The CoBFIT Toolkit PODC-2007, Portland, Oregon, USA August 14, 2007 HariGovind Ramasamy IBM Zurich Research Laboratory Mouna Seri and William H. Sanders.

The CoBFIT Toolkit

PODC-2007, Portland, Oregon, USAAugust 14, 2007

HariGovind RamasamyIBM Zurich Research Laboratory

Mouna Seri and William H. SandersPERFORM Research Group

University of Illinois at Urbana-Champaign

Overview

• Component-based framework for Intrusion Tolerance

• Software toolkit built by PERFORM research group at Illinois

• Includes a protocol suite for efficient replication with dynamic groups

– Asynchronous system model– Byzantine fault tolerant (BFT)– Evaluated on LAN and WAN (Planetlab) settings

• Implemented in C++ – using the ACE object-oriented network programming

framework

• To be released under open-source license

CoBFIT Components

Framework Components Protocol Components

Reusable foundation for implementing & testing distributed fault-tolerant protocols [Euromicro 2004]• Event handling • Network communication• Management of protocol components

– protocol component hierarchy– direct dispatching of messages

• Cryptographic primitives – using Gutmann’s Cryptlib

Implement various asynchronous Byzantine-fault-tolerant protocols• Consistent, Reliable, & Atomic Broadcast• Binary & Multi-valued Byz. Agreement• Replication Protocols

– APE or Async. Parsimonious Execution [IEEE-TDSC 2007]– PABC or Parsimonious Async. Atomic Broadcast [OPODIS 2005, SRDS 2007]– Interfaces with client- & server-side applications

• Group Management [Ramasamy05]– Group Membership Agreement– Group Reconfiguration Manager– Policy-based Admission control – Policy-based Failure Detection – Variants of APE and PABC with dynamic groups, virtual synchrony guarantees

Distinguishing Features of the Protocol Suite

• Replication protocols are parsimonious– Achieve amortized optimal efficiency despite asynchrony – Metrics of interest

• message complexity of atomic broadcast (agreement)

• overall resource usage (execution)– Previous works were either asynchronous or optimally

efficient, but not both

• Replication protocols in asynchronous model with dynamic groups

– Previous works were either asynchronous or with dynamic groups, but not both

Vizir Graphical User Interface

• User-friendly interface implemented in Java using JGraph

• Central console for deployment and management of a group

– Define attributes of a server– Define connection topology of a server group– Specify/alter fault tolerance requirements

• Automatic instantiation of appropriate group size– Monitoring execution of group members– Controlled fault injections

Utility of CoBFIT

• Reduced development and testing time for new BFT protocols– Similar protocols that require a group abstraction can be

quickly implemented and tested by interfacing with CoBFIT components

• Protocols components are modules that can be used individually or as a building block for providing more complex properties

• Easy deployment, run-time monitoring, and management of distributed set of servers using Vizir GUI

Vizir GUI - Drawing Mode

• Save configuration onto an XML file

• Define node attributes• Define connection topology

Vizir GUI – Connected & Testing Mode

• test/deploy a preset protocol config. • monitor execution

• Load topology from XML file• Specify fault tolerance

Testing Individual Protocols

• Instantiate preset protocol configs. for testing• Change protocol parameters at run-time

• Monitor execution (log messages & status bar)

Asynchronous Dynamic Replication Group with Virtual Synchrony

Tower of Hanoi Appl.: Client sends disk-move requests; upon identical replies from a quorum makes actual moveReplicas can be added or removed, while group maintains state consistency

Contact Info

• HariGovind Ramasamy – [email protected]

• Mouna Seri– [email protected]

• William Sanders– [email protected]