Rüdiger Kapitza

CheapBFT: resource-efficient byzantine fault tolerance

One of the main reasons why Byzantine fault-tolerant (BFT) systems are not widely used lies in their high resource consumption: 3f+1 replicas are necessary to tolerate only f faults. Recent works have been able to reduce the minimum number of replicas to 2f+1 by relying on a trusted subsystem that prevents a replica from making conflicting statements to other replicas without being detected. Nevertheless, having been designed with the focus on fault handling, these systems still employ a majority of replicas during normal-case operation for seemingly redundant work. Furthermore, the trusted subsystems available trade off performance for security; that is, they either achieve high throughput or they come with a small trusted computing base.n This paper presents CheapBFT, a BFT system that, for the first time, tolerates that all but one of the replicas active in normal-case operation become faulty. CheapBFT runs a composite agreement protocol and exploits passive replication to save resources; in the absence of faults, it requires that only f+1 replicas actively agree on client requests and execute them. In case of suspected faulty behavior, CheapBFT triggers a transition protocol that activates f extra passive replicas and brings all non-faulty replicas into a consistent state again. This approach, for example, allows the system to safely switch to another, more resilient agreement protocol. CheapBFT relies on an FPGA-based trusted subsystem for the authentication of protocol messages that provides high performance and comprises a small trusted computing base.

Study on performance-centric offload strategies for LTE networks

Currently, cellular networks are overloaded with mobile data traffic due to the rapid growth of mobile broadband subscriptions and the increasing popularity of applications for smartphones. One possible solution to alleviate this problem is the offloading of mobile data traffic from the primary access technology to the WiFi infrastructure to gain extra capacity and improve the overall network performance. As the strategy what and when to offload data is non-trivial, it is of vital importance to develop novel algorithms to guide this process. This paper addresses solutions for WiFi offloading in Long Term Evolution (LTE) cellular networks when performance needs exceed the capability of the LTE access. It then compares the performance of each access technology using different network performance metrics. In detail, an optimized Signal-to-noise ratio (SNR)-threshold based handover solution and extension to the 3rd Generation Partnership Project (3GPP) standard for Access Network Discovery and Selection Function (ANDSF) framework for WiFi offloading is proposed. Our simulation results have shown that ANDSF discovery can be used to control the amount of offloading.

AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves

Intel’s Software Guard Extensions (SGX) provide a new hardware-based trusted execution environment on Intel CPUs using secure enclaves that are resilient to accesses by privileged code and physical attackers. Originally designed for securing small services, SGX bears promise to protect complex, possibly cloud-hosted, legacy applications. In this paper, we show that previously considered harmless synchronisation bugs can turn into severe security vulnerabilities when using SGX. By exploiting use-after-free and time-of-check-to-time-of-use (TOCTTOU) bugs in enclave code, an attacker can hijack its control flow or bypass access control.

Providing fault-tolerant execution of web-service-based workflows within clouds

With a variety of services rapidly evolving at all architectural levels of cloud computing, there is an increasing demand for a standardized way to coordinate their interactions. Business process management, that is, more general, the management of Web-service--based workflows, could satisfy this demand and, indeed, first corresponding offerings have gained instant popularity. While from a functional perspective, these Platform-as-a-Service (PaaS) solutions are already quite mature, their support for fault tolerance is still very limited, making them inapplicable for critical tasks.n Concerning the deficiencies of currently existing systems, this paper presents a practical solution for executing critical Web-service--based workflows, particularly within clouds, in a fault-tolerant, highly available and highly configurable manner. We achieve this by actively replicating workflows as well as Web services in a combined architecture, reusing existing standard systems and coordination services. By providing an automated transformation tool, replication is realized transparently to existing systems and workflows. Measurements show that our proposed architecture achieves lower response times than existing systems and that the integration of a coordination service imposes only moderate costs, while simplifying the implementation and leading to a dynamically adaptable solution.

SecureKeeper: Confidential ZooKeeper using Intel SGX

Cloud computing, while ubiquitous, still suffers from trust issues, especially for applications managing sensitive data. Third-party coordination services such as ZooKeeper and Consul are fundamental building blocks for cloud applications, but are exposed to potentially sensitive application data. Recently, hardware trust mechanisms such as Intels Software Guard Extensions (SGX) offer trusted execution environments to shield application data from untrusted software, including the privileged Operating System (OS) and hypervisors. Such hardware support suggests new options for securing third-party coordination services. We describe SecureKeeper, an enhanced version of the ZooKeeper coordination service that uses SGX to preserve the confidentiality and basic integrity of ZooKeeper-managed data. SecureKeeper uses multiple small enclaves to ensure that (i) user-provided data in ZooKeeper is always kept encrypted while not residing inside an enclave, and (ii) essential processing steps that demand plaintext access can still be performed securely. SecureKeeper limits the required changes to the ZooKeeper code base and relies on Javas native code support for accessing enclaves. With an overhead of 11%, the performance of SecureKeeper with SGX is comparable to ZooKeeper with secure communication, while providing much stronger security guarantees with a minimal trusted code base of a few thousand lines of code.

Using Erasure Codes to overcome reliability issues in energy-constrained sensor networks

We study the use of Erasure Codes (ECs) for transmitting information from mobile sensor nodes to stationary base stations. In particular, we are interested in improving the overall communication reliability of the wireless communication. Our scenario is wildlife monitoring in which bats are equipped with tiny sensor nodes, just being capable to store a few kB of data and to exchange information over a wireless communication link. This link is used, on the one hand, for determining contact times between individuals. On the other hand, these contacts are communicated in aggregated form to stationary base stations. Since the channel quality may vary quickly due to the continuous movements of bats and the heterogeneous environment, the communication is in general assumed to be highly unreliable. Conventional reliability improving approaches such as full data replication or on-demand retransmission are too expensive or even not possible due to very strict energy constraints and asymmetric channels. ECs allow to enhance the reliability of data transmissions by transmitting redundant data. In this work, we investigate the trade-off between reliability achieved and the cost in form of additional transmissions, i.e., the additional energy costs. Our results clearly show that ECs improve the communication reliability considerably with almost no impact on the resulting delay.

Resource-Efficient Byzantine Fault Tolerance

One of the main reasons why Byzantine fault-tolerant (BFT) systems are currently not widely used lies in their high resource consumption: <inline-formula><tex-math notation=LaTeX>

Consensus-Oriented Parallelization: How to Earn Your First Million

3f+1

DrySim: simulation-aided deployment-specific tailoring of mote-class WSN software

</tex-math><alternatives> <inline-graphic xlink:type=simple xlink:href=distler-ieq1-2495213.gif/></alternatives></inline-formula>xa0replicas are required to tolerate only <inline-formula><tex-math notation=LaTeX>

Adaptive and Scalable High Availability for Infrastructure Clouds

f