Proactive Resilience through Architectural Hybridization

Paulo Sousa, Nuno Ferreira Neves, Paulo VerĂ­ssimo

In Proceedings of the 2006 ACM Symposium on Applied Computing (SAC), Dijon, France, pages 686-690, April 2006.


In a recent work, we have shown that it is not possible to dependably build any type of distributed f fault or intrusion-tolerant system under the asynchronous model. This result follows from the fact that in an asynchronous environment one cannot guarantee that the system terminates its execution before the occurrence of more than the assumed number of faults. Some systems resorted to proactive recovery as a way to address this problem, by attempting to ensure that no more than f faults ever occur: nodes are periodically rejuvenated to remove the effects of faults or malicious attacks. However, asynchronous systems with proactive recovery also suffer from the same problem. In fact, proactive recovery protocols usually require stronger assumptions (e.g., synchrony, security) than the system that is proactively recovered. To solve this contradiction, we work with a hybrid distributed system model. We propose proactive resilience as a new and more resilient approach to proactive recovery, based on architectural hybridization: proactive recovery functions are encapsulated in architectural devices that meet the required stronger assumptions, and have a well-defined interface with the recovered system. We present the Proactive Resilience Model (PRM) and describe a design methodology under the PRM. This methodology is a way of building systems which guaranteedly do not suffer more than the assumed number of faults, and we use it to derive a distributed intrusion-tolerant secret sharing system.


    author = "P. Sousa and N. F. Neves and P. Ver\'{\i}ssimo",
    title = "Proactive Resilience through Architectural Hybridization",
    booktitle = "Proceedings of the 2006 ACM Symposium on Applied Computing (SAC)",
    year = "2006",
    pages = "686-690",
    month = apr

Extended Version

Download the pdf.