Felix C. Gärtner

Fundamentals of fault-tolerant distributed computing in asynchronous environments

Fault tolerance in distributed computing is a wide area with a significant body of literature that is vastly diverse in methodology and terminology. This paper aims at structuring the area and thus guiding readers into this interesting field. We use a formal approach to define important terms like fault, fault tolerance, and redundancy. This leads to four distinct forms of fault tolerance and to two main phases in achieving them: detection and correction. We show that this can help to reveal inherently fundamental structures that contribute to understanding and unifying methods and terminology. By doing this, we survey many existing methodologies and discuss their relations. The underlying system model is the close-to-reality asynchronous message-passing model of distributed computing.Fault tolerance in distributed computing is a wide area with a significant body of literature that is vastly diverse in methodology and terminology. This paper aims at structuring the area and thus guiding readers into this interesting field. We use a formal approach to define important terms like fault, fault tolerance, and redundancy. This leads to four distinct forms of fault tolerance and to two main phases in achieving them: detection and correction. We show that this can help to reveal inherently fundamental structures that contribute to understanding and unifying methods and terminology. By doing this, we survey many existing methodologies and discuss their relations. The underlying system model is the close-to-reality asynchronous message-passing model of distributed computing.

Supporting mobility in content-based publish/subscribe middleware

Publish/subscribe (pub/sub) is considered a valuable middleware architecture that proliferates loose coupling and leverages reconfigurability and evolution. Up to now, existing pub/sub middleware was optimized for static systems where users as well as the underlying system structure were rather fixed. We study the question whether existing pub/sub middleware can be extended to support mobile and location-dependent applications. We first analyze the requirements of such applications and distinguish two orthogonal forms of mobility: the system-centric physical mobility and an application-centric logical mobility (where users are aware that they are changing location). We introduce location-dependent subscriptions as a suitable means to exploit the power of the event-based paradigm in mobile applications. Briefly spoken, location-dependency refines a subscription to accept only events related to a mobile users current location. Implementations for both forms of mobility are presented within the content-based pub/sub middleware Rebeca, drawing from its refined routing capabilities (namely, covering and merging).

Evaluating advanced routing algorithms for content-based publish/subscribe systems

We present an evaluation of advanced routing algorithms for content-based publish/subscribe systems that focuses on the inherent characteristics of routing algorithms (routing table sizes and filter forwarding overhead) instead of system-specific parameters (CPU load etc.). The evaluation is based on a working prototype instead of simulations and compares several routing algorithms to each other. Moreover, the effects of locality among the interests of the consumers are investigated. The results offer new insights into the behavior of content-based routing algorithms. Firstly, advanced routing algorithms can be considered mandatory in large-scale publish/subscribe systems. Secondly, the use of advertisements considerably improves scalability. Thirdly, advanced routing algorithms operate efficiently in more dynamic environments than was previously thought. Finally, the good behavior of the algorithms improves even if the interests of the consumers are not evenly distributed, which can be expected in practice.

Modular event-based systems

Event-based systems are developed and used to integrate components in loosely coupled systems. Research and product development have focused so far on efficiency issues but neglected methodological support to build such systems. In this article, the modular design and implementation of an event system is presented which supports scopes and event mappings, two new and powerful structuring methods that facilitate engineering and coordination of components in event-based systems. We give a formal specification of scopes and event mappings within a trace-based formalism adapted from temporal logic. This is complemented by a comprehensive introduction to the event-based style, its benefits and requirements.

A modular approach to build structured event-based systems

Event-based systems are developed and used as a coordination model to integrate components in loosely coupled systems. Research and product development focused so far on efficiency issues but neglected methodological support to build such systems. In this paper, we present the modular design and implementation of an event system which supports scopes and event mappings, two new and powerful structuring methods that facilitate engineering and coordination of components in event-based systems. The approach is based on a trace-based specification method adapted from temporal logic.

DREAM: Distributed Reliable Event-Based Application Management

New applications and the convergence of technologies, ranging from sensor networks to ubiquitous computing and from autonomic systems to event-driven supply chain management, require new middleware platforms that support proactive event notification. We present a system overview and discuss the principles of Dream, a reactive middleware platform that integrates event detection and composition mechanisms in a highly distributed environment; fault-tolerant and scalable event notification that exploits a variety of filter placement strategies; content-based notification to formulate powerful filters and concept-based notification to extend content-based filtering to heterogeneous environments; middleware-mediated transactions that integrate notifications and transactions; and scopes, which are administration primitives for both deployment- and runtime configurability, as well as for the management of policies. We discuss four prototypes that were implemented as proof-of-concept systems and present lessons learned from them.

Dependability Issues of Pervasive Computing in a Healthcare Environment

This paper proposes that the healthcare domain can serve as an archetypical field of research in pervasive computing. We present this area from a technological perspective, arguing that it provides a wide range of possible applications of pervasive computing technology. We further recognize that pervasive computing technology is likely to create concerns about the security of healthcare systems, due to increased data aggregation, ubiquitous access, and increasing dependency on technical solutions. But we also justify why the same technology can help building more robust, more dependable systems that increase the quality of healthcare. We identify building blocks that are necessary to achieve this goal: a pervasive middleware, appropriate handling of exceptional situations, and dependability assertions for small devices.

Supporting fair exchange in mobile environments

Mobile commerce over the Internet always includes the exchange of electronic goods. Fair exchange protocols establish fairness and ensure that both participants can engage in the exchange without the risk of suffering a disadvantage (e.g., losing their money without receiving anything for it). In general, fair exchange protocols require the continuous availability of an external trusted third party (TTP), a dedicated site which is trusted by both participants. Implementations of TTPs for fair exchange have been proposed to be based on carefully secured Internet hosts in order to establish trust. In this paper we present solutions to the fair exchange problem in mobile environments, where customers frequently disconnect from the network and thus continuous availability of the external TTP is not given. Our approach utilizes tamper-poof hardware on the customers side partly taking over the duties of the TTP. Besides supporting disconnected operations our approach also allows the proper handling of time-sensitive items (i.e., items which lose value over time), a feature which previous protocols lack.

Modular fair exchange protocols for electronic commerce

Recently, research has focused on enabling fair exchange between payment and electronically shipped items. The reason for this is the growing importance of electronic commerce and the increasing number of applications in this area. Although a considerable number of fair exchange protocols exist, they usually have been defined for special scenarios and thus only work under particular assumptions. Furthermore, these protocols provide different degrees of fairness and cause different communication overhead. The purpose of the paper is to present a unifying solution to the problem. We do this by defining a suite of protocol modules which allow us to compose protocols where the achieved degree of fairness can be enhanced step by step. The advantage of the stepwise approach is that after each step one can decide if the provided degree of fairness is acceptable or if one is willing to spend more in order to reach a higher degree of fairness. We show the applicability of our approach by deriving a novel efficient fair exchange protocol.

Using Smart Cards for Fair Exchange

Fair exchange protocols ensure that the participating parties, customer and vendor, can engage in electronic commerce transactions without the risk of suffering a disadvantage. This means that neither of them delivers his digital item without receiving the other partys item. In general, fair exchange cannot be solved without the help of a trusted third party (TTP), a dedicated computer which is trusted by both participants. Trust can be established by carefully securing the TTP or even better by introducing tamper-proof hardware. However, if the communication to the TTP is unreliable or disrupted, then the exchange cannot be performed in a timely fashion or not at all. Up to now, this has been a problem especially for the exchange of time-sensitive items, i.e., items which lose value over time. We present a novel approach to perform fair exchange using tamper-poof hardware on the customers side. More specifically, co-located to the customers machine we use a smart card which partially takes over the role of the TTP. The challenge of designing protocols in this environment lies in the fact that the communication between the smart card and the vendor is under control of the customer. Our approach has the following benefits: It supports the exchange in mobile environments where customers frequently experience a disconnection from the network. Furthermore, our approach is the first to handle time-sensitive items properly.