Paulo Sousa, Nuno Ferreira Neves, Paulo VerĂssimo
In Proceedings of the 2006 ACM Symposium
on Applied Computing (SAC),
In a recent work, we have
shown that it is not possible to dependably build any type of distributed f fault or intrusion-tolerant system
under the asynchronous model. This result follows from the fact that in an
asynchronous environment one cannot guarantee that the system terminates its
execution before the occurrence of more than the assumed number of faults. Some
systems resorted to proactive recovery as a way to address this problem, by
attempting to ensure that no more than f
faults ever occur: nodes are periodically rejuvenated to remove the effects of
faults or malicious attacks. However, asynchronous systems with proactive
recovery also suffer from the same problem. In fact, proactive recovery
protocols usually require stronger assumptions (e.g., synchrony, security) than
the system that is proactively recovered. To solve this contradiction, we work
with a hybrid distributed system model. We propose proactive resilience as a new and more resilient approach to
proactive recovery, based on architectural
hybridization: proactive recovery functions are encapsulated in
architectural devices that meet the required stronger assumptions, and have a
well-defined interface with the recovered system. We present the Proactive
Resilience Model (PRM) and describe a design methodology under the PRM. This
methodology is a way of building systems which guaranteedly
do not suffer more than the assumed number of faults, and we use it to derive a
distributed intrusion-tolerant secret sharing system.
@InProceedings{sousa06proactive,
author = "P. Sousa and N. F. Neves
and P. Ver\'{\i}ssimo",
title = "Proactive Resilience through Architectural
Hybridization",
booktitle = "Proceedings of
the 2006 ACM Symposium on Applied Computing (SAC)",
year = "2006",
pages = "686-690",
month = apr
}
Download the pdf.