9 years ago

Similar presentations

Presentation on theme: "1 The Case for Byzantine Fault Detection. 2 Challenge: Byzantine faults Distributed systems are subject to a variety of failures and attacks Hacker break-in."— Presentation transcript:

1 1 The Case for Byzantine Fault Detection

2 2 Challenge: Byzantine faults Distributed systems are subject to a variety of failures and attacks Hacker break-in Freeloading Censorship Data corruption Software/hardware failure Byzantine failure model: Faulty nodes may exhibit arbitrary behavior Dependable systems must be protected against Byzantine faults

3 3 Existing approach: Fault tolerance Byzantine fault tolerance (BFT) can mask a limited number of Byzantine faults Example: Castro and Liskov [OSDI'99] Client Server replicas

4 4 Alternative approach: Fault detection Nodes monitor each other for faulty behavior When a fault occurs, the correct nodes identify the faulty node(s) distribute evidence of the fault Nodes can isolate the faulty node + initiate recovery Byzantine Fault Detection

5 5 Alternative approach: Fault detection Nodes monitor each other for faulty behavior When a fault occurs, the correct nodes identify the faulty node(s) distribute evidence of the fault Nodes can isolate the faulty node + initiate recovery D C B A E Set X=5 D C A E D C B A E OK X=? X=7 E: X=5  7! B

6 6 Level3 Best approach depends on the application Best-effort service Goal: Find faulty components Wide-area delays, limited bandwidth, many nodes Air traffic control Inter-domain routing Failures may be fatal! Goal: Mask fault symptoms Delays negligible, bandwidth plentiful, few nodes Machine room AT&T Sprint Typical application for Fault DetectionTypical application for Fault Tolerance

7 7 Detection can provide accountability In an accountable system: Actions are undeniable State is tamper-evident Correctness can be certified Good nodes can provide evidence that they are good Bad nodes cannot hide evidence of misbehavior Proven concept in society Banking, administration... Desirable for distributed systems [Yumerefendi05] Example: Building trust in federated systems

8 8 What about performance? If up to f nodes can be faulty, we need f+1 replicas to guarantee detection (fault tolerance: 3f+1) More throughput using the same resources Works even when >33% of the nodes can become faulty Detection can defer overhead to periods of low load System can deliver high peak throughput Detection does not require consensus Potentially less expensive than BFT

9 9 Outline Introduction BFD abstraction PeerReview algorithm Conclusion

10 10 How is BFD used? Each correct node has state machine + detector Detector can inspect all messages at its local node When detector observes a fault on another node, it informs its local application, and it provides evidence of the fault to other detectors ? Application State machine Detector Network Node X is faulty! No assumptions about faulty nodes

11 11 Only observable faults can be detected Two classes of observable faults: Detectable faultiness: Node breaks the protocol Detectable ignorance: Node refuses to respond As long as the faulty node continues to follow the protocol, BFD cannot detect this! Set X=5 OK Get X 5 ABC Correct Set X=5 OK Get X ABC Set X=5 OK Get X 7 ABC Detectably ignorant Detectably faulty

12 12 BFD can give strong guarantees Three types of detector output Trusted, suspected, exposed Strong completeness "No false negatives" Strong accuracy "No false positives" Precise definitions are in the paper Trusted Suspected Exposed

13 13 Outline Introduction BFD abstraction PeerReview algorithm Conclusion

14 14 Assumptions 1. Protocol can be modeled as a deterministic state machine 2. Each node has a strong identity, as well as a public/private keypair for signing messages 3. The faulty nodes cannot  prevent two correct nodes from communicating  break the cryptographic keys

15 15 Secure logging All messages are signed and acknowledged Each node keeps a log of all local inputs and outputs Nodes must commit to the contents of their log Log is tamper-evident [Maniatis02] Rcv(A, "Set X=5") Send(A, "Okay") Rcv(C, "Get X") Send(C, "5") Snd(B, "Set X=5") Rcv(B, "Okay") Snd(B, "Get X") Rcv(B, "5") B's log A B C

16 16 Detecting ignorance If a node refuses to acknowledge a message Send message as evidence to other nodes Correct nodes will challenge the ignorant node to prove that its log contains a 'Rcv' entry for that message A correct node can always respond Rcv(A, "Set X=5") Send(A, "Okay") Recv(C, "Get X") A B C

17 17 Detecting faultiness Nodes can audit each other's log at any time Auditors replay input in the log, compare output If a divergence is detected Send log as evidence to other nodes Other nodes can repeat the same procedure to check whether the node is really faulty (no he-said-she-said!) Rcv(A, "Set X=5") Send(A, "Okay") Rcv(B, "Get X") Send(B, "7") A B C B' Rcv(A, "Set X=5") Send(A, "Okay") Rcv(B, "Get X") Send(B, "5") State machine B is expected to run Rcv(A, "Set X=5") Send(A, "Okay") Rcv(B, "Get X") Send(B, "7") Snap- shots

18 18 Summary New approach: Byzantine Fault Detection Alternative to fault tolerance Provides accountability Fault Detection can give strong guarantees Eventual strong accuracy and completeness Early results indicate Fault Detection is practical Example: PeerReview algorithm

Download ppt "1 The Case for Byzantine Fault Detection. 2 Challenge: Byzantine faults Distributed systems are subject to a variety of failures and attacks Hacker break-in."

Similar presentations

Impossibility of Distributed Consensus with One Faulty Process

Impossibility of Distributed Consensus with One Faulty Process
Chapter 8 Fault Tolerance

Chapter 8 Fault Tolerance
Byzantine Generals. Outline r Byzantine generals problem.

Byzantine Generals. Outline r Byzantine generals problem.
Agreement: Byzantine Generals UNIVERSITY of WISCONSIN-MADISON Computer Sciences Department CS 739 Distributed Systems Andrea C. Arpaci-Dusseau Paper: “The.

Agreement: Byzantine Generals UNIVERSITY of WISCONSIN-MADISON Computer Sciences Department CS 739 Distributed Systems Andrea C. Arpaci-Dusseau Paper: “The.
BASIC BUILDING BLOCKS -Harit Desai. Byzantine Generals Problem If a computer fails, –it behaves in a well defined manner A component always shows a zero.

BASIC BUILDING BLOCKS -Harit Desai. Byzantine Generals Problem If a computer fails, –it behaves in a well defined manner A component always shows a zero.
Brewer’s Conjecture and the Feasibility of Consistent, Available, Partition-Tolerant Web Services Authored by: Seth Gilbert and Nancy Lynch Presented by:

Brewer’s Conjecture and the Feasibility of Consistent, Available, Partition-Tolerant Web Services Authored by: Seth Gilbert and Nancy Lynch Presented by:
Accountable systems or how to catch a liar? Jinyang Li (with slides from authors of SUNDR and PeerReview)

Accountable systems or how to catch a liar? Jinyang Li (with slides from authors of SUNDR and PeerReview)
Failure Detection The ping-ack failure detector in a synchronous system satisfies – A: completeness – B: accuracy – C: neither – D: both.

Failure Detection The ping-ack failure detector in a synchronous system satisfies – A: completeness – B: accuracy – C: neither – D: both.
CSE331: Introduction to Networks and Security Lecture 22 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 22 Fall 2002.
Distributed Systems Overview Ali Ghodsi

Distributed Systems Overview Ali Ghodsi
SecureMR: A Service Integrity Assurance Framework for MapReduce Wei Wei, Juan Du, Ting Yu, Xiaohui Gu North Carolina State University, United States Annual.

SecureMR: A Service Integrity Assurance Framework for MapReduce Wei Wei, Juan Du, Ting Yu, Xiaohui Gu North Carolina State University, United States Annual.
LADIS workshop (Oct 11, 2009) A Case for the Accountable Cloud Andreas Haeberlen MPI-SWS.

LADIS workshop (Oct 11, 2009) A Case for the Accountable Cloud Andreas Haeberlen MPI-SWS.
P. Kouznetsov, 2006 Abstracting out Byzantine Behavior Peter Druschel Andreas Haeberlen Petr Kouznetsov Max Planck Institute for Software Systems.

P. Kouznetsov, 2006 Abstracting out Byzantine Behavior Peter Druschel Andreas Haeberlen Petr Kouznetsov Max Planck Institute for Software Systems.
CSE 486/586, Spring 2013 CSE 486/586 Distributed Systems Byzantine Fault Tolerance --- 2 Steve Ko Computer Sciences and Engineering University at Buffalo.

CSE 486/586, Spring 2013 CSE 486/586 Distributed Systems Byzantine Fault Tolerance Steve Ko Computer Sciences and Engineering University at Buffalo.
The Byzantine Generals Problem Boon Thau Loo CS294-4.

The Byzantine Generals Problem Boon Thau Loo CS294-4.
Byzantine Generals Problem: Solution using signed messages.

Byzantine Generals Problem: Solution using signed messages.
1 Attested Append-Only Memory: Making Adversaries Stick to their Word Byung-Gon Chun (ICSI) October 15, 2007 Joint work with Petros Maniatis (Intel Research,

1 Attested Append-Only Memory: Making Adversaries Stick to their Word Byung-Gon Chun (ICSI) October 15, 2007 Joint work with Petros Maniatis (Intel Research,
Yee Jiun Song Cornell University. CS5410 Fall 2008.

Yee Jiun Song Cornell University. CS5410 Fall 2008.
1 Principles of Reliable Distributed Systems Lecture 3: Synchronous Uniform Consensus Spring 2006 Dr. Idit Keidar.

1 Principles of Reliable Distributed Systems Lecture 3: Synchronous Uniform Consensus Spring 2006 Dr. Idit Keidar.
CS 582 / CMPE 481 Distributed Systems Fault Tolerance.

CS 582 / CMPE 481 Distributed Systems Fault Tolerance.

Similar presentations

Ads by Google