Kim Potter Kihlstrom

The SecureRing protocols for securing group communication

The SecureRing group communication protocols provide reliable ordered message delivery and group membership services despite Byzantine faults such as might be caused by modifications to the programs of a group member following illicit access to, or capture of, a group member. The protocols multicast messages to groups of processors within an asynchronous distributed system and deliver messages in a consistent total order to all members of the group. They ensure that correct members agree on changes to the membership, that correct processors are eventually included in the membership, and that processors that exhibit detectable Byzantine faults are eventually excluded from the membership. To provide these message delivery and group membership services, the protocols make use of an unreliable Byzantine fault detector.

Byzantine Fault Detectors for Solving Consensus

Unreliable fault detectors can be defined in terms of completeness and accuracy properties and can be used to solve the consensus problem in asynchronous distributed systems that are subject to crash faults. We extend this result to asynchronous distributed systems that are subject to Byzantine faults. First, we define and categorize Byzantine faults. We then define two new completeness properties, eventual strong completeness and eventual weak completeness. We use these completeness properties and previously defined accuracy properties to define four new classes of unreliable Byzantine fault detectors. Next, we present an algorithm that uses a Byzantine fault detector to solve the consensus problem in an asynchronous distributed system of n processes in which the number k of Byzantine faults satisfies k ≤� (n − 1)/3� . We also give algorithms that implement a Byzantine fault detector in a model of partial synchrony. Finally, we prove the correctness of the consensus algorithm and analyze its complexity.

The SecureRing group communication system

Secure reliable group communication protocols can facilitate the development of survivable distributed systems that are able to remain correct and reliable despite intrusions that cause some nodes to behave in an arbitrary or malicious manner. However, the development of such protocols is itself difficult, and prior systems have exhibited high overheads, primarily due to the cost of digital signatures. The SecureRing group communication system provides secure, reliable, totally-ordered message delivery and group membership services despite the malicious corruption of a constant fraction of the processors within the system. The network is assumed not to partition, and persistent communication faults are handled as processor faults. The SecureRing message delivery protocol makes use of message digests in a signed token to allow a single digital signature to cover multiple messages, and to avoid the need for multiple rounds of message exchange in normal operation. While these techniques mean that messages are not authenticated in real time, they enable the SecureRing protocols to achieve high throughput and reasonable latency.

Providing support for survivable CORBA applications with the Immune system

The Immune system aims to provide survivability to CORBA applications, enabling them to continue to operate despite malicious attacks, accidents or faults. Every object within the CORBA application is actively replicated by the Immune system, with majority voting applied on incoming invocations and responses to each replica of the object. Secure multicast protocols are employed to enable the majority voting to be effective, even when processors within the network and objects within the application become corrupted.