Rigorous Design Of Fault Resistant Token

Published Date: 02 Nov 2017

Distributed system, consists of several computers that do not share memory or clock. The computers communicate each other my message passing over a connected network, there is no shared memory each computer has its own memory and its own operating system.

In distributed computing [1], for higher availability and reliability system maintains replicated data. Each site maintains a data manager process for maintaining the replica at site. It may be possible that some process at some site send the update message to all other sites and got failed. The following possibilities can be occur [2]:

A data manager receives the update and then learns of the failure of process.

A data manager learns of the failure of process before receiving the update.

A data manager neither receives the update nor learns of process’s failure.

Under these circumstances, if a system must be fault- tolerant (i.e., behave in a certain way or mask failure), it is necessary that all data managers behave identically. To ensure this, all the data managers are required to have an identical view of the events occurring in the system. Under normal operating conditions, it is necessary that all the data managers carry out the updates in same order to prevent inconsistencies among the replicas. All the data managers in the system can have an identical view if the following conditions are met.

The messages received at them are identically ordered (the identical ordering helps to process messages in the same order at all data managers.).

Each message is either received at every data manager or at none of them(i.e., atomic broadcast)

Atomic Broadcast

The Total order broadcast [3] and multicast (also called atomic broadcast or atomic multicast) is an important problem in distributed systems, especially with respect to fault-tolerance. In short, the primitive ensures that messages sent to a set of processes are delivered by all these processes in the same total order.

/*The total order broadcast is a very fundamental communication primitive that plays a central role in software based high availability to a wide range of services. */

A lot of literature on total order broadcast can be found in [3].The comparison among different total order algorithms shows that RAMPART [4] is a fixed sequencer algorithm which is fault tolerant (specially Byzantine failure). Since RAMPART is based on fixed sequencer hence it has inherent problem as:

One process is dedicated for sequencing and broadcasting.

Performance degradation at high load (only one process, i.e., sequencer is responsible to form the sequence and broadcast the messages).

In this thesis, we are going to develop a model of total order which is based on moving sequencer and can tolerate the failures (Byzantine nature of Sequencer).

Since, The role of sequencer to be transferred between several processes, Hence it will distribute the load among them and thus avoiding the bottleneck caused by a single process [3, 5, 6].

Research Problem

Need for the present investigation

Today the distributed transaction is very complex due to their underlying mechanism. The processes are distributed and they may be engaged with very critical jobs. Due to any failure in these systems may lead to financial losses in addition to the potential loss of trust of customers. We want to provide a failure tolerant environment, for this, we have proposed a model of total order based on moving sequencer which will tolerate the failure.

Details of proposed implementation

In this Work, we present a refinement approach using Event-B to develop models of distributed system that constructs a total order based on moving sequencer and handles failure. Event-B is a formal method that provides a complete framework for the development of the models of distributed system. This technique consists of describing rigorously the problem in an abstract model, introducing solutions or design details in the refinement steps to obtain more concrete specifications.

In this work , we have proposed UB variant of fixed sequencer broadcast (Since most of algorithms of moving sequencer are given in BB variant [3,5,6]and BB generates more messages in system[3])which will generate less messages in comparison to BB and since sequencer is not fixed hence load will also distributed.

Benefits

Assumptions:

The system is asynchronous(no time constraint is there on messages)

Finite set of non faulty Processes.

Sequencer process can be faulty.

Processes communicate by message passing in a reliable network (i.e. no message loss in channels).

Message content is not altered.

UB (Unicast Broadcast) variant of fixed sequencer is used.

Significance of research work

The key theme of this work is to provide a failure free broadcast environment. Since there is not a single process is fixed for sequencing and broadcasting hence load will distributed among the processes. Moving sequencer based total order can be develop in any variant of broadcast like UB (Unicast Broadcast), BB (Broadcast Broadcast) or UUB (Unicast Unicast Broadcast) but after a lot of surveys on moving sequencer algorithms [3] it is found that most of them are based on BB variant of fixed Sequencer. However BB variant generates more messages in the system but it reduces the load on a sequencer. Hence, we have proposed, Moving sequencer based total order which is UB based hence it will generate less messages and since sequencer is moving hence load distribution is also there.

Literature Survey

[3] Gives a sufficient literature on total order broadcast. But it is very difficult to compare all the algorithms due to their own assumptions and properties, objectives and other important aspects.

In distributed systems there are three agreement problems [1]:The byzantine agreement problem, the consensus problem and the interactive consistency problem. In byzantine agreement problem, any process can propose a value and all non faulty processes have to agree on that value. [7] Gives a literature to solve byzantine agreement problem.

In consensus agreement problem every process has its own initial value and all non faulty processes must agree on a single common value. In the interactive consistency problem, every processor has its own initial value and every non faulty process must agree on a set of common values. [8] Gives a concept to construct total order and identification of faulty sequencer in moving sequencer based reliable multicast. But this paper can be criticized on many aspects.

1. The refinement machine where malicious sequencer is introduced should not work.

2.

[9] Gives an easy concept of total order broadcast in presence of network partitioning and site failure. But as the abstract says failure of any site is not handled here (in abstract of this paper, it has been proposed to give an algorithm which will construct total order in presence of network partitioning and site failure.)this paper has two more drawbacks :

1. if any sequencer leaves the master group then it need to inform the sequencer (not given in assumption),but the question is that if any site became malicious or faulty then why it will inform to sequencer before it’s any faulty behavior.

2. It does not satisfy the liveness property of total order.

[10] Gives an insight to maintain causal ordering on messages in mobile systems, which also motivates us to introduce the total ordering in mobile systems.

The moving sequencer is classified as token based ordering mechanism [3], where sequencer will responsible for broadcast and maintain the order of messages. According to [15], token based algorithms are more efficient in terms of throughput (it avoids the acknowledgement which occurs after receiving of each message and only token holder can broadcast and arrange the order).

If we consider an asynchronous system with crash failure then two mechanisms to tolerate failure in atomic broadcast are: unreliable failure detector [11] and group membership [13]. The atomic broadcast algorithm in [14] uses group membership mechanism.

T.D Chandra and Sam Toueg [11] have introduced unreliable failure detectors in order to solve consensus in asynchronous systems with crash failure. It gives eight classes of failure detector which can be further reduced into four. One can check one’s application with these failure detectors, which one better suit.

In continuation to [11], [12] describes a first token based atomic broadcast algorithm which relies on unreliable failure detector (all the previously given token based algorithms relies on group membership rather than unreliable failure detector) and introduces a new class of failure detector "R". But this discussion is also limited to crash failure.

Event-B [16] is a formal method that provides a complete framework for the development of the models of distributed system. This technique consists of describing rigorously the problem in an abstract model, introducing solutions or design details in refinement steps to obtain more concrete

specifications, and verifying that proposed solutions are correct. This formal technique consists of the following steps:

1. Rigorous abstract description of the problem

2. Introduce solutions or design details in refinement steps to obtain more concrete specifications.

3.Verifying that the proposed solutions are valid.

Objectives

The primary objective of proposed research work is Rigorous design of Fault Resistant Token Based Atomic Broadcast (FRTB_ABCAST).

The Moving sequencer and privilege based mechanism are example of token based atomic broadcast [3]. Here I have proposed, to develop a model for Moving sequencer which will able to identify and tolerate the failures. In case of fixed sequencer atomic broadcast RAMPART [4] is only toolkit which gives a fault tolerant solution (for all type of faults) but [3] and latest researches [12] shows that there is no algorithm which solves all the faults(Crash, Omission and Byzantine) in moving sequencer atomic broadcast. Since Sequencer has a great responsibility to arrange and broadcast the messages hence, malicious nature of sequencers leads to collapse whole system which in result a lot of financial losses and also loss of trust of customer.

This work, presents the first token based solution which tolerates the failure(crash, Omission and Byzantine) of sequencer and give correct order of messages.

The proposed work has following subsidiary objectives:

To develop and verify an abstract model of moving sequencer reliable broadcast.

To develop a refinement of above developed model to identify the failure of sequencer.

To develop a refinement model to tolerate the failure of Sequencer

Verify the model.

Methodology

The methodology of implementing the proposed work is divided into the following steps:

Planning: During this step the concept of different atomic broadcast techniques will be studied. [3] Gives a wide range of literature to understand all the classes of Atomic broadcast.

Exploring: In this step, the limitations of different reliable broadcast algorithm will be studied, which will give an insight for this work. [3] Gives a sufficient comparison of different atomic broadcast algorithms. Furthermore [8, 9, 12] has also limitations which (already quoted at literature survey) which motivates for this work.

Model Development: In this step, an abstract model for moving sequencer reliable broadcast will developed.

Abstract Model verification: In this step, The abstract model will be verified for its properties.

Refinement: In this step, the refinement of abstract model will be developed.

Refined Model verification: this step, the refined model will be verified for its properties.

Documentation: During this step, documentation will be done in form of thesis. The documentation will comprise of all the various chapters, related works, methodologies followed, developed abstract and refinement models, verification reports and references.

Time Schedule