Results 1  10
of
32
On Reliable Broadcast in a Radio Network
 PODC'05
, 2005
"... We consider the problem of reliable broadcast in an infinite grid (or finite toroidal) radio network under Byzantine and crashstop failures. We present bounds on the maximum number of failures that may occur in any given neighborhood without rendering reliable broadcast impossible. We improve on pr ..."
Abstract

Cited by 37 (9 self)
 Add to MetaCart
(Show Context)
We consider the problem of reliable broadcast in an infinite grid (or finite toroidal) radio network under Byzantine and crashstop failures. We present bounds on the maximum number of failures that may occur in any given neighborhood without rendering reliable broadcast impossible. We improve on previously proved bounds for the number of tolerable Byzantine faults [6]. Our results indicate that it is possible to achieve reliable broadcast if slightly less than onefourth fraction of nodes in any neighborhood are faulty, and impossible otherwise. We also show that reliable broadcast is achievable with crashstop failures if slightly less than half the nodes in any given neighborhood may be faulty. In particular, we establish exact thresholds under a specific distance metric.
Tolerating corrupted communication
, 2007
"... Consensus encalpsulates the inherent problems of building fault tolerant distributed systems. In this context, the classic model of Byzantine faulty processes can be restated such that messages from a subset of processes can be arbitrarily corrupted (including addition and omission of messages). We ..."
Abstract

Cited by 15 (8 self)
 Add to MetaCart
Consensus encalpsulates the inherent problems of building fault tolerant distributed systems. In this context, the classic model of Byzantine faulty processes can be restated such that messages from a subset of processes can be arbitrarily corrupted (including addition and omission of messages). We consider the case of dynamic and transient faults, that may affect all processes and that are not permanent, and we model them via corrupted communication. For corrupted communication it is natural to distinguish between the safety of communication, which is concerned with the number of altered messages, and the liveness of communication, which restricts message loss. We present two consensus algorithms, together with sufficient conditions on the system to ensure correctness. Our first algorithm needs strong conditions on safety but requires weak conditions on liveness in order to terminate. Our second algorithm tolerates a lower degree of communication safety at the price of stronger liveness conditions. Our algorithms allow us to circumvent the resilience lower bounds from Santoro/Widmayer and Martin/Alvisi.
Consensus and mutual exclusion in a multiple access channel
 IEEE Transactions on Parallel and Distributed Systems
"... Abstract. We consider deterministic feasibility and time complexity of two fundamental tasks in distributed computing: consensus and mutual exclusion. Processes have different labels and communicate through a multiple access channel. The adversary wakes up some processes in possibly different rounds ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We consider deterministic feasibility and time complexity of two fundamental tasks in distributed computing: consensus and mutual exclusion. Processes have different labels and communicate through a multiple access channel. The adversary wakes up some processes in possibly different rounds. In any round every awake process either listens or transmits. The message of a process i is heard by all other awake processes, if i is the only process to transmit in a given round. If more than one process transmits simultaneously, there is a collision and no message is heard. We consider three characteristics that may or may not exist in the channel: collision detection (listening processes can distinguish collision from silence), the availablity of a global clock showing the round number, and the knowledge of the number n of all processes. If none of the above three characteristics is available in the channel, we prove that consensus and mutual exclusion are infeasible; if at least one of them is available, both tasks are feasible and we study their time complexity. Collision detection is shown to cause an exponential gap in complexity: if it is available, both tasks can be performed in time logarithmic in n, which is optimal, and without collision detection both tasks require linear time. We then investigate both consensus and mutual exclusion in the absence of collision detection, but under alternative presence of the two other features. With global clock, we give an algorithm whose time complexity linearly depends on n and on the wakeup time, and an algorithm whose complexity does not depend on the wakeup time and differs from the linear lower bound only by a factor O(log 2 n). If n is known, we also show an algorithm whose complexity differs from the linear lower bound only by a factor O(log 2 n).
Efficient Model Checking of FaultTolerant Distributed Protocols
"... Abstract—To aid the formal verification of faulttolerant distributed protocols, we propose an approach that significantly reduces the costs of their model checking. These protocols often specify atomic, processlocal events that consume a set of messages, change the state of a process, and send zer ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
(Show Context)
Abstract—To aid the formal verification of faulttolerant distributed protocols, we propose an approach that significantly reduces the costs of their model checking. These protocols often specify atomic, processlocal events that consume a set of messages, change the state of a process, and send zero or more messages. We call such events quorum transitions and leverage them to optimize state exploration in two ways. First, we generate fewer states compared to models where quorum transitions are expressed by singlemessage transitions. Second, we refine transitions into a set of equivalent, finergrained transitions that allow partialorder algorithms to achieve better reduction. We implement the MPBasset model checker, which supports refined quorum transitions. We model check protocols representing core primitives of deployed reliable distributed systems, namely: Paxos consensus, regular storage, and Byzantinetolerant multicast. We achieve up to 92 % memory and 85 % time reduction compared to model checking with standard unrefined singlemessage transitions. I.
Global Computing in a Dynamic Network of Tuple Spaces
, 2007
"... We present tKlaim (Topological Klaim), a process description language that retains the main features of Klaim (process distribution and mobility, remote and asynchronous communication through distributed data spaces), but extends it with new constructs to flexibly model the interconnection structure ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
We present tKlaim (Topological Klaim), a process description language that retains the main features of Klaim (process distribution and mobility, remote and asynchronous communication through distributed data spaces), but extends it with new constructs to flexibly model the interconnection structure underlying a network and its evolution in time. We show how tKlaim can be used to model a number of interesting distributed applications and how systems correctness can be guaranteed, also in the presence of failures, by exploiting observational equivalences to study the relationships between descriptions of systems at different levels of abstraction.
Necessary and sufficient conditions for deterministic desynchronization
 In Proceedings EMSOFT’07
, 2007
"... Synchronous reactive formalisms associate concurrent behaviors to precise schedules on global clock(s). This allows a nonambiguous notion of ”absent ” signal, which can be reacted upon. But in desynchronized (possibly distributed) implementations, absent values must be explicitely exchanged, unless ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
(Show Context)
Synchronous reactive formalisms associate concurrent behaviors to precise schedules on global clock(s). This allows a nonambiguous notion of ”absent ” signal, which can be reacted upon. But in desynchronized (possibly distributed) implementations, absent values must be explicitely exchanged, unless behaviors were already provably independent and asynchronous (a property formerly introduced as endochrony). We provide further criteria restricting ”reaction to absence ” to allow correct desynchronized implementation. We also show that these criteria not only depend on the desired correctness properties, but also on the desired structure of the implementation.
On kset Consensus Problems in Asynchronous Systems
, 1999
"... In this paper we investigate the kset consensus problem in asynchronous, messagepassing distributed systems. In this problem, each participating process begins the protocol with an input value and by the end of the protocol must decide on one value so that at most k different values are decided by ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
In this paper we investigate the kset consensus problem in asynchronous, messagepassing distributed systems. In this problem, each participating process begins the protocol with an input value and by the end of the protocol must decide on one value so that at most k different values are decided by all correct processes. We extend previous work by exploring several variations of the problem definition and model, including for the first time investigation of Byzantine failures. We show that the precise definition of the validity requirement, which characterizes what decision values are allowed as a function of the input values and whether failures occur, is crucial to the solvability of the problem. For example, we show that allowing default decisions in case of failures makes the problem solvable for most values of k despite a minority of failures, even for the most severe type of failures (Byzantine). We introduce six validity conditions for this problem (all considered in various contexts in the literature), and demarcate the line between possible and impossible for each case. In many cases this line is different from the one of the originally studied kset consensus problem.
M.: Timed quorum system for largescale dynamic environments
, 2007
"... Abstract. This paper presents Timed Quorum System (TQS), a quorum system for largescale and dynamic systems. TQS provides guarantees that two quorums, accessed at instances of time that are close together, intersect with high probability. We present an algorithm that implements TQS at its core and ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
(Show Context)
Abstract. This paper presents Timed Quorum System (TQS), a quorum system for largescale and dynamic systems. TQS provides guarantees that two quorums, accessed at instances of time that are close together, intersect with high probability. We present an algorithm that implements TQS at its core and that provides operations that respect atomicity with high probability. This TQS implementation has quorums of size O ( √ nD) and expected access time of O(log √ nD) message delays, where n measures the size of the system and D is a required parameter to handle dynamism. This algorithm is shown to have complexity sublinear in size and dynamism of the system, and hence to be scalable. It is also shown that for systems where operations are frequent enough, the system achieves the lower bound on quorum size for probabilistic quorums in static systems, and it is thus optimal in that sense.