基于门限签名方案的BQS系统的服务器协议

利用冗余复制技术,BQS(Byzantine quorum system)系统在异步信道上提供了能容忍f台服务器拜占庭失效的存储服务.COCA系统和CODEX系统设计了一种结合门限签名方案和BQS系统的服务器协议,完成了TSS-BQS(threshold signature schemes-BQS)系统.与普通BQS系统相比,具有更易于支持Proactive Recovery,简化客户端密钥管理和客户端通信的优点.基于相同的系统模型和信道假设,提出了一种新的服务器协议,满足TSS-BQS系统的安全要求;而且与已有协议相比,该协议只需更少的通信轮数,在读/写并发情况下执行效果 更优.     

分布式Byzantine容错系统研究进展

由于网络攻击的经济利益驱动和信息系统复杂性的不断增加,网络安全事件和代码缺陷也日益增多,导致信息系统出现各种错误、甚至被攻击者完全控制.Byzantine错误,又称为任意错误,是所有错误中最为严重的一种.分布式Byzantine容错系统由多台独立运行的服务器组成,能够容忍一定数量部件的Byzantine错误,在错误情况下仍然能提供正确服务.本文对现有代表性的Byzantine容错系统进行介绍和总结,讨论了Byzantine容错系统的技术发展.     

分布式存储方案的设计与研究

针对基于纠删码的分布式存储方法中信息分割算法IDA在运算中涉及构造拆分矩阵,计算开销大,且单纯基于纠删码的方案无法确保所存储数据的完整性、机密性等特性,只能够容忍系统中存在的良性故障,无法容忍入侵者的恶意入侵.提出了分布式系统中一种基于Tomado码的浏览器-服务器工作模式的数据存储方案.在数据写入过程中通过构造编码后数据分块的Hash值级联(即数字指纹),并与每个数据分块一起分布在存储服务器集中的不同服务器中,当需要读出时对分块及数据指纹进行验证,然后利用Tomado译码方法恢复原始文件,即可实现Byzantine环境数据的完整性保护,并提高了系统的容错能力.     

纠错码拜占庭容错Quorum中错误检测机制

摘要在大规模存储系统中，拜占庭存储节点的容错显得越来越重要。传统拜占庭Quorum通过复制可以容忍拜占庭失效，但是它们有两个主要缺点：低的存储空间利用率和静态quorum参数。我们提出纠错码拜占庭容错Quorum（Erasure-code Byzantine Fault-tolerance Quorum, E-BFQ），E-BFQ采用纠错码作为冗余策略，可以提供高可靠性，同时比复制占用更少存储空间。通过客户端读／写操作和管理器诊断操作，E-BFQ可以检测拜占庭节点，动态调整系统规模和故障闽值。结果显示本文方法可以达到动态调整的目的。     

入侵容忍技术在Web服务器系统的应用

结合入侵容忍通用模型SITAR和分散选举技术,提出了一个具有入侵容忍特性的Web服务器系统.在设计中应用了多代理、多样性、冗余等技术,在响应的一致性协商过程参考Byzantine容错算法,并引入Hash算法和加密技术,加强系统的安全,提高运行效率.     

分布式存储方案的设计与研究

针对基于纠删码的分布式存储方法中信息分割算法IDA在运算中涉及构造拆分矩阵,计算开销大,且单纯基于纠删码的方案无法确保所存储数据的完整性、机密性等特性,只能够容忍系统中存在的良性故障,无法容忍入侵者的恶意入侵。提出了分布式系统中一种基于Tornado码的浏览器-服务器工作模式的数据存储方案。在数据写入过程中通过构造编码后数据分块的Hash值级联（即数字指纹）,并与每个数据分块一起分布在存储服务器集中的不同服务器中,当需要读出时对分块及数据指纹进行验证,然后利用Tornado译码方法恢复原始文件,即可实现Byzantine环境数据的完整性保护,并提高了系统的容错能力。     

大规模集群中一种自适应可扩展的RPC超时机制

在基于RPC(remote produce call)构建的分布式系统中,超时是一种通用的失效检测手段.在超大规模Lustre存储集群的压力测试中,发现传统的固定超时机制会导致很多不必要的超时而存在缺陷.提出了一种综合考虑了网络条件、服务器负载、扩展性和性能等因素的自适应可扩展的RPC超时机制(Adaptive Scalable RPC Timeout mechanism,简称AST).在其控制下,客户端超时值可以根据网络和服务器的拥塞情况动态地调整设置,而且服务器可以通过额外消息传递通知客户端修改原超时值.经过一系列的模拟和验证,其结果表明,AST是一种更适合的RPC失效检测模型,增强了系统的响应性、可靠性和稳定性,而且对系统的性能没有过大的负面影响.     

移动数据库中基于Agent的缓存一致性策略

在移动客户端建立缓存可以提高移动数据库系统的性能,也会带来服务器上的数据和缓存中的数据不一致的问题.针对这一问题,文中分析了已有解决方案的不足,建立了基于Agent的缓存系统模型.在此基础上提出一种缓存管理方案,充分考虑了移动环境的特点,对移动客户端进行分组管理,利用Agent 技术解决了缓存失效问题.最后将该策略与传统经典策略进行分析比较,通过模拟实验表明该原型相对于传统缓存失效解决方案具有更好的性能.     

基于信用分级的PBFT共识算法改进方案

针对现有实用拜占庭容错算法（PBFT）在联盟链应用场景下存在扩展性差,通信开销大,效率低等问题,提出了一种基于信用分级的拜占庭容错共识算法,即CLBFT （Credit-Layered Byzantine Fault Tolerance）.在PBFT基础上,制定节点信用积分规则.提出一种基于信用等级划分的机制,把节点划分成4类,增强可信节点的主动性,减少异常节点的参与,达到系统良好运行的目的.实验结果表明,在长期运行状态下,CLBFT明显减少了通信开销,提高了系统效率.     

一类不确定切换系统的容错控制与极点配置

分析一类非线性不确定切换系统的容错控制与基于状态反馈的极点配置。系统包含有界未知结构的不确定性和未知非线性项。在各子系统不稳定的前提下,设计切换系统的状态反馈控制器,基于Lyapunov稳定性理论和LMI方法,保证在任意切换下不确定系统在传感器和执行器同时失效情况下具有鲁棒容错控制性能的充分条件。在此基础上研究该系统的极点配置在左半复平面选定圆域内以理想速度渐近衰减。文中得到了容错控制切换系统可状态反馈镇定的充分条件,然后用易于求解的线性矩阵不等式形式给出结果,最后通过仿真验证所设计的切换系统的极点配置在圆域内,在状态反馈控制器下渐近稳定。     

Consensus when all processes may be Byzantine for some time

Among all classes of faults, Byzantine faults form the most general modeling of value faults. Traditionally, in the Byzantine fault model, faults are statically attributed to a set of up to t processes. This, however, implies that in this model a process at which a value fault occurs is forever “stigmatized” as being Byzantine, an assumption that might not be acceptable for long-lived systems, where processes need to be reintegrated after a fault.We thus consider a model where Byzantine processes can recover in a predefined recovery state, and show that consensus can be solved in such a model. Our model admits executions where over time every process is faulty as long as there are always enough correct processes.     

Byzantine quorum systems

Summary. Quorum systems are well-known tools for ensuring the consistency and availability of replicated data despite the benign failure of data repositories. In this paper we consider the arbitrary (Byzantine) failure of data repositories and present the first study of quorum system requirements and constructions that ensure data availability and consistency despite these failures. We also consider the load associated with our quorum systems, i.e., the minimal access probability of the busiest server. For services subject to arbitrary failures, we demonstrate quorum systems over servers with a load of , thus meeting the lower bound on load for benignly fault-tolerant quorum systems. We explore several variations of our quorum systems and extend our constructions to cope with arbitrary client failures. Received: October 1996 / Accepted June 1998     

Possible and Impossible Self-Stabilizing Digital Clock Synchronization in General Graphs

We study digital clock synchronization for multiprocessor systems, where processors are triggered by a common clock pulse and communicate with others via shared memory.A self-stabilizing digital clock synchronization protocol for systems with a general communication graph is presented. The protocol can commence in an arbitrary non-consistent system state and converges to a legitimate state in which the clocks are synchronized and incremented by one in every subsequent pulse.To enhance the fault-tolerance of our protocol, we allow that during and following convergence processors may stop operating. Crash failures may partition the communication graph into several connected components. Our protocol synchronizes the clocks of the processors in every such connected component. For the case in which faulty processors can exhibit Byzantine behavior, we prove that there is no digital clock synchronization protocol that tolerates even one single faulty processor.     

Fault detection for Byzantine quorum systems

In this paper, we explore techniques to detect Byzantine server failures in asynchronous replicated data services. Our goal is to detect arbitrary failures of data servers in a system where each client accesses the replicated data at only a subset (quorum) of servers in each operation. In such a system, some correct servers can be out-of-date after a write and can therefore, return values other than the most up-to-date value in response to a client's read request, thus complicating the task of determining the number of faulty servers in the system at any point in time. We initiate the study of detecting server failures in this context, and propose two statistical approaches for estimating the risk posed by faulty servers based on responses to read requests     

基于信誉的二阶段溯源区块链共识策略

基于区块链技术的产品溯源系统在现代供应链系统中被广泛应用,溯源区块链适合采用联盟链来构建,其参与利益方多、共识网络差异化高的特性影响了此类区块链系统的性能和安全性。对区块链共识过程进行分析,构建模拟溯源区块链的系统模型和信誉模型,以排除拜占庭故障节点。在此基础上,设计包含代表选择和代表共识两个阶段的共识过程,并提出一种基于信誉的二阶段溯源区块链共识策略RTsBFT。实验结果表明,在相同的配置环境和条件下,相比CSBFT和PBFT策略,RTsBFT可取得更高的系统吞吐量、更短的延迟和更低的故障节点率,能够有效提高联盟链场景下溯源系统的性能和安全性。     

Optimistic Byzantine fault tolerance

The primary concern of traditional Byzantine fault tolerance is to ensure strong replica consistency by executing incoming requests sequentially according to a total order. Speculative execution at both clients and server replicas has been proposed as a way of reducing the end-to-end latency. In this article, we introduce optimistic Byzantine fault tolerance. Optimistic Byzantine fault tolerance aims to achieve higher throughput and lower end-to-end latency by using a weaker replica consistency model. Instead of ensuring strong safety as in traditional Byzantine fault tolerance, nonfaulty replicas are brought to a consistent state periodically and on-demand in optimistic Byzantine fault tolerance. Not all applications are suitable for optimistic Byzantine fault tolerance. We identify three types of applications, namely, realtime collaborative editing, event stream processing, and services constructed with conflict-free replicated data types, as good candidates for applying optimistic Byzantine fault tolerance. Furthermore, we provide a design guideline on how to achieve eventual consistency and how to recover from conflicts at different replicas. In optimistic Byzantine fault tolerance, a replica executes a request immediately without first establishing a total order of the message, and Byzantine agreement is used only to establish a common state synchronization point and the set of individual states needed to resolve conflicts. The recovery mechanism ensures both replica consistency and the validity of the system by identifying and removing the operations introduced by faulty clients and server replicas.     

拜占庭系统技术研究综述

随着分布式系统规模的增大,设计复杂度也不断提升,系统可靠性所面临的问题也越来越严峻。由于拜占庭协议能够容忍包括人为失误、软件bug和安全漏洞等各种形式的错误,其系统技术和实现方法越来越受到研究者们的重视。介绍和总结了目前拜占庭系统技术的研究成果,分析了目前拜占庭系统的研究现状,并探讨了拜占庭系统的发展趋势。通过分析得出：1)拜占庭系统性能上仍然与已经实用的非拜占庭系统相距较大,占用资源数量仍然较多,需要进一步研究其性能和资源优化技术;2)通过检测错误或者定期修复来降低系统中的错误,是延长系统可持续运行时间的方法,需要研究新的、高效的全面检测拜占庭服务器、合理定期修复等保障系统可持续运行的方法;3)实际应用背景和需求及其特定错误类型的处理方法对拜占庭协议和功能等提出了不一样的要求,需要研究拜占庭系统在实际中的应用和可用性。     

The anatomy study of consensus agreement in MANETs

Reliability is an important research topic of distributed systems. To achieve fault-tolerance in the distributed systems, healthy processors need to reach a common agreement before performing certain special tasks, even if faults exist in many circumstances. This problem is called as the Byzantine Agreement (BA) problem and it must be addressed. In general, the traditional BA problem is solved in well-defined networks. However, the MANETs (Mobile Ad-hoc Network) are increasing in popularity and its network topology is dynamic in nature. In this paper, the BA problem is re-examined in MANETs. Our protocol uses the minimum number of message exchanges to reach an agreement within the distributed system while tolerating the maximum number of faulty processors in MANETs.     

A self-adjusting algorithm for byzantine agreement

Summary Byzantine Agreement is important both in the theory and practice of distributed computing. However, protocols to reach Byzantine Agreement are usually expensive both in the time required as well as in the number of messages exchanged. In this paper, we present a self-adjusting approach to the problem. The Mostly Byzantine Agreement is proposed as a more restrictive agreement problem that requires that in the consecutive attempts to reach agreement, the number of disagreements (i.e., failures to reach Byzantine Agreement) is finite. Fort faulty processes, we give an algorithm that has at mostt disagreements for 4t or more processes. Another algorithm is given forn3t+1 processes with the number of disagreements belowt ²/2. Both algorithms useO(n ³) message bits for binary value agreement. Yi Zhao is currently working on his Ph.D. degree in Computer Science at University of Houston. His research interests include fault tolerance, distributed computing, parallel computation and neural networks. He obtained his M.S. from University of Houston in 1988 and B.S. from Beijing University of Aeronautics and Astronautics in 1984, both in computer science. Farokh B. Bastani received the B. Tech. degree in electrical engineering from the Indian Institute of Technology, Bombay, India, and the M.S. and Ph.D. degrees in electrical engineering and computer science from the University of California, Berkeley. He joined the University of Houston in 1980, where he is currently an Associate Professor of Computer Science. His research interests include software design and validation techniques, distributed systems, and fault-tolerant systems. He is a member of the ACM and the IEEE and is on the editorial board of theIEEE Transactions on Software Engineering.