Distributed Protocols and Heterogeneous Trust: Technical Report

The robustness of distributed systems is usually phrased in terms of the number of failures of certain types that they can withstand. However, these failure models are too crude to describe the different kinds of trust and expectations of participants in the modern world of complex, integrated systems extending across different owners, networks, and administrative domains. Modern systems often exist in an environment of heterogeneous trust, in which different participants may have different opinions about the trustworthiness of other nodes, and a single participant may consider other nodes to differ in their trustworthiness. We explore how to construct distributed protocols that meet the requirements of all participants, even in heterogeneous trust environments. The key to our approach is using lattice-based information flow to analyse and prove protocol properties. To demonstrate this approach, we show how two earlier distributed algorithms can be generalized to work in the presence of heterogeneous trust: first, Heterogeneous Fast Consensus, an adaptation of the earlier Bosco Fast Consensus protocol; and second, Nysiad, an algorithm for converting crash-tolerant protocols to be Byzantine-tolerant. Through simulations, we show that customizing a protocol to a heterogeneous trust configuration yields performance improvements over the conventional protocol designed for homogeneous trust.

[1]  B. Lampson,et al.  Authentication in distributed systems: theory and practice , 1991, TOCS.

[2]  Richard D. Schlichting,et al.  Fail-stop processors: an approach to designing fault-tolerant computing systems , 1983, TOCS.

[3]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[4]  Leslie Lamport,et al.  Fast Paxos , 2006, Distributed Computing.

[5]  Juan A. Garay,et al.  A Continuum of Failure Models for Distributed Computing , 1992, WDAG.

[6]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[7]  Jon Postel,et al.  DOD standard transmission control protocol , 1980, CCRV.

[8]  Andrew C. Myers,et al.  Protecting privacy using the decentralized label model , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[9]  Andrew C. Myers,et al.  Decentralized robustness , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[10]  Michael K. Reiter,et al.  Byzantine quorum systems , 1997, STOC '97.

[11]  Achour Mostéfaoui,et al.  Consensus in One Communication Step , 2001, PaCT.

[12]  David Walker,et al.  Static typing for a faulty lambda calculus , 2006, ICFP '06.

[13]  Sam Toueg,et al.  Asynchronous consensus and broadcast protocols , 1985, JACM.

[14]  Nancy A. Lynch,et al.  Reliable communication over unreliable channels , 1994, JACM.

[15]  Kimberly M. Christopherson The positive and negative implications of anonymity in Internet social interactions: "On the Internet, Nobody Knows You're a Dog" , 2007, Comput. Hum. Behav..

[16]  Wei-Pang Yang,et al.  Byzantine Agreement in the Presence of Mixed Faults on Processors and Links , 1998, IEEE Trans. Parallel Distributed Syst..

[17]  Leslie Lamport,et al.  The part-time parliament , 1998, TOCS.

[18]  Andrew C. Myers,et al.  A Language-Based Approach to Secure Quorum Replication , 2014, PLAS@ECOOP.

[19]  Jens Palsberg,et al.  Trust in the λ-calculus , 1995, Journal of Functional Programming.

[20]  Michael Dahlin,et al.  BAR fault tolerance for cooperative services , 2005, SOSP '05.

[21]  Andrew C. Myers,et al.  Secure program partitioning , 2002, TOCS.

[22]  Andrew C. Myers,et al.  Using replication and partitioning to build secure distributed systems , 2003, 2003 Symposium on Security and Privacy, 2003..

[23]  Robert S. Boyer,et al.  A Mechanical Proof of the Unsolvability of the Halting Problem , 1984, JACM.

[24]  Danfeng Zhang,et al.  Toward general diagnosis of static errors , 2014, POPL.

[25]  Robbert van Renesse,et al.  Bosco: One-Step Byzantine Asynchronous Consensus , 2008, DISC.

[26]  Andrew C. Myers,et al.  Making Distributed Computation Secure by Construction , 2007 .

[27]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[28]  Keith Marzullo,et al.  Replication Predicates for Dependent-Failure Algorithms , 2005, Euro-Par.

[29]  Keith Marzullo,et al.  Designing Algorithms for Dependent Process Failures , 2003, Future Directions in Distributed Computing.

[30]  Siddhartha Sen,et al.  On the price of equivocation in byzantine agreement , 2012, PODC '12.

[31]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[32]  Mark Bickford,et al.  Nysiad: Practical Protocol Transformation to Tolerate Byzantine Failures , 2008, NSDI.

[33]  Simon N. Foley A taxonomy for information flow policies and models , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[34]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[35]  Dhiraj K. Pradhan,et al.  Consensus With Dual Failure Modes , 1991, IEEE Trans. Parallel Distributed Syst..

[36]  Danny Dolev,et al.  Distributed computing meets game theory: robust mechanisms for rational secret sharing and multiparty computation , 2006, PODC '06.

[37]  Andrew C. Myers,et al.  End-to-end availability policies and noninterference , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[38]  Stephen Chong Expressive and Enforceable Information Security Policies , 2008 .

[39]  Robbert van Renesse,et al.  Making Distributed Applications Robust , 2007, OPODIS.