Abstract
This paper presents a novel combination of known techniques for building a middleware which can support service replication in a hostile environment where a node can get corrupted and fail arbitrarily and message transfer delays cannot be accurately bounded. Using localised replication and output comparison, failarbitrary behaviour is reduced to fail-signal: the middleware process of a corrupted server site fails only by emitting a fail-signal, and eventually fails permanently. With this failure-mode, it is possible to avoid the FLP impossibility result which applies only for crash failures; specifically, the termination of a deterministic asynchronous order protocol can be guaranteed even if network delays fluctuate arbitrarily (due to network intrusions) for an indefinite period. We show how reduction to fail-signal is achieved and present a deterministic, message-ordering protocol. We then argue that several, well-known crash-tolerant order protocols can be re-used with little re-design within the proposed middleware.
A Middleware Architecture for Intrusion- and Fault-Tolerant Service Replication
In 2002 Workshop on Intrusion Tolerant Systems, held in association with the 2002 IEEE International Conference on Dependable Systems and Networks (DSN 2002), Washington DC, USA, 23-26 June 2002
pp C-6-1 - C-6-7
IEEE Computer Society Press, 2002
[Abstract]