Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Systems Research Group - FAU 1 Active Replication Pattern Ingrid Buckley Dept. of Computer Science and Engineering Florida Atlantic University Boca.

Published byMelinda Cummings Modified over 8 years ago

Similar presentations

Presentation on theme: "Secure Systems Research Group - FAU 1 Active Replication Pattern Ingrid Buckley Dept. of Computer Science and Engineering Florida Atlantic University Boca."— Presentation transcript:

1 Secure Systems Research Group - FAU 1 Active Replication Pattern Ingrid Buckley Dept. of Computer Science and Engineering Florida Atlantic University Boca Raton, FL, USA October 9, 2007

2 Secure Systems Research Group - FAU 2 Fault Tolerance A system that can mask the effects of a fault and continue operating correctly is said to be fault tolerant. Fault tolerance requires redundancy and diversity which are directly linked to reliability and supports availability in a system. Diversity in this sense speaks of having different versions of a function or system, where all versions have the same functionality. The integration of hardware and software fault tolerance to cope with the various kinds of faults that can appear in a software system is a good foundation towards achieving a fault tolerant system. There are several fault tolerance patterns that have already been written and support different levels of the system architecture. Our aim is to focus on hardware and software fault tolerant patterns.

3 Secure Systems Research Group - FAU 3 Introduction Dependability is that property of a system that allows one to rely on its service Dependability for critical systems is of utter importance in business and critical infrastructures such as hospitals, airport and the electricity grid of a country. Dependability is comprised of several pertinent aspects: Fault Tolerance Safety Availability Reliability

4 Secure Systems Research Group - FAU 4 Objectives To write a pattern for Active Replication technique

5 Secure Systems Research Group - FAU 5 Fault Tolerance Fault Tolerance patterns are a fairly new area in association with critical systems.The need for them has increased with the need to secure systems against failure caused accidentally or intentionally by attackers. Due to the diversity of attacks on different types of systems, it is highly important to have effective fault tolerance techniques. These techniques can be used to mitigate faults that may lead to a failure in a critical system. To prevent failures the following is required: –Detection - Detecting the occurrence of errors –Locating the unit or component where the error has occurred (diagnosis). –Masking- masking errors so as to prevent malfunctioning of the system if a fault occurs. –Containment of faults -Confine or delimit the effects of the error. –Recovery- Reconfigure the system to remove the faulty unit and erase the effects of the error.

6 Secure Systems Research Group - FAU 6 Active Replication Pattern Intent Active replication masks faultss in a system that can lead to error. It uses a set of processors that take in the same input and conduct independent and simultaneous processing of the input. The outputs from all replicas are compared to ascertain the correct output. Context Applications or critical systems that are deterministic and which can experience errors that are not related to the input they receives. The system should be able to experience errors that could lead failures.

7 Secure Systems Research Group - FAU 7 Problem How to mask errors in a system so as to avoid system failure. Some applications, in particular airline and health care systems require the masking of errors so as to avoid system failure that can lead to errors. How do we mask the occurrence of errors to avoid incorrect failures? The solution to this problem is affected by the following forces: –The input received by the system must be processed and deliver the designated output independently of whether an error occurs on the system. –The error-free execution of the system must suffer minimum time penalties. –The time penalty introduced by the solution in the presence of errors must be kept very low. –The system must be deterministic.

8 Secure Systems Research Group - FAU 8 Solution Use a set of processors which receive the same input and delivery order and conduct processing on their inputs independently and simultaneously. The output from each processor will be compared and the correct output will be selected and delivered to the system. Structure The Sender sends an input to the distributor and not directly to the system. The Distributor initializes all processors and delivers the same input to each respective processor for processing. Processor 1, Processor 2 and Processor 3 receive input from the distributor (Figure 2) and each performs the same operation on the input however they do so independently. All three processors deliver their output to the comparator (Figure 2) when they have completed processing on the input.

9 Secure Systems Research Group - FAU 9 Solution Structure The Comparator receives the outputs from the Processors and compares (e.g. Majority voting) on the three outputs [Oas07]. It selects one output and discards the processor that provided no output or an incorrect output that is, an output that is different from the one it selected as correct. The comparator delivers the correct output to the system. The System represents the protected application or environment that gets the correct output from the comparator.

10 Secure Systems Research Group - FAU 10 Figure 1: Class Diagram for the Active Replication pattern

11 Secure Systems Research Group - FAU 11 Solution Dynamics We describe the dynamic aspects of the Active Replication pattern using a sequence diagram for the use case “obtain the correct output from a set of equal inputs ”. UC: Obtain the correct output from a set of equal inputs (Figure 3): Summary: An input value needs to be processed correctly Actors: Sender, System, Distributor, Comparator, system, Replicate Processor, Processor 1, Processor 2, Processor 3 Description: The sender sends an input to the distributor. The distributor forwards the input to Processor1, Processor 2 and Processor 3 to process the input. Each processor processes the input independently and sends its output to the comparator. The comparator gets the output of each processor and compares the results using some algorithm. It then selects the correct output and delivers it to the system. If one of the processors delivered an incorrect output or no output at all; the comparator discards that processor. Post condition: The correct output is delivered to the system.

12 Secure Systems Research Group - FAU 12 Figure 2: Sequence Diagram illustrating UC: Obtain the correct output from a set of equal inputs

13 Secure Systems Research Group - FAU 13 Implementation To implement the Active Replication the following is required: 1.In order to deal with N simultaneous hardware errors 2N+1 processors are required for each error, and each processor must be mapped to a different unit of failure. Therefore in order to ensure that the processors are mapped to a different unit of failure, they could be created using different designs and hardware manufacturers. 2.The distributor must ensure that all processor receive exactly the same input in terms of content and delivery order. The comparator should be mapped to a different unit of failure from all the processors; so as to not have the comparator experience errors that can occur on the processors. 3.The comparator receives outputs from all processors and should use some algorithm (e.g. Majority voting) to determine the correct output. The comparator should be mapped to a different unit of failure from all the processors.

14 Secure Systems Research Group - FAU 14 Consequences The Active Replication pattern presents the following advantages: 1.The time overhead introduced in error-free system execution is low, because it amouts to the time it takes the comparator to select the correct output. 2.In the presence of errors the time overhead introduced is low; it amounts to 3.the time required by the comparator to select the correct output. 4.The design complexity introduced is relatively low, because the comparator and distributor have simple functionalities. 5.No synchronization overhead is incurred because the processors operate independently of each other. The pattern also has some possible liabilities: 1.The space overhead is high, because it takes 2N+1 processor to mask N errors [Sar02]. 2.The comparator and distributor must not experience errors that can occur on the processors. The comparator does not have error semantics [Sar02] like the processors. However the Fail-Stop processor pattern [Sar02] can be applied to these entities where they may experience errors. 3.The distributor and comparator introduces single points of failures in the system. They could be rendered fault tolerant by applying other fault tolerant patterns to them.

15 Secure Systems Research Group - FAU 15 Known Uses 1.Boeing 777[Boe90] airplane is manufactured by Boeing Commercial Airplanes commercial jetliner manufacturer. 2.Intel® Itanium® processor 9100[hp05] is an HP Integrity NS16200 Server.

16 Secure Systems Research Group - FAU 16 Related patterns The Active replication pattern is the enhancement of the Fail-Stop Processor pattern [Sar02].The Fail-Stop Processor pattern is used for masking errors that lead to Byzantine failure. The Object Group pattern [Maf96] is an object behavioral pattern for group communication and fault-tolerance in distributed systems. This pattern can be used can be used to dynamically manage and synchronize the processors.

17 Secure Systems Research Group - FAU 17 Conclusion New Fault Tolerance Patterns are necessary to provide dependability in distributed systems because many of the fault Tolerance patterns are very similar and do not provide a comprehensive support for errors that can lead to failure.

18 Secure Systems Research Group - FAU 18 References [Boe90]Boeing, “777 Family” http://www.boeing.com/defensespace/rotorcraft /index.html, 1990. [Maf96]S. Maffeis,“The Object Group Design Pattern”, Proceedings of the USENIX Conference on Object-Oriented Technologies, June, 1996. [Sar02] T. Saridakis, “A System of Patterns for Fault Tolerance”, Procs. of EuroPLoP http://hillside.net/europlop/HillsideEurope/Papers/EuroPLoP2002/2002_Saridakis_ASys temOfPatternsForFaultTolerance.pdf, 2002. [Oas07] OASIS, “Web Services Reliable Messaging (WS-Reliable Messaging) Version 1.1”, http://docs.oasis-open.org/ws-rx/wsrm/200702/wsrm-1.1-spec-os-01-e1.pdf, 2007. [Hp08] HP, http://h20223.www2.hp.com/NonStopComputing/cache/307953-0-0-0- 121.html

Download ppt "Secure Systems Research Group - FAU 1 Active Replication Pattern Ingrid Buckley Dept. of Computer Science and Engineering Florida Atlantic University Boca."

Similar presentations

An Overview of ABFT in cloud computing

An Overview of ABFT in cloud computing
Byzantine Generals. Outline r Byzantine generals problem.

Byzantine Generals. Outline r Byzantine generals problem.
Teaser - Introduction to Distributed Computing

Teaser - Introduction to Distributed Computing
Fault-Tolerant Systems Design Part 1.

Fault-Tolerant Systems Design Part 1.
11. Practical fault-tolerant system design Reliable System Design 2005 by: Amir M. Rahmani.

11. Practical fault-tolerant system design Reliable System Design 2005 by: Amir M. Rahmani.
LIFE CYCLE MODELS FORMAL TRANSFORMATION

LIFE CYCLE MODELS FORMAL TRANSFORMATION
REDUNDANT ARRAY OF INEXPENSIVE DISCS RAID. What is RAID ? RAID is an acronym for Redundant Array of Independent Drives (or Disks), also known as Redundant.

REDUNDANT ARRAY OF INEXPENSIVE DISCS RAID. What is RAID ? RAID is an acronym for Redundant Array of Independent Drives (or Disks), also known as Redundant.
3. Hardware Redundancy Reliable System Design 2010 by: Amir M. Rahmani.

3. Hardware Redundancy Reliable System Design 2010 by: Amir M. Rahmani.
Making Services Fault Tolerant

Making Services Fault Tolerant
CS 582 / CMPE 481 Distributed Systems Fault Tolerance.

CS 582 / CMPE 481 Distributed Systems Fault Tolerance.
Presented By: Vinay Kumar.  At the time of invention, Internet was just accessible to a small group of pioneers who wanted to make the network work.

Presented By: Vinay Kumar.  At the time of invention, Internet was just accessible to a small group of pioneers who wanted to make the network work.
2. Introduction to Redundancy Techniques Redundancy Implies the use of hardware, software, information, or time beyond what is needed for normal system.

2. Introduction to Redundancy Techniques Redundancy Implies the use of hardware, software, information, or time beyond what is needed for normal system.
2/23/2009CS50901 Implementing Fault-Tolerant Services Using the State Machine Approach: A Tutorial Fred B. Schneider Presenter: Aly Farahat.

2/23/2009CS50901 Implementing Fault-Tolerant Services Using the State Machine Approach: A Tutorial Fred B. Schneider Presenter: Aly Farahat.
Reliability on Web Services Pat Chan 31 Oct 2006.

Reliability on Web Services Pat Chan 31 Oct 2006.
7. Fault Tolerance Through Dynamic or Standby Redundancy 7.5 Forward Recovery Systems Upon the detection of a failure, the system discards the current.

7. Fault Tolerance Through Dynamic or Standby Redundancy 7.5 Forward Recovery Systems Upon the detection of a failure, the system discards the current.
Developing Dependable Systems CIS 376 Bruce R. Maxim UM-Dearborn.

Developing Dependable Systems CIS 376 Bruce R. Maxim UM-Dearborn.
1 Making Services Fault Tolerant Pat Chan, Michael R. Lyu Department of Computer Science and Engineering The Chinese University of Hong Kong Miroslaw Malek.

1 Making Services Fault Tolerant Pat Chan, Michael R. Lyu Department of Computer Science and Engineering The Chinese University of Hong Kong Miroslaw Malek.
Page 1 Copyright © 2002-2010 Alexander Allister Shvartsman CSE 6510 (461) Fall 2010 Selected Notes on Fault-Tolerance (12) Alexander A. Shvartsman Computer.

Page 1 Copyright © Alexander Allister Shvartsman CSE 6510 (461) Fall 2010 Selected Notes on Fault-Tolerance (12) Alexander A. Shvartsman Computer.
Department of Computer Science & Engineering College of Engineering Dr. Betty H.C. Cheng, Laura A. Campbell, Sascha Konrad The demand for distributed real-time.

Department of Computer Science & Engineering College of Engineering Dr. Betty H.C. Cheng, Laura A. Campbell, Sascha Konrad The demand for distributed real-time.
Secure Systems Research Group - FAU 1 SCADA Software Architecture Meha Garg Dept. of Computer Science and Engineering Florida Atlantic University Boca.

Secure Systems Research Group - FAU 1 SCADA Software Architecture Meha Garg Dept. of Computer Science and Engineering Florida Atlantic University Boca.

Similar presentations

Ads by Google