Idit Keidar

Group communication specifications: a comprehensive study

View-oriented group communication is an important and widely usedbuilding block for many distributed applications. Much currentresearch has been dedicated to specifying the semantics andservices of view-oriented group communication systems (GCSs).However, the guarantees of different GCSs are formulated usingvarying terminologies and modeling techniques, and thespecifications vary in their rigor. This makes it difficult toanalyze and compare the different systems. This survey provides acomprehensive set of clear and rigorous specifications, which maybe combined to represent the guarantees of most existing GCSs. Inthe light of these specifications, over 30 published GCSspecifications are surveyed. Thus, the specifications serve as aunifying framework for the classification, analysis, and comparisonof group communication systems. The survey also discusses over adozen different applications of group communication systems,shedding light on the usefulness of the presented specifications.This survey is aimed at both system builders and theoreticalresearchers. The specification framework presented in this articlewill help builders of group communication systems understand andspecify their service semantics; the extensive survey will allowthem to compare their service to others. Application builders willfind a guide here to the services provided by a large variety ofGCSs, which could help them choose the GCS appropriate for theirneeds. The formal framework may provide a basis for interestingtheoretical work, for example, analyzing relative strengths ofdifferent properties and the costs of implementing them.

Venus: verification for untrusted cloud storage

This paper presents Venus, a service for securing user interaction with untrusted cloud storage. Specifically, Venus guarantees integrity and consistency for applications accessing a key-based object store service, without requiring trusted components or changes to the storage provider. Venus completes all operations optimistically, guaranteeing data integrity. It then verifies operation consistency and notifies the application. Whenever either integrity or consistency is violated, Venus alerts the application. We implemented Venus and evaluated it with Amazon S3 commodity storage service. The evaluation shows that it adds no noticeable overhead to storage operations.

On maintaining multiple versions in STM

An effective way to reduce the number of aborts in software transactional memory (STM) is to keep multiple versions of transactional objects. In this paper, we study inherent properties of STMs that use multiple versions to guarantee successful commits of all read-only transactions. We first show that these STMs cannot be disjoint-access parallel. We then consider the problem of garbage collecting old object versions, and show that no STM can be optimal in the number of previous versions kept. Moreover, we show that garbage collecting useless versions is impossible in STMs that implement invisible reads. Finally, we present an STM algorithm using visible reads that efficiently garbage collects useless object versions.

Moshe: A group membership service for WANs

We present Moshe, a novel scalable group membership algorithm built specifically for use in wide area networks (WANs), which can suffer partitions. Moshe is designed with three new significant features that are important in this setting: it avoids delivering views that reflect out-of-date memberships; it requires a single round of messages in the common case; and it employs a client-server design for scalability. Furthermore, Moshes interface supplies the hooks needed to provide clients with full virtual synchrony semantics. We have implemented Moshe on top of a network event mechanism also designed specifically for use in a WAN. In addition to specifying the properties of the algorithm and proving that this specification is met, we provide empirical results of an implementation of Moshe running over the Internet. The empirical results justify the assumptions made by our design and exhibit good performance. In particular, Moshe terminates within a single communication round over 98% of the time. The experimental results also lead to interesting observations regarding the performance of membership algorithms over the Internet.

Efficient message ordering in dynamic networks

We present an algorithm for totally ordering messages in the face of network partitions and site failures. The algorithm aJways aJlows a majority of connected processors in the network to make progress (z. e. to order messages), if they remain connected for sufficiently long, regardless of past failures. Furthermore, our aJgorithm always allows processors to initiate messages, even when they are not members of a connected majority component in the network. Thus, messages can eventually become totally ordered even if their initiator is never a member of a majority component. The algorithm guarantees that when a majority is connected, each message is ordered within two communication rounds, if no failures occur during these rounds.

Many-Core vs. Many-Thread Machines: Stay Away From the Valley

We study the tradeoffs between many-core machines like Intelpsilas Larrabee and many-thread machines like Nvidia and AMD GPGPUs. We define a unified model describing a superposition of the two architectures, and use it to identify operation zones for which each machine is more suitable. Moreover, we identify an intermediate zone in which both machines deliver inferior performance. We study the shape of this ldquoperformance valleyrdquo and provide insights on how it can be avoided.

Do not crawl in the DUST: different URLs with similar text

We consider the problem of dust : Different URLs with Similar Text. Such duplicate URLs are prevalent in web sites, as web server software often uses aliases and redirections, translates URLs to some canonical form, and dynamically generates the same page from various different URL requests. We present a novel algorithm, DustBuster, for uncovering dust ; that is, for discovering rules for transforming a given URL to others that are likely to have similar content. DustBuster is able to detect dust effectively from previous crawl logs or web server logs, without examining page contents. Verifying these rules via sampling requires fetching few actual web pages. Search engines can benefit from this information to increase the effectiveness of crawling, reduce indexing overhead as well as improve the quality of popularity statistics such as PageRank.

On the Cost of Fault-Tolerant Consensus When There Are No Faults – A Tutorial

We consider the consensus problem in realistic partial synchrony and timed asynchronous models where processes can crash. We describe algorithms and lower bounds that show that two communication steps are necessary and sufficient for solving consensus in these models in failure-free executions.

Dynamic voting for consistent primary components

Distributed applications often use quorums in order to guarantee consistency. With emerging world-wide communication technology, many new applications (e.g., conferencing applications and interactive games) wish to allow users to freely join and leave, without restarting the entire system. The dynamic voting paradigm allows such systems to define quorums adaptively, accounting for the changes in the set of participants. Rrrthermore, dynamic voting was proven to be the most available parad@rn for maintaining quorums in unreliable networks. However, the subtleties of implementing dynamic voting were not well understood; in fact, many of the suggested protocols may lead to inconsistencies in case of failur~. Other protocols severely limit the availability in case failures occur during the protocol. In this paper we present a robust and efficient dynamic voting protocol for unreliable asynchronous networks. The proto;ol consistently maintains the primary component in a distributed system. Our protocol allows the system to make progress in cases of repetitive failures in which previously suggested protocols block. The protocol is simple to implement, and-its communication requirements are small.

Brahms: Byzantine resilient random membership sampling

We present Brahms, an algorithm for sampling random nodes in a large dynamic system prone to malicious behavior. Brahms stores small membership views at each node, and yet overcomes Byzantine attacks by a linear portion of the system. Brahms is composed of two components. The first is an attack-resilient gossip-based membership protocol. The second component extracts independent uniformly random node samples from the stream of node ids gossiped by the first. We evaluate Brahms using rigorous analysis, backed by simulations, which show that our theoretical model captures the protocols essentials. We study two representative attacks, and show that with high probability, an attacker cannot create a partition between correct nodes. We further prove that each nodes sample converges to an independent uniform one over time. To our knowledge, no such properties were proven for gossip protocols in the past.