State machine replication is a general approach for constructing fault-tolerant services, and a key protocol underlying state machine replication is consensus. The set of Byzantine failures is so large that it has been applied for masking the effects of compromised systems, and so Byzantine-tolerant consensus has been used to construct systems that are meant to ameliorate the effect of compromise (see [1] among others). In the Byzantine model, there is no trust among processes: any process can behave in an arbitrarily faulty manner. However, in multi-site systems, processes in the same administrative domain typically have a measure of mutual trust. This is because such processes share fate: for example, if a process in a domain is compromised, then other processes-perhaps all of them-can be compromised as well, and the local services they rely upon may be compromised. In [4], this observation was used to argue for the Mutually Suspicious Domain (MSD) model, in which there is mutual trust between processes in a domain, but no trust for inter-domain communication, i.e., processes within a domain must protect itself from possible uncivil behavior from processes in other domains. © 2011 Springer-Verlag.
Brief announcement: When you don't trust clients: Byzantine proposer fast Paxos / Keith, Marzullo; Hein, Meling; Mei, Alessandro. - STAMPA. - 6950 LNCS:(2011), pp. 143-144. (Intervento presentato al convegno 25th International Symposium on Distributed Computing, DISC 2011 tenutosi a Rome nel 20 September 2011 through 22 September 2011) [10.1007/978-3-642-24100-0_11].
Brief announcement: When you don't trust clients: Byzantine proposer fast Paxos
MEI, Alessandro
2011
Abstract
State machine replication is a general approach for constructing fault-tolerant services, and a key protocol underlying state machine replication is consensus. The set of Byzantine failures is so large that it has been applied for masking the effects of compromised systems, and so Byzantine-tolerant consensus has been used to construct systems that are meant to ameliorate the effect of compromise (see [1] among others). In the Byzantine model, there is no trust among processes: any process can behave in an arbitrarily faulty manner. However, in multi-site systems, processes in the same administrative domain typically have a measure of mutual trust. This is because such processes share fate: for example, if a process in a domain is compromised, then other processes-perhaps all of them-can be compromised as well, and the local services they rely upon may be compromised. In [4], this observation was used to argue for the Mutually Suspicious Domain (MSD) model, in which there is mutual trust between processes in a domain, but no trust for inter-domain communication, i.e., processes within a domain must protect itself from possible uncivil behavior from processes in other domains. © 2011 Springer-Verlag.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
