Large-scale intrusion tolerant services over WANs

1. Large-scale intrusion tolerant services over WANs Florian Oprea, Michael K. Reiter, Carnegie Mellon University • Problem statement • Our goal: • build intrusion tolerant replicated service • good performance over WANs • Our approach: • intrusions are Byzantine faults • use Byzantine quorum systems • deploy on WANs • Performance measures: • average client response time • network congestion • Quorum systems • Quorum system: • collection of sets with nonempty intersection • Byzantine (b): • tolerate up to b failures • intersection size masks failures • Quorum placement: • mapping from quorum elements to nodes of network • Problem definition and results • (QPPD, QPPC) Given quorum system Q, access strategy p, network G with node and edge capacities, find placement f , so that: • average delay or congestion minimized • load(v) ≤ capacity(v) for all nodes v • Finding optimal placements for arbitrary quorums is NP-hard for both problems; for one case of QPPC, hard to approximate within any constant. • constant approximation algorithms for QPPD provided node capacities exceeded by a small factor: • (5a/(a-1), 2) for arbitrary quorum systems • (5, 1) for Majority and Grid [GMOR05] • two models for QPPC: multiple paths and single paths • polylog(size(G)) approximation algorithms for each model, provided exceed node capacities by a factor of 2 [GGMOR06] • Measures • Average delay over all clients: Avgclients(Expquorums(delay(client,quorum))) • Congestion: • Maxedges(rel. congestion(edge)) Preliminary experimental results 3 5 4 congestion = 3 delay = 5 [GMOR05] : A. Gupta, B. Maggs, F. Oprea, M. K Reiter. Quorum placement in networks to minimize access delays. PODC 2005. [GGMOR06] : D. Golovin, A. Gupta, B. Maggs, F. Oprea, M. K. Reiter. Quorum placement in networks: Minimizing network congestion. PODC 2006. April 27, 2006