Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sisi Duan Assistant Professor Information Systems

Published byFay Hicks Modified over 5 years ago

Similar presentations

Presentation on theme: "Sisi Duan Assistant Professor Information Systems"— Presentation transcript:

1 Sisi Duan Assistant Professor Information Systems sduan@umbc.edu
IS 698/800-01: Advanced Distributed Systems Separating Agreement from Execution Sisi Duan Assistant Professor Information Systems

2 Overview Separating execution from agreement Why and how?
Another look at Paxos and Fabric Shuttle: Byzantine chain replication

3 SMR and Blockchains What we have talked about so far…
SMR as a service Availability and integrity (total order of requests, consistency…) Storage (read and write…) The challenges in real applications Execution time Storage space

4 Another look at hyperledger Fabric

5 Another look at Paxos A diagram closer to the original Paxos algorithm

6 HDFS

7 MapReduce

8 Separating execution from agreement
Wang, Yang, Lorenzo Alvisi, and Mike Dahlin. "Gnothi: Separating data and metadata for efficient and available storage replication." ATC 2012. Androulaki, Elli, et al. "Erasure-coded Byzantine storage with separate metadata." PODC. Springer, Cham, 2014. Cachin, Christian, Dan Dobre, and Marko Vukolić. "Separating data and control: Asynchronous BFT storage with 2t+ 1 data replicas." Symposium on Self- Stabilizing Systems. Springer, Cham, 2014. Yin, Jian, et al. "Separating agreement from execution for byzantine fault tolerant services." ACM SIGOPS Operating Systems Review 37.5 (2003): Duan, Sisi, and Haibin Zhang. "Practical state machine replication with confidentiality." SRDS. IEEE, 2016. Van Renesse, Robbert, Chi Ho, and Nicolas Schiper. "Byzantine chain replication." International Conference On Principles Of Distributed Systems. Springer, Berlin, Heidelberg, 2012.

9 An example of separation
Cachin, Christian, Dan Dobre, and Marko Vukolić. "Separating data and control: Asynchronous BFT storage with 2t+ 1 data replicas." Symposium on Self-Stabilizing Systems. Springer, Cham, 2014.

10 Separating Execution from Agreement
Yin, Jian, et al. "Separating agreement from execution for byzantine fault tolerant services." ACM SIGOPS Operating Systems Review 37.5 (2003): Agreement cluster generates an order for a request The ordered request is sent to the execution cluster What should be the proof? Execution cluster executes the requests and returns the result to A and then the client What should be the failure model? Agreement cluster? Execution cluster?

11 Separating Execution from Agreement
Client sends request to Agreement cluster (AC) A server orders the request using BFT such as PBFT AC generates a commit certificate (2f+1 signatures with commit messages) and sends to EC EC Waits until all previous requests have been executed executes the requests and generates a reply Reply certificate: t+1 signatures and a reply

12 Separating Execution from Agreement
Benefits? Execution extensive operations do not become the bottleneck Storage space is not an issue Agreement cluster does not need to know what’s inside the request Simple majority from execution cluster

13 Separating Execution from Agreement
Confidentiality? Faulty results are sent to the clients as well

14 Confidentiality Adding privacy firewall
Instead of letting clients collect and combine the results, do them for the clients using the F.

15 Confidentiality Adding privacy firewall Filter the results
How many F do we need in each row? How many rows do we need? Assumption: h failures in the firewalls

16 Confidentiality The request and reply body are encrypted
Using threshold signatures Why?

17 The privacy firewall There exists at least one correct path between AC and EC which only consists of correct filters There exists one row which only consists of correct filter nodes and the rows below do not have any information from nay replicas in EC

18 Another look at confidentiality and safety
Duan, Sisi, and Haibin Zhang. "Practical state machine replication with confidentiality." SRDS. IEEE, 2016 The requests and replies are encrypted? What’s the issue? Encryption: deterministic or randomized? Deterministic… not good… Randomization: violate the need for threshold signature and the PF cannot filter…

19 Enabling confidentiality

20 Enabling Confidentiality
AEAD (soundness) Authenticated encryption scheme with associated data Efficiency Symmetric key based authentication and encryption Randomized BFT (request and reply privacy) Random coins Request-specific random coin

21 Byzantine Chain Replication: Shuttle
Van Renesse, Robbert, Chi Ho, and Nicolas Schiper. "Byzantine chain replication." International Conference On Principles Of Distributed Systems. Springer, Berlin, Heidelberg, 2012. Another concept of separating roles Configurable chain replication

22 Replica states and transitions
PENDING ACTIVE IMMUTABLE Transitions orderCommand(p,C,s,o) BecomeImmutable(p) switchConfig(C,C’,H) becomeActive(p,C,hist)

23 Olympus: The centralized oracle
Configuration service Generates configurations Issuing inithist statements Generate a new configuration upon receiving a reconfiguration-request statement

24 Shuttle: The failure-free case
Client obtains a configuration from Olympus Send o to the head of the chain Each replica Validates the requests Applies o and obtain a result r Adds the request to the order proof Adds the result to the result proof Forwards the message to the next replica Tail: forwards the result proof to the client The result proof is return backwards to the chain

25 Shuttle: under failures
Client cannot receive response on time and retransmit If the server has the result, return to the client If the server is immutable, return error Head If it has the result, sent to the client If it has ordered requests and still is waiting for the result to come back: starts a timer It does not recognize the operation: order it again

26 Shuttle: under failures
If the timer expires at any replica Send a reconfiguration-request statement to Olympus Olympus Send signed wedge requests to all the replicas Correct replicas respond with wedged statements (becomeImmutable) Await responses from a quorum of replicas, and construct a history h by selecting the longest order proof for each slot Allocate a new configuration C of replicas and seed those with h and a configuration statement for C. The replica then become active(becomeActive)

27 A comparison Different primitives and purposes
Simple separation: performance, no confidentiality

28 Conclusion The concept is everywhere Simple
Chubby Zookeeper Storage sys Simple Separate the design of agreement and storage Performance Latency is obviously longer

29 Conclusion Also a common concept Pros Cons
Google file system master service Pros Simple Efficient Cons Single point of failures? How about frequent failures?

Download ppt "Sisi Duan Assistant Professor Information Systems"

Similar presentations

NETWORK ALGORITHMS Presenter- Kurchi Subhra Hazra.

NETWORK ALGORITHMS Presenter- Kurchi Subhra Hazra.
High throughput chain replication for read-mostly workloads

High throughput chain replication for read-mostly workloads
CS 5204 – Operating Systems1 Paxos Student Presentation by Jeremy Trimble.

CS 5204 – Operating Systems1 Paxos Student Presentation by Jeremy Trimble.
CSE 486/586, Spring 2013 CSE 486/586 Distributed Systems Byzantine Fault Tolerance --- 2 Steve Ko Computer Sciences and Engineering University at Buffalo.

CSE 486/586, Spring 2013 CSE 486/586 Distributed Systems Byzantine Fault Tolerance Steve Ko Computer Sciences and Engineering University at Buffalo.
The SMART Way to Migrate Replicated Stateful Services Jacob R. Lorch, Atul Adya, Bill Bolosky, Ronnie Chaiken, John Douceur, Jon Howell Microsoft Research.

The SMART Way to Migrate Replicated Stateful Services Jacob R. Lorch, Atul Adya, Bill Bolosky, Ronnie Chaiken, John Douceur, Jon Howell Microsoft Research.
1 Attested Append-Only Memory: Making Adversaries Stick to their Word Byung-Gon Chun (ICSI) October 15, 2007 Joint work with Petros Maniatis (Intel Research,

1 Attested Append-Only Memory: Making Adversaries Stick to their Word Byung-Gon Chun (ICSI) October 15, 2007 Joint work with Petros Maniatis (Intel Research,
Yee Jiun Song Cornell University. CS5410 Fall 2008.

Yee Jiun Song Cornell University. CS5410 Fall 2008.
2/23/2009CS50901 Implementing Fault-Tolerant Services Using the State Machine Approach: A Tutorial Fred B. Schneider Presenter: Aly Farahat.

2/23/2009CS50901 Implementing Fault-Tolerant Services Using the State Machine Approach: A Tutorial Fred B. Schneider Presenter: Aly Farahat.
Distributed Systems CS 15-440 Case Study: Replication in Google Chubby Recitation 5, Oct 06, 2011 Majd F. Sakr, Vinay Kolar, Mohammad Hammoud.

Distributed Systems CS Case Study: Replication in Google Chubby Recitation 5, Oct 06, 2011 Majd F. Sakr, Vinay Kolar, Mohammad Hammoud.
Byzantine fault tolerance

Byzantine fault tolerance
Byzantine Fault Tolerance CS 425: Distributed Systems Fall 2011 1 Material drived from slides by I. Gupta and N.Vaidya.

Byzantine Fault Tolerance CS 425: Distributed Systems Fall Material drived from slides by I. Gupta and N.Vaidya.
Fault Tolerance via the State Machine Replication Approach Favian Contreras.

Fault Tolerance via the State Machine Replication Approach Favian Contreras.
Low-Overhead Byzantine Fault-Tolerant Storage James Hendricks, Gregory R. Ganger Carnegie Mellon University Michael K. Reiter University of North Carolina.

Low-Overhead Byzantine Fault-Tolerant Storage James Hendricks, Gregory R. Ganger Carnegie Mellon University Michael K. Reiter University of North Carolina.
An Introduction to Consensus with Raft

An Introduction to Consensus with Raft
Practical Byzantine Fault Tolerance

Practical Byzantine Fault Tolerance
Practical Byzantine Fault Tolerance Jayesh V. Salvi

Practical Byzantine Fault Tolerance Jayesh V. Salvi
Byzantine fault-tolerance COMP 413 Fall 2002. Overview Models –Synchronous vs. asynchronous systems –Byzantine failure model Secure storage with self-certifying.

Byzantine fault-tolerance COMP 413 Fall Overview Models –Synchronous vs. asynchronous systems –Byzantine failure model Secure storage with self-certifying.
From Viewstamped Replication to BFT Barbara Liskov MIT CSAIL November 2007.

From Viewstamped Replication to BFT Barbara Liskov MIT CSAIL November 2007.
Presenters: Rezan Amiri Sahar Delroshan

Presenters: Rezan Amiri Sahar Delroshan
1 ZYZZYVA: SPECULATIVE BYZANTINE FAULT TOLERANCE R.Kotla, L. Alvisi, M. Dahlin, A. Clement and E. Wong U. T. Austin Best Paper Award at SOSP 2007.

1 ZYZZYVA: SPECULATIVE BYZANTINE FAULT TOLERANCE R.Kotla, L. Alvisi, M. Dahlin, A. Clement and E. Wong U. T. Austin Best Paper Award at SOSP 2007.

Similar presentations

Ads by Google