Hans P. Reiser

Hypervisor-Based Efficient Proactive Recovery

Proactive recovery is a promising approach for building fault and intrusion tolerant systems that tolerate an arbitrary number of faults during system lifetime. This paper investigates the benefits that a virtualization-based replication infrastructure can offer for implementing proactive recovery. Our approach uses the hypervisor to initialize a new replica in parallel to normal system execution and thus minimizes the time in which a proactive reboot interferes with system operation. As a consequence, the system maintains an equivalent degree of system availability without requiring more replicas than a traditional replication system. Furthermore, having the old replica available on the same physical host as the rejuvenated replica helps to optimize state transfer. The problem of remote transfer is reduced to remote validation of the state in the frequent case when the local replica has not been corrupted.

Efficient state transfer for hypervisor-based proactive recovery

Proactive recovery of replicated services is a novel approach that allows tolerating a potentially unlimited number of malicious faults during system lifetime by periodically restarting replicas from a correct state. Recovering a stateful replica requires a time-consuming transfer and verification of the state. During this time, the replica usually is unable to handle client requests. Our VM-FIT architecture harnesses virtualization to significantly reduce this service unavailability. Our approach allows recovery in parallel with service execution, and uses copy-on-write techniques and provides efficient state transfer support between virtual replicas on a host.

A flexible and extensible object middleware: CORBA and beyond

This paper presents a CORBA-compliant middleware architecture that is more flexible and extensible compared to standard CORBA. The portable design of this architecture is easily integrated in any standard CORBA middleware; for this purpose, mainly the handling of object references (IORs) has to be changed. To encapsulate those changes, we introduce the concept of a generic reference manager with portable profile managers. Profile managers are pluggable and in extreme can be downloaded on demand. To illustrate the use of this approach, we present a profile manager implementation for fragmented objects and another one for bridging CORBA to the Jini world. The first profile manager supports truly distributed objects, which allow seamless integration of partitioning, scalability, fault tolerance, end-to-end quality of service, and many more implementation aspects into a distributed object without losing distribution and location transparency. The second profile manager illustrates how our architecture enables fully transparent access from CORBA applications to services on non-CORBA platforms.

Consistent Replication of Multithreaded Distributed Objects

Determinism is mandatory for replicating distributed objects with strict consistency guarantees. Multithreaded execution of method invocations is a source of nondeterminism, but helps to improve performance and avoids deadlocks that nested invocations can cause in a single-threaded execution model. This paper contributes a novel algorithm for deterministic thread scheduling based on the interception of synchronisation statements. It assumes that shared data are protected by mutexes and client requests are sent to all replicas in total order; requests are executed concurrently as long as they do not issue potentially conflicting synchronisation operations. No additional communication is required for granting locks in a consistent order in all replicas. In addition to reentrant mutex locks, the algorithm supports condition variables and time-bounded wait operations. An experimental evaluation shows that, in some typical usage patterns of distributed objects, the algorithm is superior to other existing approaches

Decentralized, Adaptive Services: The AspectIX Approach for a Flexible and Secure Grid Environment

In this paper we present EDAS, an environment for decentralized, adaptive services. This environment offers flexible service models based on distributed mobile objects ranging from a traditional client-server scenario to a fully peer-to-peer based approach. Automatic, dynamic resource management allows optimized use of available resources while minimizing the administrative complexity. Furthermore the environment supports a trust-based distinction of peers and enables a trust-based usage of resources.

Fault-tolerant replication based on fragmented objects

This paper describes a novel approach to fault-tolerance in distributed object-based systems. It uses the fragmented-object model to integrate replication mechanisms into distributed applications. This approach enables the use of customised code on a per-object basis to access replica groups and to manage consistency. The addition of fault tolerance to the infrastructure has only little overhead, is fully transparent for clients, and does not require internal modifications to the existing middleware. Semantic annotations at the interface level allow the developer to customise the provision of fault tolerance. Operations can be marked as read-only to allow an execution with weaker ordering semantics or as parallelisable to allow true multithreaded execution. A code-generation tool is provided to automatically produce object-specific fragment code for client access and for replica consistency management, taking into account the annotations, the interface specification, and the non-replicated implementation. A further contribution of our code-generation approach is the support of deterministic multithreading in replicated objects.

Network Forensics for Cloud Computing

Computer forensics involves the collection, analysis, and reporting of information about security incidents and computer-based criminal activity. Cloud computing causes new challenges for the forensics process. This paper addresses three challenges for network forensics in an Infrastructure-as-a-Service (IaaS) environment: First, network forensics needs a mechanism for analysing network traffic remotely in the cloud. This task is complicated by dynamic migration of virtual machines. Second, forensics needs to be targeted at the virtual resources of a specific cloud user. In a multi-tenancy environment, in which multiple cloud clients share physical resources, forensics must not infringe the privacy and security of other users. Third, forensic data should be processed directly in the cloud to avoid a costly transfer of huge amounts of data to external investigators. This paper presents a generic model for network forensics in the cloud and defines an architecture that addresses above challenges. We validate this architecture with a prototype implementation based on the OpenNebula platform and the Xplico analysis tool.

Intrusion detection and honeypots in nested virtualization environments

Several research projects in the past have built intrusion detection systems and honeypot architectures based on virtual machine introspection (VMI). These systems directly benefit from the use of virtualization technology. The VMI approach, however, requires direct interaction with the virtual machine monitor, and typically is not available to clients of current public clouds. Recently, nested virtualization has gained popularity in research as an approach that could enable cloud customers to use virtualization-based solutions within a cloud by nesting two virtual machine monitors, with the inner one under control of the client. In this paper, we compare the performance of existing nested-virtualization solutions and analyze the impact of the performance overhead on VMI-based intrusion detection and honeypot systems.

Adaptive web service migration

In highly dynamic and heterogeneous environments such as mobile and ubiquitous computing, software must be able to adapt at runtime and react to the environment. Furthermore it should be independent of a certain hardware platform and implementation language. In this paper, we propose an infrastructure for self-adaptive migratable Web services (SAM-WS) for implementing applications for such environments. A SAM-WS supports stateful migration and adaptation to particular application context by being able to dynamically change the interface, locally available state and implementation in use. Despite adaptation and migration it maintains a unique ID during the whole life time. This allows clients to have a location-independent reference to a specific Web service instance. Although our prototype implementation is based on Apache Axis, the concept can be easily ported to any Web service framework without platform modifications. We provide an example application and performance measurements for different system platforms ranging from a standard device to resource-restricted mobile devices.

FITCH: Supporting Adaptive Replicated Services in the Cloud

Despite the fact that cloud computing offers a high degree of dynamism on resource provisioning, there is a general lack of support for managing dynamic adaptations of replicated services in the cloud, and, even when such support exists, it is focused mainly on elasticity by means of horizontal scalability. We analyse the benefits a replicated service may obtain from dynamic adaptations in the cloud and the requirements on the replication system. For example, adaptation can be done to increase and decrease the capacity of a service, move service replicas closer to their clients, obtain diversity in the replication (for resilience), recover compromised replicas, or rejuvenate ageing replicas. We introduce FITCH, a novel infrastructure to support dynamic adaptation of replicated services in cloud environments. Two prototype services validate this architecture: a crash fault-tolerant Web service and a Byzantine fault-tolerant key-value store based on state machine replication.