Fireflies: scalable support for intrusion-tolerant network overlays

This paper describes and evaluates Fireflies, a scalable protocol for supporting intrusion-tolerant network overlays. While such a protocol cannot distinguish Byzantine nodes from correct nodes in general, Fireflies provides correct nodes with a reasonably current view of which nodes are live, as well as a pseudo-random mesh for communication. The amount of data sent by correct nodes grows linearly with the aggregate rate of failures and recoveries, even if provoked by Byzantine nodes. The set of correct nodes form a connected submesh; correct nodes cannot be eclipsed by Byzantine nodes. Fireflies is deployed and evaluated on PlanetLab.

[1]  F. Harary THE MAXIMUM CONNECTIVITY OF A GRAPH. , 1962, Proceedings of the National Academy of Sciences of the United States of America.

[2]  B. Bollobás The evolution of random graphs , 1984 .

[3]  P. Erdos,et al.  On the evolution of random graphs , 1984 .

[4]  Doug Terry,et al.  Epidemic algorithms for replicated database maintenance , 1988, OPSR.

[5]  A secure group membership protocol , 1994, IEEE Symposium on Security and Privacy.

[6]  Robbert van Renesse,et al.  A Gossip-Style Failure Detection Service , 2009 .

[7]  Idit Keidar,et al.  Scalable group membership services for novel applications , 1997, Networks in Distributed Computing.

[8]  Louise E. Moser,et al.  The SecureRing protocols for securing group communication , 1998, Proceedings of the Thirty-First Hawaii International Conference on System Sciences.

[9]  Yishay Mansour,et al.  On diffusing updates in a Byzantine environment , 1999, Proceedings of the 18th IEEE Symposium on Reliable Distributed Systems.

[10]  F. Chung,et al.  The Diameter of Random Sparse Graphs , 2000 .

[11]  Keith Marzullo,et al.  Gossip versus Deterministically Constrained Flooding on Small Networks , 2000, DISC.

[12]  Ben Y. Zhao,et al.  OceanStore: an architecture for global-scale persistent storage , 2000, SIGP.

[13]  Anne-Marie Kermarrec,et al.  SCAMP: Peer-to-Peer Lightweight Membership Service for Large-Scale Group Communication , 2001, Networked Group Communication.

[14]  A. Rbnyi ON THE EVOLUTION OF RANDOM GRAPHS , 2001 .

[15]  Fan Chung Graham,et al.  The Diameter of Sparse Random Graphs , 2001, Adv. Appl. Math..

[16]  Abhinandan Das,et al.  SWIM: scalable weakly-consistent infection-style process group membership protocol , 2002, Proceedings International Conference on Dependable Systems and Networks.

[17]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[18]  Robert Tappan Morris,et al.  Security Considerations for Peer-to-Peer Distributed Hash Tables , 2002, IPTPS.

[19]  Miguel Castro,et al.  Secure routing for structured peer-to-peer overlay networks , 2002, OSDI '02.

[20]  Jacob R. Lorch,et al.  Farsite: federated, available, and reliable storage for an incompletely trusted environment , 2002, OSDI '02.

[21]  Yaron Minsky,et al.  Set reconciliation with nearly optimal communication complexity , 2003, IEEE Trans. Inf. Theory.

[22]  Anne-Marie Kermarrec,et al.  Probabilistic Reliable Dissemination in Large-Scale Systems , 2003, IEEE Trans. Parallel Distributed Syst..

[23]  Anjali Gupta,et al.  One Hop Lookups for Peer-to-Peer Overlays , 2003, HotOS.

[24]  Rodrigo Rodrigues,et al.  When Multi-Hop Peer-to-Peer Routing Matters , 2003 .

[25]  Anjali Gupta,et al.  Efficient Routing for Peer-to-Peer Overlays , 2004, NSDI.

[26]  Robbert van Renesse,et al.  P6P: A Peer-to-Peer Approach to Internet Infrastructure , 2004, IPTPS.

[27]  Rodrigo Rodrigues,et al.  When Multi-hop Peer-to-Peer Lookup Matters , 2004, IPTPS.

[28]  M. V. Steen,et al.  Inexpensive Membership Management for Unstructured P 2 P Overlays , 2004 .

[29]  Idit Keidar,et al.  Exposing and eliminating vulnerabilities to denial of service attacks in secure gossip-based multicast , 2004, International Conference on Dependable Systems and Networks, 2004.

[30]  Scalable Byzantine Agreement , 2004 .

[31]  Miguel Castro,et al.  Defending against eclipse attacks on overlay networks , 2004, EW 11.

[32]  Margo I. Seltzer,et al.  Evaluating DHT-Based Service Placement for Stream-Based Overlays , 2005, IPTPS.

[33]  Vinay S. Pai,et al.  Chainsaw: Eliminating Trees from Overlay Multicast , 2005, IPTPS.

[34]  Scott Shenker,et al.  Overcoming the Internet impasse through virtualization , 2005, Computer.

[35]  Miguel Castro,et al.  Vigilante: end-to-end containment of internet worms , 2005, SOSP '05.

[36]  Maarten van Steen,et al.  CYCLON: Inexpensive Membership Management for Unstructured P2P Overlays , 2005, Journal of Network and Systems Management.

[37]  Jon Howell,et al.  Byzantine Fault Isolation in the Farsite Distributed File System , 2006, IPTPS.

[38]  Scott Shenker,et al.  Group Therapy for Systems: Using Link Attestations to Manage Failures , 2006, IPTPS.