ZHENG Lan,CHEN Qi

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.07.058

2005-01-01

Abstract:With the rapid growth of internet and enterprises on a global scale, the use of directories as accessible repositories providesa flexible and various solution for gathering, storage and accessing information. The design and implementation of an unified accesscontrol system supporting single-sign-on areintrodueed, whichis based on LDAPdirectory and combines access controls ofall applicationsystems to realize security access system of unified users management. The system used middleware technology to efficiently resolvethe bottleneck problem when a lot of users accesed LDAP database.

Karame Ghassan,Li Wenting,Liu Jian,Asokan Nadarajah

2020-01-01

Abstract:A method for byzantine fault-tolerance replicating of data on a plurality of n servers includes performing a preprocessing procedure. The n servers include one primary node (PN) and n−1 backup nodes (BN), wherein f servers may arbitrarily fail, and wherein all n servers have a trusted computing entity (TCE). The preprocessing procedure is performed by the TCE of the PN and includes computing a random secret value for a unique, monotonic, sequential counter (UMSC) to be assigned with a request message for requesting an operation to be performed, computing a commitment for the random secret value and the UMSC, and splitting the random secret value into a plurality of shares. The preprocessing procedure further includes computing a server-specific authenticated encryption of each share, and providing the computed server-specific shares and the computed commitment to the respective servers.

Tian Qin,Jian Liu,Peng Gao

2020-01-01

Abstract:In this work, we propose Leaderless Byzantine Fault Tolerance (LBFT), a novel consensus algorithm that combines Snowball algorithm and Practical Byzantine Fault Tolerance (pBFT) algorithm, two existing consensus algorithms. Achieving consensus in decentralized systems has been dicult as they lack certain properties that many algorithms assume. Our approach looks to take advantage of the decentralized aspect of Snowball and the deterministic property of pBFT so that the weaknesses of Snowball’s probabilistic property and pBFT’s reliance on "leader" are eliminated. The algorithm we propose is applicable to decentralized systems such as blockchain systems even though Snowball and pBFT both make stronger assumptions than decentralized systems allow. By simulating real-world environments and comparing with pBFT performances, we show that LBFT is feasible in the context of real-world decentralized systems and has sucient performances that are close to those of pBFT.

Xiu-Qun Wang,Yue-Ting Zhuang,Hong-Lun Hou

DOI: https://doi.org/10.1109/icmlc.2006.258998

2006-01-01

Abstract:Fault tolerance is a challenge problem in reliable distributed system. In grid, detecting and correcting fault techniques is used in fault tolerance of MDS system. These techniques are limited in dealing with the benign faults on servers and the Internet. But they will not work when malicious faults on servers or software errors occur. In this paper, a secure aware MDS system, which can tolerate malicious faults occurred on servers, is proposed. By using a new Byzantine-fault-tolerant algorithm, the proposed MDS system guarantees safety and liveness properties under the condition that no more than f replicas are faulty if it consists of 3f+1 tightly coupled servers, and it maintains the seamless interfaces to application programs as the usual formal MDS system does

Bo Ji,Jinfang Zhou,Liping Qian,Kangsheng Chen

DOI: https://doi.org/10.1049/cp:20061561

2006-01-01

Abstract:The goal of Linux Virtual Server (LVS) is to provide a basic framework to build highly available and scalable network services such as Radius authentication and accounting in our implementation. Scalability is achieved by transparently inserting or removing a node in the cluster, and high availability is supported by detecting node or daemon failures and reconfiguring the system appropriately. This article, rather than proposing a new cluster technique, illustrates the basic concept of LVS, an implementation of LVS-based highly-available Radius server, and the performance testing and analysis of the whole system by a testing software named testrad developed by us. Through the benchmarks, we can conclude that the performance of the system can linearly increase along with the increasing number of the real servers before the director gets fully-loaded. Thus, it can provide high availability and scalability for network services.

Wang Lijun,Xie Li

DOI: https://doi.org/10.3969/j.issn.1000-386X.2011.06.039

2011-01-01

Abstract:In order to make system data high available in conditions of common hardware and network,in the paper we design a fault-tolerant mechanism which is composed of two loosely-coupled modules.The mechanism has an effective consensus algorithm called Paxos as its core.The paper describes the architecture of the mechanism,the modules,the implementation of the log layer,and the redundancy mechanism of the data layer.The paper describes the faults that the mechanism can deal with.Experimental results show that the system is reliable and has good performance.

L Zhao,X Ke,MW Xu,LZ Fu,JP Wu

DOI: https://doi.org/10.1109/iccnmc.2003.1243062

2003-01-01

Abstract:With the rapid development of Internet, the need of high availability of data services on Internet becomes more urgent. But as one of the most useful protocol on Internet, TCP protocol software can not solve the high availability due to the failure of hardware or software on Server/Client. In this paper, we propose a new method that can implement fault tolerance TCP to improve the high availability of data transmission. First, we analyze some existing methods of fault tolerant TCP; Then based on the characteristic of present server architecture, we put forward our new method of fault tolerant TCP. At last, we describe in detail how to implement and test our method Experimental results show that our fault-tolerant TCP can offer high available and high effective communication support for reliable data service on Internet.

ZHAO Xiu-wen,LUO Ping,CHEN Qiang,ZHANG Ning

2006-01-01

Abstract:How to provide stronger and more flexible security protections for file systems is one important part of secure file systems research.Based LDAP and SSH protocol,the distributed secure file system is designed.The model,principle and security analysis of distributed secure file system are introduced.

Sisi Duan,Karl Levitt,Hein Meling,Sean Peisert,Haibin Zhang

DOI: https://doi.org/10.1109/srds.2014.28

2014-01-01

Abstract:Building robust network services that can withstand a wide range of failure types is a fundamental problem in distributed systems. The most general approach, called Byzantine fault tolerance, can mask arbitrary failures. Yet it is often considered too costly to deploy in practice, and many solutions are not resilient to performance attacks. To address this concern we leverage two key technologies already widely deployed in cloud computing infrastructures: replicated state machines and intrusion detection systems. First, we have designed a general framework for constructing Byzantine failure detectors based on an intrusion detection system. Based on such a failure detector, we have designed and built a practical Byzantine fault-tolerant protocol, which has costs comparable to crash-resilient protocols like Paxos. More importantly, our protocol is particularly robust against several key attacks such as flooding attacks, timing attacks, and fairness attacks, that are typically not handled well by Byzantine fault masking procedures.

Miguel Castro,Barbara Liskov

DOI: https://doi.org/10.1145/571637.571640

2002-11-01

ACM Transactions on Computer Systems

Abstract:Our growing reliance on online services accessible on the Internet demands highly available systems that provide correct service without interruptions. Software bugs, operator mistakes, and malicious attacks are a major cause of service interruptions and they can cause arbitrary behavior, that is, Byzantine faults. This article describes a new replication algorithm, BFT, that can be used to build highly available systems that tolerate Byzantine faults. BFT can be used in practice to implement real services: it performs well, it is safe in asynchronous environments such as the Internet, it incorporates mechanisms to defend against Byzantine-faulty clients, and it recovers replicas proactively. The recovery mechanism allows the algorithm to tolerate any number of faults over the lifetime of the system provided fewer than 1/3 of the replicas become faulty within a small window of vulnerability. BFT has been implemented as a generic program library with a simple interface. We used the library to implement the first Byzantine-fault-tolerant NFS file system, BFS. The BFT library and BFS perform well because the library incorporates several important optimizations, the most important of which is the use of symmetric cryptography to authenticate messages. The performance results show that BFS performs 2% faster to 24% slower than production implementations of the NFS protocol that are not replicated. This supports our claim that the BFT library can be used to build practical systems that tolerate Byzantine faults.

computer science, theory & methods

Hao Fu,Ming Cai,Wenmin Zhu,Zhongdong Huang,Jinxiang Dong

DOI: https://doi.org/10.1109/CSCWD.2007.4281405

2007-01-01

Abstract:Hybrid P2P technique recently has become more and more popular for collaborative systems. However, reliability is issue of major importance in the server end of these systems. TMR technique for Collaborative System (CS-TMR) is presented in this paper to improve the server reliability. This software schema incorporates three homogeneous microcomputers and provides the fault-tolerant function through package interfaces to server applications. As it is COS-based, the method is more general-purpose, and programmers need not pay too much attention to the fault tolerance technology in detail. This method helps the collaborative server work in normal and degraded (duple or even single modular) modes, and can tolerate transient or permanent faults. Meanwhile, due to the importance of the server in hybrid P2P server, server application upgrade is impossible without server stop. A novel seamless software upgrade method is brought forward through the intelligent state-transition-control in CS-TMR package to reduce the cost of software upgrade.

Fangyuan Zhao,Yuexiang Xie,Xuebin Ren,Bolin Ding,Shusen Yang,Yaliang Li

2024-08-12

Abstract:Federated learning (FL) becomes vulnerable to Byzantine attacks where some of participators tend to damage the utility or discourage the convergence of the learned model via sending their malicious model updates. Previous works propose to apply robust rules to aggregate updates from participators against different types of Byzantine attacks, while at the same time, attackers can further design advanced Byzantine attack algorithms targeting specific aggregation rule when it is known. In practice, FL systems can involve a black-box server that makes the adopted aggregation rule inaccessible to participants, which can naturally defend or weaken some Byzantine attacks. In this paper, we provide an in-depth understanding on the Byzantine robustness of the FL system with a black-box server. Our investigation demonstrates the improved Byzantine robustness of a black-box server employing a dynamic defense strategy. We provide both empirical evidence and theoretical analysis to reveal that the black-box server can mitigate the worst-case attack impact from a maximum level to an expectation level, which is attributed to the inherent inaccessibility and randomness offered by a black-box server.The source code is available at <a class="link-external link-https" href="https://github.com/alibaba/FederatedScope/tree/Byzantine_attack_defense" rel="external noopener nofollow">this https URL</a> to promote further research in the community.

Cryptography and Security,Artificial Intelligence

Yuxia Cheng,Xinjie Yu,Wenzhi Chen,Rui Chang,Yang Xiang

DOI: https://doi.org/10.1007/s10586-017-0840-5

2017-01-01

Cluster Computing

Abstract:The fault-tolerance property in most cloud storage systems are designed within the scale of a single datacenter. The single datacenter as a whole may be unreachable or crashed due to severe problems, such as broken network links, power supply interruptions, and natural disasters, etc. Therefore, the design of an effective cross-datacenter fault-tolerant storage system is important to protect data security in the cloud. However, building a cross-datacenter fault-tolerant system faces great challenges, such as high latency, low throughput, high costs of bandwidth resources between datacenters. In this paper, we propose a practical cross-datacenter fault-tolerant (CDFT) algorithm in the cloud storage system. Our fault-tolerant algorithm design considers the difficult tradeoffs among fault tolerance, latency, throughput, network and storage costs. We propose the Domain Fault Codes (DFC) and the topology-aware scheduling techniques, which can tolerate the whole datacenter breakdown. We implemented the DFC-CDFT algorithm in a prototype cloud storage system. The experimental results showed that the proposed DFC-CDFT algorithm can effectively recover data blocks from the single datacenter failure while achieves low storage and bandwidth costs.

Ruichuan Chen,Wenjia Guo,Liyong Tang,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1007/978-3-540-85451-7_64

2008-01-01

Abstract:Peer-to-Peer (P2P) communication model has the potential to harness huge amounts of resources. However, due to the self-organizing and self-maintaining nature, current P2P networks suffer from various kinds of attacks. Public key authentication can provide a fundamental building block for P2P communication security. In this paper, we propose a scalable Byzantine fault tolerant public key authentication scheme for P2P networks, in which each participating peer dynamically maintains a trusted group to perform distributed challenge-response authentication without centralized infrastructure. To guarantee the authentication correctness, we additionally present a complementary trusted group maintenance scheme. The experimental results demonstrate that our authentication scheme can work in various different P2P scenarios effectively and efficiently.

Benedikt Höfling,Hans P. Reiser

DOI: https://doi.org/10.48550/arXiv.1204.2536

2012-04-11

Cryptography and Security

Abstract:Several research projects have shown that Byzantine fault tolerance (BFT) is practical today in terms of performance. Deficiencies in other aspects might still be an obstacle to a more wide-spread deployment in real-world applications. One of these aspects is an over-all security architecture beyond the low-level protocol. This paper proposes the security architecture SecureSMART, which provides dynamic key distribution, internal and external integrity and confidentiality measures, as well as mechanisms for availability and access control. For this purpose, it implements security mechanism among clients, nodes and an external trust center.

li qilin,chen yu,zhou mingtian,wu yue

DOI: https://doi.org/10.1109/ICAPP.2002.1173609

2002-01-01

Abstract:The new generation of complex mission-criticalsystems (such as air traffic control systems, securitymonitoring systems and real time systems) is inherentlydistributed and operates in highly dynamic environments.Fault tolerance is a main means of assurance of systemreliability. Single fault tolerance policy can not satisfy thedynamic changes of these systems, so their fault tolerancemechanism should provide more intelligence to adaptthem to be in response to the changes in system resource,application demands and user requirements and improveresource utilization. This paper presents a CORBA-basedarchitecture called AFTLSDS for adaptive fault tolerancein distributed systems and its design can satisfy therequirement of new generation complex mission-criticalsystems. We put emphasis on its component and designpolicy. Finally we give prototype implementation of thisarchitecture and conclusion.

Jianping Wu

1999-01-01

Journal of Software

Abstract:Network accounting management is the important management function of commercialized computer network. With the commercialization of Internet and the occurrence of lots of Intranets, it's urgent to develop network accounting management system. A principal requirement of such systems is efficiency and reliability. A faulttolerant accounting system based on RPC (remote procedure call) mechanismFTCharge(faulttolerant charge) is proposed in this paper. After the brief discussion of the accounting principle, the design of the architecture and the faulttolerance mechanism of FTCharge system are discussed.

Kaiping Xue,Peilin Hong,Changsha Ma

DOI: https://doi.org/10.1016/j.jcss.2013.07.004

IF: 1.043

2014-02-01

Journal of Computer and System Sciences

Abstract:Traditional password based authentication schemes are mostly considered in single-server environments. They are unfit for the multi-server environments from two aspects. Recently, base on Sood et al.ʼs protocol (2011), Li et al. proposed an improved dynamic identity based authentication and key agreement protocol for multi-server architecture (2012). Li et al. claim that the proposed scheme can make up the security weaknesses of Sood et al.ʼs protocol. Unfortunately, our further research shows that Li et al.ʼs protocol contains several drawbacks and cannot resist some types of known attacks. In this paper, we further propose a lightweight dynamic pseudonym identity based authentication and key agreement protocol for multi-server architecture. In our scheme, service providing servers donʼt need to maintain verification tables for users. The proposed protocol provides not only the declared security features in Li et al.ʼs paper, but also some other security features, such as traceability and identity protection.

computer science, theory & methods, hardware & architecture

Xujiang Luo,Bin Tang

DOI: https://doi.org/10.3390/electronics13081540

IF: 2.9

2024-04-19

Electronics

Abstract:Federated learning (FL) is a highly promising collaborative machine learning method that preserves privacy by enabling model training on client nodes (e.g., mobile phones, Internet-of-Things devices) without sharing raw data. However, FL is vulnerable to Byzantine nodes, which can disrupt model performance, render training ineffective, or even manipulate the model by transmitting harmful gradients. In this paper, we propose a Byzantine fault-tolerant FL algorithm called federated learning with trustworthy data and historical information (FLTH). It utilizes a small trusted training dataset at the parameter server to filter out gradient updates from suspicious client nodes during model training, which provides both Byzantine resilience and convergence guarantee. It further introduces a historical information-based credibility assessment scheme such that the client nodes performing poorly over the long-term have a lower impact on the aggregation of gradients, thereby enhancing fault tolerance capability. Additionally, FLTH does not compromise the training efficiency of FL because of its low time complexity. Extensive simulation results show that FLTH achieves higher model accuracy compared to state-of-the-art methods under typical kinds of attack.

engineering, electrical & electronic,computer science, information systems,physics, applied

Zongpu Jia,Guowei Wang

DOI: https://doi.org/10.1007/978-3-642-40633-1-18

2014-01-01

Abstract:To resolve the problems about identity authentication of heterogeneous application systems that emerged in the procedure of data integration. This paper presents a solution of unified identity authentication based on Light Directory Access Protocol (LDAP). By using a method of double sign on an interface calling the solution can separately realize unified identity authentication in developed application systems and new systems. Then the paper design a reasonable structure Directory Information Tree (DIT) based on Role-Based Access Control (RBAC) model that consists of organization, user, role, and permission entries to realize permissions distributing and access control. ? Springer-Verlag Berlin Heidelberg 2014.