Presentation is loading. Please wait.

Presentation is loading. Please wait.

Distributed Error- Confinement

Published byHannu-Pekka Lahtinen Modified over 5 years ago

Similar presentations

Presentation on theme: "Distributed Error- Confinement"— Presentation transcript:

1 Distributed Error- Confinement
Shay Kutten (Technion) with Boaz Patt-Shamir (Tel Aviv U.) Yossi Azar (Tel Aviv U.)

2 Talk Overview (1) What is error confinement?
(2) The new “agility” measure for fault tolerance (3) The new “core- bootstrapping” idea for algorithm. (4) Optimization question and answer for “core” construction.

3 Motivation: “error propagation” (example)
(1) Assume no fault: My distance to C via S: 7+4=11 Message from S to A: S A B C distance 7 to C 7 4 C Traffic to C Internet routing: Node A compute shortest path to C based on messages from S.

4 Motivation: “error propagation” (example)
(2) with fault (at B): My distance to C via S: 7+4=11 Message from S to A: C distance 7 to C 7 S 2 A 4 C B distance 0 to C Traffic to C State corrupting fault (adversary modifies data memory)

5 State corrupting fault (self stabilization):
Not malicious! Just a one time change of memory content. C 7 S 2 A 4 B distance 0 to C State corrupting fault (adversary modifies data memory)

6 Motivation: “error propagation” (example)
(2) With fault (at B): My distance to C via S: 7+4=11 Message from S to A: C distance 7 to C 7 S A 4 2 C B Traffic to C distance 0 to C fault

7 (3) B’s fault propagated to A
Motivation: “error propagation” (example) (3) B’s fault propagated to A My distance to C via B: 2+0=2 Message from S to A: C distance 7 to C 7 S A 4 2 C B Traffic to C distance 0 to C fault

8 Motivation: “error propagation” (example)
B’s fault propagated to A My distance to C via B: 2+0=2 Message from S to A: C distance 7 to C 7 S C A 4 C 2 B (4) Traffic to C is sent the wrong way as a result of the fault propagation distance 0 to C fault

9 This is, actually, how the Internet (than Called “ARPANET”) in 1980
B D I have distance 0 to everybody C fault

10 “Error confinement”: non faulty node A outputs
only correct output (or no output at all) C Sounds impossible? S I do not believe you! A Output (to routing:) My distance to C via S: 7+4=11 B distance 0 to C fault

11 Error Confinement (Formally)
 : problem specification, P: protocol. P solves  with error confinement if for any execution of P with behavior  (possibly containing a state corrupting fault), there exists a behavior ’ & for all non-faulty nodes v: ’v= v (“stabilization” deals also with faulty nodes) (behavior- ignoring time)

12 Talk Overview (1) What is error confinement?
(2) The new “agility” measure for fault tolerance. (3) The core- bootstrapping idea idea for algorithm (4) Optimization question and answer for “core” construction.

13 Introducing a new measure of fault resilience:
The resilience of a protocol is smaller at first t Environment (e.g. user) 2 time t 1 Input is given to S at time t C t S A B D

14 The resilience of a protocol is smaller at first (cont.) time
Environment (e.g. user) gives Input is to S at time t t 2 If adversary changes the state of S at time tf shortly after the input t 1 t f C t S A B D

15 The resilience of a protocol is smaller at first time
(cont.) time Environment (e.g. user) gives Input to S at time t t 2 If adversary changes the state of S at time tf shortly after the input t 1 then the input is lost forever t f C t S A B D

16 The resilience of a protocol grows with time
However, a fault, even in S, can be tolerated if it waits until after S distributed the input value t 2 t 1 S C A B D t f C t S A B D input

17 The resilience of a protocol grows with time
(cont.) time However, a fault, even in S, can be tolerated if it waits until after S distributed the input value t 2 t f distribution C t 1 A S B D t f C t S A B D input

18 The resilience of a protocol grows with time
A fault even in S can be tolerated if it “waits” until after S distributed the input value t 2 tf distribution C t 1 A S B D tf C t S A B D input

19 The resilience of a protocol grows with time
A fault even in S can be tolerated if it “waits” until after S distributed the input value t 2 t f distribution C t 1 A S B D t f C t S A B D input

20 t0 t0 t1 t0 The resilience of a protocol grows with time time t1 t t
To destroy the replicated value the adversary needs to hit more nodes at > > t0 t0 tf t1 t f C t1 S A B D t f t0 C S A B D input

21 The resilience continues to grows with time
3 A B D If no faults occurred by some later , then the input is t 3 replicated even further C t S A 2 B D C t S A 1 B D

22 The resilience continues to grows with time
tf C A S t B D 3 C t S A 2 B D The later the faults, the more faults can be tolerated C t S A 1 B D

23 Time Cone Space time t t t
B D 3 C t S A 2 B D The later the faults, the more faults can be tolerated if the protocol is designed to be robust C t S A 1 B D

24 “Narrow” cone a LESS fault tolerant algorithm time
B D 3 C t S A 2 B D Slower replication less nodes offer help C t S A 1 B D

25 A “Wider” cone a more fault tolerant algorithm time
S S t A B D 3 C t S A 2 B D Replication to more nodes faster C t S A 1 B D

26 So, a recovery of corrupted values is
theoretically possible, for an adversary that is constrained according to a space-time-cone, but what is the algorithm that does the recovery? time S

27 Constraining faults: Agility
• c-constrained environment: environment generating faults tf time units after the input, (c  1), only in: • with agility c: Broadcast algorithm that guarantees error confinement against c-constrained environments. minority of · |Balls(c·tf)| nodes. algorithm V V c·tf S Balls

28 Agility: Algorithm’s “agility” measures the rate the
constraint on the adversary can be lifted C S S D C S time D Agility: S

29 Talk Overview (1) What is error confinement?
(2) The new “agility” measure for fault tolerance. (3) The new “core- bootstrapping” idea for algorithm. (4) Optimization question and answer for “core” construction.

30 The message resides at some nodes we
term “core”

31 A node can join the core when it “made
sure” it heard the votes of all core nodes

32 A node can join the core when it “made
sure” it heard the votes of all core nodes

33 A node can join the core when it “made
sure” it heard the votes of all core nodes

34 A node can join the core when it “made
sure” it heard the votes of all core nodes

35 and even the fault can be corrected

36 and even the fault can be corrected

37

38

39

40

41

42

43 Let us view again the join of one node

44 Then the message passes to the new node correctly
If core is such that adversary’s constraint allows hit of only a minority of the core… Then the message passes to the new node correctly

45 Then the message passes to the new node correctly
If core is such that adversary’s constraint allows hit of only a minority of the core… Disclaimer: any connection to Actual historical rivalry is coincidental Then the message passes to the new node correctly

46 Then the message passes to the new node correctly
If core is such that adversary’s constraint allows hit of only a minority of the core… Disclaimer: any connection to Actual historical rivalry is coincidental Then the message passes to the new node correctly

47 “Error confinement”: non faulty node A outputs
Only correct output (or no output at all) C S I do not believe you! A D Output (to routing:) My distance to C via S: 7+4=11 B distance 0 to C fault

48 and even the fault can be corrected

49 When the core grow, the algorithm can
withstand more faults.

50

51 Talk Overview (1) What is error confinement?
(2) The new “agility” measure for fault tolerance. (3) The new “core- bootstrapping” idea for algorithm. (4) Optimization question and answer for “core” construction.

52 Dilemma- should we add a node to core ASAP?
B F E H G

53 Dilemma- should we add a node to core ASAP?
Advantage- enlarges the core now. C A S D B F E H G

54 Dilemma- should we add a node to core ASAP?
Disadvantage: slows future core growth C A S D B F E H G

55 Dilemma- should we add a node to core ASAP?
Disadvantage: slows future core growth S C A D B F E H G

56 Dilemma- should we add a node to core ASAP?
Disadvantage: slows future core growth C A S D B F E H G

57 (example: bad greedy policy)
Stages of core growth (example: bad greedy policy) Greedy core growth  O(D2) time to reach diameter D  Agility = D/D2 = D

58 time Ti as a function of Core(Ti-1 )
feasibility: Core at time Ti as a function of Core(Ti-1 ) Optimize agility subject to V Ri-1 Ri S U Core(Ti-1 ) Core (Ti )

59 Agility at time Ti : Radius of Core at time Ti
Divided by time (Ti : i’th time Core grows) Agility time R2 Core radius R1 1 1 T1 T2 T3

60 Agility at time Ti : Radius of Core at time Ti
Divided by time (Ti : i’th time Core grows) Agility time R2 Core radius R1 1 1 T1 T2 T3 We calculated optimal T’s, R’s.

61 Agility at time Ti : Radius of Core at time Ti
Divided by time (Ti : i-th time Core grows) Agility time R2 Core radius R1 1 1 T1 T2 T3 We calculated optimal T’s, R’s. Constant Agility.

62 Agility at time Ti : Radius of Core at time Ti
Divided by time (Ti : i-th time Core grows) Agility time R2 Core radius R1 1 1 T1 T2 T3 We calculated optimal T’s, R’s. Constant Agility. Optimal number of core increases (logarithmic!).

63 An error confined protocol to compute distances from a
Additional results An error confined protocol to compute distances from a node S (Bellman-Ford’s algorithm is self stabilizing but is not error-confined). An error confined protocol for broadcast with correct source. Lower bound (mandatory slow down): Consider an error-confined algorithm for BROADCAST, even with correct source. Then no correct node v outputs before time 2·dist(source,v), even in the absence of faults. Generalizations, practical considerations.

64 Some related notions Self stabilization [Dijkstra, Lamport] would bring the system to a consistent global state eventually. If the input is re-injected repeatedly (as in the routing information example) this corrects the states eventually. If the input is not reintroduced by the environment, then the input may be lost forever. Local checking [Afek-K-Yung90] , or local detection [Awerbuch-P-Varghese91], together with self stabilizing reset [KatzPerry90,AKY90,AroraGouda90,APV91] would yield agility 1/|V|.

65 Some related notions fault local algorithms [K-Peleg95], or Time adaptive [KP97], or fault containment [GhoshGuptaHermanPemmaraju96] or local stabilization [AroraZhang03] would allow a “small” (relative to the number of faults) error propagation. Snap stabilization [BuiDattaPetitVillain99] considers only the case that some nodes performed a special “purifying” “initiation” action after the faults. A fault may propagate to a non-initiator node until it communicate with initiators. Local stabilization of [AfekDolev97] assumes a node can detect its own faults (since a fault puts a node in a random state).

66 Open problems Many!

Download ppt "Distributed Error- Confinement"

Similar presentations

1 Routing Protocols I. 2 Routing Recall: There are two parts to routing IP packets: 1. How to pass a packet from an input interface to the output interface.

1 Routing Protocols I. 2 Routing Recall: There are two parts to routing IP packets: 1. How to pass a packet from an input interface to the output interface.
CS 542: Topics in Distributed Systems Diganta Goswami.

CS 542: Topics in Distributed Systems Diganta Goswami.
Chapter 6 - Convergence in the Presence of Faults1-1 Chapter 6 Self-Stabilization Self-Stabilization Shlomi Dolev MIT Press, 2000 Shlomi Dolev, All Rights.

Chapter 6 - Convergence in the Presence of Faults1-1 Chapter 6 Self-Stabilization Self-Stabilization Shlomi Dolev MIT Press, 2000 Shlomi Dolev, All Rights.
Chapter 7 - Local Stabilization1 Chapter 7: roadmap 7.1 Super stabilization 7.2 Self-Stabilizing Fault-Containing Algorithms 7.3 Error-Detection Codes.

Chapter 7 - Local Stabilization1 Chapter 7: roadmap 7.1 Super stabilization 7.2 Self-Stabilizing Fault-Containing Algorithms 7.3 Error-Detection Codes.
COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.
UNIT-IV Computer Network Network Layer. Network Layer Prepared by - ROHIT KOSHTA In the seven-layer OSI model of computer networking, the network layer.

UNIT-IV Computer Network Network Layer. Network Layer Prepared by - ROHIT KOSHTA In the seven-layer OSI model of computer networking, the network layer.
EE 4272Spring, 2003 Chapter 10 Packet Switching Packet Switching Principles  Switching Techniques  Packet Size  Comparison of Circuit Switching & Packet.

EE 4272Spring, 2003 Chapter 10 Packet Switching Packet Switching Principles  Switching Techniques  Packet Size  Comparison of Circuit Switching & Packet.
LSRP: Local Stabilization in Shortest Path Routing Hongwei Zhang and Anish Arora Presented by Aviv Zohar.

LSRP: Local Stabilization in Shortest Path Routing Hongwei Zhang and Anish Arora Presented by Aviv Zohar.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 16 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 16 Wenbing Zhao Department of Electrical and Computer Engineering.
CMPE 150- Introduction to Computer Networks 1 CMPE 150 Fall 2005 Lecture 22 Introduction to Computer Networks.

CMPE 150- Introduction to Computer Networks 1 CMPE 150 Fall 2005 Lecture 22 Introduction to Computer Networks.
CS294, YelickSelf Stabilizing, p1 CS 294-8 Self-Stabilizing Systems

CS294, YelickSelf Stabilizing, p1 CS Self-Stabilizing Systems
A General approach to MPLS Path Protection using Segments Ashish Gupta Ashish Gupta.

A General approach to MPLS Path Protection using Segments Ashish Gupta Ashish Gupta.
Page 1 Copyright © 2002-2010 Alexander Allister Shvartsman CSE 6510 (461) Fall 2010 Selected Notes on Fault-Tolerance (12) Alexander A. Shvartsman Computer.

Page 1 Copyright © Alexander Allister Shvartsman CSE 6510 (461) Fall 2010 Selected Notes on Fault-Tolerance (12) Alexander A. Shvartsman Computer.
1 Shortest Path Calculations in Graphs Prof. S. M. Lee Department of Computer Science.

1 Shortest Path Calculations in Graphs Prof. S. M. Lee Department of Computer Science.
On Probabilistic Snap-Stabilization Karine Altisen Stéphane Devismes University of Grenoble.

On Probabilistic Snap-Stabilization Karine Altisen Stéphane Devismes University of Grenoble.
Securing Every Bit: Authenticated Broadcast in Wireless Networks Dan Alistarh, Seth Gilbert, Rachid Guerraoui, Zarko Milosevic, and Calvin Newport.

Securing Every Bit: Authenticated Broadcast in Wireless Networks Dan Alistarh, Seth Gilbert, Rachid Guerraoui, Zarko Milosevic, and Calvin Newport.
On Probabilistic Snap-Stabilization Karine Altisen Stéphane Devismes University of Grenoble.

On Probabilistic Snap-Stabilization Karine Altisen Stéphane Devismes University of Grenoble.
Distributed Algorithms – 2g1513 Lecture 9 – by Ali Ghodsi Fault-Tolerance in Distributed Systems.

Distributed Algorithms – 2g1513 Lecture 9 – by Ali Ghodsi Fault-Tolerance in Distributed Systems.
CS4231 Parallel and Distributed Algorithms AY 2006/2007 Semester 2 Lecture 10 Instructor: Haifeng YU.

CS4231 Parallel and Distributed Algorithms AY 2006/2007 Semester 2 Lecture 10 Instructor: Haifeng YU.
Review for Exam 2. Topics included Deadlock detection Resource and communication deadlock Graph algorithms: Routing, spanning tree, MST, leader election.

Review for Exam 2. Topics included Deadlock detection Resource and communication deadlock Graph algorithms: Routing, spanning tree, MST, leader election.

Similar presentations

Ads by Google