Stabilizing Trust and Reputation for Self-Stabilizing Efficient Hosts in Spite of Byzantine Guests (Extended Abstract)

Yagel, Reuven

doi:10.1007/978-3-540-76627-8_21

Cited by 1 publication

(1 citation statement)

References 43 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Most existing approaches [Anagnostou 1993;Arora and Kulkarni 1998a;Dolev and Herman 1995;Dolev and Yagel 2007;Dolev and Hoch 2007a;Malekpour 2006;1:4 A. Ebnenasir and S. S. Kulkarni Tsang and Magill 1994] for the design of multitolerant programs are based on a design-and-verification method, where algorithms that tolerate multiple classes of faults are designed first and then verified to ensure correctness. The verification task is often difficult and expensive as one must mechanically prove that (i) in the absence of faults, the multitolerant program satisfies its safety and liveness; (ii) in the presence of each individual class of faults the multitolerant program provides a required level of fault tolerance; (iii) each level of fault tolerance designed for tolerating a specific fault-class does not interfere with the normal functionalities in the absence of faults; and more importantly, (iv) the fault tolerance functionalities designed for each fault-class do not interfere with the functionalities designed for other levels of fault tolerance.…”

Section: Feasibility Of Stepwise Design Of Multitolerant Programs 1:3mentioning

confidence: 99%

Feasibility of Stepwise Design of Multitolerant Programs

Ebnenasir

Kulkarni

2011

ACM Trans. Softw. Eng. Methodol.

View full text Add to dashboard Cite

The complexity of designing programs that simultaneously tolerate multiple classes of faults, called multitolerant programs, is in part due to the conflicting nature of the fault tolerance requirements that must be met by a multitolerant program when different types of faults occur. To facilitate the design of multitolerant programs, we present sound and (deterministically) complete algorithms for stepwise design of two families of multitolerant programs in a high atomicity program model, where a process can read and write all program variables in an atomic step. We illustrate that if one needs to design failsafe (respectively, nonmasking) fault tolerance for one class of faults and masking fault tolerance for another class of faults, then a multitolerant program can be designed in separate polynomial-time (in the state space of the faultintolerant program) steps regardless of the order of addition. This result has a significant methodological implication in that designers need not be concerned about unknown fault tolerance requirements that may arise due to unanticipated types of faults. Further, we illustrate that if one needs to design failsafe fault tolerance for one class of faults and nonmasking fault tolerance for a different class of faults, then the resulting problem is NP-complete in program state space. This is a counterintuitive result in that designing failsafe and nonmasking fault tolerance for the same class of faults can be done in polynomial time. We also present sufficient conditions for polynomial-time design of failsafe-nonmasking multitolerance. Finally, we demonstrate the stepwise design of multitolerance for a stable disk storage system, a token ring network protocol and a repetitive agreement protocol that tolerates Byzantine and transient faults. Our automatic approach decreases the design time from days to a few hours for the token ring program that is our largest example with 200 million reachable states and 8 processes.

show abstract