Abstract
Byzantine fault-tolerant state-machine replication (BFT-SMR) is a technique for hardening systems to tolerate arbitrary faults. Although robust, BFT-SMR protocols are very costly in terms of the number of required replicas (3f+1 to tolerate f faults) and of exchanged messages. However, with "hybrid" architectures, where "normal" components trust some "special" components to provide properties in a trustworthy manner, the cost of using BFT can be dramatically reduced. Unfortunately, even though such hybridization techniques decrease the message/time/space complexity of BFT protocols, they also increase their structural complexity.
Therefore, we introduce Asphalion, the first theorem prover-based framework for verifying implementations of hybrid systems and protocols. It relies on three novel languages: (1) HyLoE: a Hybrid Logic of Events to reason about hybrid fault models; (2) MoC: a Monadic Component language to implement systems as collections of interacting hybrid components; and (3) LoCK: a sound Logic of events-based Calculus of Knowledge to reason about both homogeneous and hybrid systems at a high-level of abstraction (thereby allowing reusing proofs, and capturing the high-level logic of distributed systems). In addition, Asphalion supports compositional reasoning, e.g., through mechanisms to lift properties about trusted-trustworthy components, to the level of the distributed systems they are integrated in. As a case study, we have verified crucial safety properties (e.g., agreement) of several implementations of hybrid protocols.
Supplemental Material
- 2014. DSN 2014. IEEE. http://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp?punumber=6900116Google Scholar
- Ittai Abraham, Guy Gueta, Dahlia Malkhi, Lorenzo Alvisi, Ramakrishna Kotla, and Jean-Philippe Martin. 2017a. Revisiting Fast Practical Byzantine Fault Tolerance. CoRR abs/1712.01367 (2017). arXiv: 1712.01367 http://arxiv.org/abs/1712.01367Google Scholar
- Ittai Abraham, Dahlia Malkhi, Kartik Nayak, Ling Ren, and Alexander Spiegelman. 2017b. Solida: A Blockchain Protocol Based on Reconfigurable Byzantine Consensus, See [ Aspnes et al. 2018 ], 25:1–25:19. Google Scholar
Cross Ref
- Jean-Raymond Abrial. 2010. Modeling in Event-B - System and Software Engineering. Cambridge University Press. http: //www.cambridge.org/uk/catalogue/catalogue.asp?isbn=9780521895569Google Scholar
- Jean-Raymond Abrial, Michael J. Butler, Stefan Hallerstede, Thai Son Hoang, Farhad Mehta, and Laurent Voisin. 2010. Rodin: an open toolset for modelling and reasoning in Event-B. 12, 6 (2010), 447–466. Google Scholar
Cross Ref
- Gustavo Alonso, Ricardo Bianchini, and Marko Vukolic (Eds.). 2017. EUROSYS 2017. ACM. Google Scholar
Digital Library
- Abhishek Anand and Ross A. Knepper. 2015. ROSCoq: Robots Powered by Constructive Reals. In ITP-6 (LNCS), Christian Urban and Xingyuan Zhang (Eds.), Vol. 9236. Springer, 34–50. Google Scholar
Cross Ref
- James Aspnes, Alysson Bessani, Pascal Felber, and João Leitão (Eds.). 2018. OPODIS 2017. LIPIcs, Vol. 95. Schloss Dagstuhl -Leibniz-Zentrum fuer Informatik. http://www.dagstuhl.de/dagpub/978- 3- 95977- 061- 3Google Scholar
- Amotz Bar-Noy, Danny Dolev, Cynthia Dwork, and H. Raymond Strong. 1992. Shifting Gears: Changing Algorithms on the Fly to Expedite Byzantine Agreement. Inf. Comput. 97, 2 (1992), 205–233. Google Scholar
Digital Library
- Johannes Behl, Tobias Distler, and Rüdiger Kapitza. 2017. Hybrids on Steroids: SGX-Based High Performance BFT, See [ Alonso et al. 2017 ], 222–237. Google Scholar
Digital Library
- Ido Ben-Zvi. 2011. Causality, Knowledge and Coordinaltion in Distributed Systems. Ph.D. Dissertation. Technion – Computer Science Department.Google Scholar
- Ido Ben-Zvi and Yoram Moses. 2014. Beyond Lamport’s Happened-before: On Time Bounds and the Ordering of Events in Distributed Systems. J. ACM 61, 2 (2014), 13:1–13:26. Google Scholar
Digital Library
- Yves Bertot and Pierre Casteran. 2004. Interactive Theorem Proving and Program Development. SpringerVerlag. http: //www.labri.fr/perso/casteran/CoqArt .Google Scholar
Digital Library
- Alysson Neves Bessani, João Sousa, and Eduardo Adílio Pelinson Alchieri. 2014. State Machine Replication for the Masses with BFT-SMART, See [ DBL 2014 ], 355–362. Google Scholar
Digital Library
- Mark Bickford. 2009. Component Specification Using Event Classes. In CBSE 2009 (LNCS), Grace A. Lewis, Iman Poernomo, and Christine Hofmeister (Eds.), Vol. 5582. Springer, 140–155.Google Scholar
- Mark Bickford, Robert L. Constable, Joseph Y. Halpern, and Sabina Petride. 2004. Knowledge-Based Synthesis of Distributed Systems Using Event Structures. In LPAR 2004 (LNCS), Franz Baader and Andrei Voronkov (Eds.), Vol. 3452. Springer, 449–465. Google Scholar
Cross Ref
- Mark Bickford, Robert L. Constable, and Vincent Rahli. 2012. Logic of Events, a framework to reason about distributed systems. In Languages for Distributed Algorithms Workshop. http://www.nuprl.org/documents/Bickford/LOE- LADA2012.htmlGoogle Scholar
- Martin Biely, Josef Widder, Bernadette Charron-Bost, Antoine Gaillard, Martin Hutle, and André Schiper. 2007. Tolerating corrupted communication. In PODC 2007, Indranil Gupta and Roger Wattenhofer (Eds.). ACM, 244–253. Google Scholar
Digital Library
- William J. Bolosky, John R. Douceur, and Jon Howell. 2007. The Farsite project: a retrospective. Operating Systems Review 41, 2 (2007), 17–26. Google Scholar
Digital Library
- BPaxos 2018. Mechanically Checked Safety Proof of a Byzantine Paxos Algorithm. http://lamport.azurewebsites.net/tla/ byzpaxos.htmlGoogle Scholar
- Armando Castañeda, Yannai A. Gonczarowski, and Yoram Moses. 2014. Unbeatable Consensus. In Distributed Computing -28th International Symposium, DISC 2014, Austin, TX, USA, October 12-15, 2014. Proceedings (LNCS), Fabian Kuhn (Ed.), Vol. 8784. Springer, 91–106. Google Scholar
Cross Ref
- Armando Castañeda, Yannai A. Gonczarowski, and Yoram Moses. 2016. Unbeatable Set Consensus via Topological and Combinatorial Reasoning. In Proceedings of the 2016 ACM Symposium on Principles of Distributed Computing, PODC 2016, Chicago, IL, USA, July 25-28, 2016, George Giakkoupis (Ed.). ACM, 107–116. Google Scholar
Digital Library
- Miguel Castro. 2001. Practical Byzantine Fault Tolerance. Ph.D. MIT. Also as Technical Report MIT-LCS-TR-817.Google Scholar
- Miguel Castro and Barbara Liskov. 1999a. A Correctness Proof for a Practical Byzantine-Fault-Tolerant Replication Algorithm. Technical Memo MIT-LCS-TM-590. MIT.Google Scholar
- Miguel Castro and Barbara Liskov. 1999b. Practical Byzantine Fault Tolerance. In OSDI 1999, Margo I. Seltzer and Paul J. Leach (Eds.). USENIX Association, 173–186. Google Scholar
Cross Ref
- Saksham Chand, Yanhong A. Liu, and Scott D. Stoller. 2016. Formal Verification of Multi-Paxos for Distributed Consensus. In FM 2016 (LNCS), John S. Fitzgerald, Constance L. Heitmeyer, Stefania Gnesi, and Anna Philippou (Eds.), Vol. 9995. 119–136. Google Scholar
Cross Ref
- K. Mani Chandy and Leslie Lamport. 1985. Distributed Snapshots: Determining Global States of Distributed Systems. ACM Trans. Comput. Syst. 3, 1 (1985), 63–75. Google Scholar
Digital Library
- K. Mani Chandy and Jayadev Misra. 1986. How Processes Learn. Distributed Computing 1, 1 (1986), 40–52. Google Scholar
Digital Library
- Mouna Chaouch-Saad, Bernadette Charron-Bost, and Stephan Merz. 2009. A Reduction Theorem for the Verification of Round-Based Distributed Algorithms. In RP 2009 (LNCS), Olivier Bournez and Igor Potapov (Eds.), Vol. 5797. Springer, 93–106. Google Scholar
Digital Library
- Bernadette Charron-Bost, Henri Debrat, and Stephan Merz. 2011. Formal Verification of Consensus Algorithms Tolerating Malicious Faults. In SSS 2011 (LNCS), Xavier Défago, Franck Petit, and Vincent Villain (Eds.), Vol. 6976. Springer, 120–134. Google Scholar
Cross Ref
- Bernadette Charron-Bost and André Schiper. 2009. The Heard-Of model: computing in distributed systems with benign faults. Distributed Computing 22, 1 (2009), 49–71. Google Scholar
Digital Library
- Kaustuv Chaudhuri, Damien Doligez, Leslie Lamport, and Stephan Merz. 2010. Verifying Safety Properties with the TLA+ Proof System. In IJCAR 2010 (LNCS), Jürgen Giesl and Reiner Hähnle (Eds.), Vol. 6173. Springer, 142–148. Google Scholar
Digital Library
- Byung-Gon Chun, Petros Maniatis, Scott Shenker, and John Kubiatowicz. 2007. Attested append-only memory: making adversaries stick to their word. In SOSP 2007, Thomas C. Bressoud and M. Frans Kaashoek (Eds.). ACM, 189–204. Google Scholar
Digital Library
- R.L. Constable, S.F. Allen, H.M. Bromley, W.R. Cleaveland, J.F. Cremer, R.W. Harper, D.J. Howe, T.B. Knoblock, N.P. Mendler, P.Panangaden, J.T. Sasaki, and S.F. Smith. 1986. Implementing mathematics with the Nuprl proof development system. Prentice-Hall, Inc., Upper Saddle River, NJ, USA.Google Scholar
- Coq 2019. The Coq Proof Assistant. http://coq.inria.fr/Google Scholar
- Miguel Correia, Nuno Ferreira Neves, Lau Cheuk Lung, and Paulo Veríssimo. 2005. Low complexity Byzantine-resilient consensus. Distributed Computing 17, 3 (2005), 237–249. Google Scholar
Digital Library
- Miguel Correia, Nuno Ferreira Neves, and Paulo Veríssimo. 2004. How to Tolerate Half Less One Byzantine Nodes in Practical Distributed Systems. In SRDS 2004. IEEE Computer Society, 174–183. Google Scholar
Cross Ref
- Miguel Correia, Nuno Ferreira Neves, and Paulo Veríssimo. 2013. BFT-TO: Intrusion Tolerance with Less Replicas. Comput. J. 56, 6 (2013), 693–715. Google Scholar
Digital Library
- Miguel Correia, Paulo Veríssimo, and Nuno Ferreira Neves. 2002. The Design of a COTSReal-Time Distributed Security Kernel. In EDCC-4 (LNCS), Fabrizio Grandoni and Pascale Thévenod-Fosse (Eds.), Vol. 2485. Springer, 234–252. Google Scholar
Cross Ref
- Asa Dan, Rajit Manohar, and Yoram Moses. 2017. On Using Time Without Clocks via Zigzag Causality. In PODC 2017, Elad Michael Schiller and Alexander A. Schwarzmann (Eds.). ACM, 241–250. Google Scholar
Digital Library
- Christian Decker, Jochen Seidel, and Roger Wattenhofer. 2016. Bitcoin meets strong consistency. In ICDCN 2016. ACM, 13:1–13:10. Google Scholar
Digital Library
- Ankush Desai, Amar Phanishayee, Shaz Qadeer, and Sanjit A. Seshia. 2018. Compositional programming and testing of dynamic distributed systems. PACMPL 2, OOPSLA (2018), 159:1–159:30. Google Scholar
Digital Library
- Tobias Distler, Christian Cachin, and Rüdiger Kapitza. 2016. Resource-Efficient Byzantine Fault Tolerance. IEEE Trans. Computers 65, 9 (2016), 2807–2819. Google Scholar
Digital Library
- Cezara Dragoi, Thomas A. Henzinger, Helmut Veith, Josef Widder, and Damien Zufferey. 2014. A Logic-Based Framework for Verifying Consensus Algorithms. In VMCAI 2014 (LNCS), Kenneth L. McMillan and Xavier Rival (Eds.), Vol. 8318. Springer, 161–181. Google Scholar
Digital Library
- Cezara Dragoi, Thomas A. Henzinger, and Damien Zufferey. 2015. The Need for Language Support for Fault-Tolerant Distributed Systems. In SNAPL 2015 (LIPIcs), Thomas Ball, Rastislav Bodík, Shriram Krishnamurthi, Benjamin S. Lerner, and Greg Morrisett (Eds.), Vol. 32. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, 90–102. Google Scholar
Cross Ref
- Cezara Dragoi, Thomas A. Henzinger, and Damien Zufferey. 2016. PSync: a partially synchronous language for faulttolerant distributed algorithms. In POPL 2016, Rastislav Bodík and Rupak Majumdar (Eds.). ACM, 400–415. Google Scholar
Digital Library
- Derek Dreyer, Amal Ahmed, and Lars Birkedal. 2011. Logical Step-Indexed Logical Relations. Logical Methods in Computer Science 7, 2 (2011). Google Scholar
Cross Ref
- Cynthia Dwork and Yoram Moses. 1990. Knowledge and Common Knowledge in a Byzantine Environment: Crash Failures. Inf. Comput. 88, 2 (1990), 156–186. Google Scholar
Digital Library
- Karim Eldefrawy, Norrathep Rattanavipanon, and Gene Tsudik. 2017. HYDRA: hybrid design for remote attestation (using a formally verified microkernel). In WiSec 2017, Guevara Noubir, Mauro Conti, and Sneha Kumar Kasera (Eds.). ACM, 99–110. Google Scholar
Digital Library
- Ronald Fagin, Joseph Halpern, Yoram Moses, and Moshe Vardi. 2003. Reasoning About Knowledge. Google Scholar
Cross Ref
- Ronald Fagin, Joseph Y. Halpern, Yoram Moses, and Moshe Y. Vardi. 1997. Knowledge-Based Programs. Distributed Computing 10, 4 (1997), 199–225. Google Scholar
Digital Library
- Pedro Fonseca, Kaiyuan Zhang, Xi Wang, and Arvind Krishnamurthy. 2017. An Empirical Study on the Correctness of Formally Verified Distributed Systems, See [ Alonso et al. 2017 ], 328–343. Google Scholar
Digital Library
- Andreas Fürst, Thai Son Hoang, David A. Basin, Krishnaji Desai, Naoto Sato, and Kunihiko Miyazaki. 2014. Code Generation for Event-B. In IFM 2014 (LNCS), Elvira Albert and Emil Sekerinski (Eds.), Vol. 8739. Springer, 323–338. Google Scholar
Cross Ref
- S. Garland, N. Lynch, J. Tauber, and M. Vaziri. 2004. IOA user guide and reference manual. Technical Report MIT/LCS/TR-961. Laboratory for Computer Science, Massachusetts Institute of Technology, Cambridge, MA.Google Scholar
- Stephen J. Garland and Nancy Lynch. 2000. Using I/O automata for developing distributed systems. In Foundations of componentbased systems, Gary T. Leavens and Murali Sitaraman (Eds.). Cambridge University Press, New York, NY, USA, 285–312. http://dl.acm.org/citation.cfm?id=336431.336455Google Scholar
- Chryssis Georgiou, Nancy Lynch, Panayiotis Mavrommatis, and Joshua A. Tauber. 2009. Automated implementation of complex distributed algorithms specified in the IOA language. Int. J. Softw. Tools Technol. Transf. 11 (February 2009), 153–171. Issue 2. Google Scholar
Cross Ref
- Guy Goren and Yoram Moses. 2018. Silence. In PODC 2018, Calvin Newport and Idit Keidar (Eds.). ACM, 285–294. Google Scholar
Digital Library
- Joseph Y. Halpern. 1987. Using Reasoning About Knowledge to Analyze Distributed Systems. Annual Review of Computer Science 2, 1 (1987), 37–68. Google Scholar
Cross Ref
- Joseph Y. Halpern and Yoram Moses. 1990. Knowledge and Common Knowledge in a Distributed Environment. J. ACM 37, 3 (1990), 549–587. Google Scholar
Digital Library
- Joseph Y. Halpern and Rafael Pass. 2017. A Knowledge-Based Analysis of the Blockchain Protocol. In TARK 2017 (EPTCS), Jérôme Lang (Ed.), Vol. 251. 324–335. Google Scholar
Cross Ref
- Joseph Y. Halpern and Lenore D. Zuck. 1992. A Little Knowledge Goes a Long Way: Knowledge-Based Derivations and Correctness Proofs for a Family of Protocols. J. ACM 39, 3 (1992), 449–478. Google Scholar
Digital Library
- Chris Hawblitzel, Jon Howell, Manos Kapritsos, Jacob R. Lorch, Bryan Parno, Michael L. Roberts, Srinath T. V. Setty, and Brian Zill. 2015. IronFleet: proving practical distributed systems correct. In SOSP 2015, Ethan L. Miller and Steven Hand (Eds.). ACM, 1–17. Google Scholar
Digital Library
- Chris Hawblitzel, Jon Howell, Manos Kapritsos, Jacob R. Lorch, Bryan Parno, Michael L. Roberts, Srinath T. V. Setty, and Brian Zill. 2017. IronFleet: proving safety and liveness of practical distributed systems. Commun. ACM 60, 7 (2017), 83–92. Google Scholar
Digital Library
- Gerard J. Holzmann. 2004. The SPIN Model Checker - primer and reference manual. Addison-Wesley.Google Scholar
Digital Library
- Rajeev Joshi, Leslie Lamport, John Matthews, Serdar Tasiran, Mark R. Tuttle, and Yuan Yu. 2003. Checking Cache-Coherence Protocols with TLA + . Formal Methods in System Design 22, 2 (2003), 125–131. Google Scholar
Digital Library
- Rüdiger Kapitza, Johannes Behl, Christian Cachin, Tobias Distler, Simon Kuhnle, Seyed Vahid Mohammadi, Wolfgang Schröder-Preikschat, and Klaus Stengel. 2012. CheapBFT: resource-efficient byzantine fault tolerance. In EuroSys ’12, Pascal Felber, Frank Bellosa, and Herbert Bos (Eds.). ACM, 295–308. Google Scholar
Digital Library
- Eleftherios Kokoris-Kogias, Philipp Jovanovic, Nicolas Gailly, Ismail Khoffi, Linus Gasser, and Bryan Ford. 2016. Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing. In USENIX Security Symposium, Thorsten Holz and Stefan Savage (Eds.). USENIX Association, 279–296. https://www.usenix.org/conference/ usenixsecurity16/technical- sessions/presentation/kogiasGoogle Scholar
- Igor Konnov, Helmut Veith, and Josef Widder. 2015. SMT and POR Beat Counter Abstraction: Parameterized Model Checking of Threshold-Based Distributed Algorithms. In CAV 2015 (LNCS), Daniel Kroening and Corina S. Pasareanu (Eds.), Vol. 9206. Springer, 85–102. Google Scholar
Cross Ref
- Igor V. Konnov, Marijana Lazic, Helmut Veith, and Josef Widder. 2017a. A short counterexample property for safety and liveness verification of fault-tolerant distributed algorithms. In POPL 2017, Giuseppe Castagna and Andrew D. Gordon (Eds.). ACM, 719–734. Google Scholar
Digital Library
- Igor V. Konnov, Helmut Veith, and Josef Widder. 2017b. On the completeness of bounded model checking for threshold-based distributed algorithms: Reachability. Inf. Comput. 252 (2017), 95–109. Google Scholar
Digital Library
- Roman Krenický and Mattias Ulbrich. 2010. Deductive Verification of a Byzantine Agreement Protocol. Technical Report 2010-7. Karlsruhe Institute of Technology, Department of Computer Science. https://lfm.iti.kit.edu/english/769.phpGoogle Scholar
- Leslie Lamport. 1978. Time, Clocks, and the Ordering of Events in a Distributed System. Commun. ACM 21, 7 (1978), 558–565. Google Scholar
Digital Library
- Leslie Lamport. 1994. The Temporal Logic of Actions. ACM Trans. Program. Lang. Syst. 16, 3 (1994), 872–923. Google Scholar
Digital Library
- Leslie Lamport. 2004. Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers. Addison-Wesley.Google Scholar
- Leslie Lamport, Robert E. Shostak, and Marshall C. Pease. 1982. The Byzantine Generals Problem. ACM Trans. Program. Lang. Syst. 4, 3 (1982), 382–401. Google Scholar
Digital Library
- Marijana Lazic, Igor Konnov, Josef Widder, and Roderick Bloem. 2017. Synthesis of Distributed Algorithms with Parameterized Threshold Guards, See [ Aspnes et al. 2018 ], 32:1–32:20. Google Scholar
Cross Ref
- Dave Levin, John R. Douceur, Jacob R. Lorch, and Thomas Moscibroda. 2009. TrInc: Small Trusted Hardware for Large Distributed Systems. In USENIX 2009, Jennifer Rexford and Emin Gün Sirer (Eds.). USENIX Association, 1–14. http: //www.usenix.org/events/nsdi09/tech/full_papers/levin/levin.pdfGoogle Scholar
- Tianxiang Lu, Stephan Merz, and Christoph Weidenbach. 2011. Towards Verification of the Pastry Protocol Using TLA + . In FORTE 2011 (LNCS), Roberto Bruni and Jürgen Dingel (Eds.), Vol. 6722. Springer, 244–258. Google Scholar
Cross Ref
- Loi Luu, Viswesh Narayanan, Chaodong Zheng, Kunal Baweja, Seth Gilbert, and Prateek Saxena. 2016. A Secure Sharding Protocol For Open Blockchains. In CCS 2016, Edgar R. Weippl, Stefan Katzenbeisser, Christopher Kruegel, Andrew C. Myers, and Shai Halevi (Eds.). ACM, 17–30. Google Scholar
Digital Library
- Nancy A. Lynch. 1996. Distributed Algorithms. Morgan Kaufmann.Google Scholar
- Nancy A. Lynch and Mark R. Tuttle. 1987. Hierarchical Correctness Proofs for Distributed Algorithms. In PODC 1987, Fred B. Schneider (Ed.). ACM, 137–151. Google Scholar
Digital Library
- Ognjen Maric, Christoph Sprenger, and David A. Basin. 2017. Cutoff Bounds for Consensus Algorithms. In CAV 2017 (LNCS), Rupak Majumdar and Viktor Kuncak (Eds.), Vol. 10427. Springer, 217–237. Google Scholar
Cross Ref
- Dominique Méry and Neeraj Kumar Singh. 2011. Automatic code generation from event-B models. In Symposium on Information and Communication Technology, SoICT 2011, Huynh Quyet Thang and Dinh Khang Tran (Eds.). ACM, 179–188. Google Scholar
Digital Library
- Eugenio Moggi. 1989. Computational Lambda-Calculus and Monads. In LICS. IEEE Computer Society, 14–23.Google Scholar
Digital Library
- Chris Newcombe, Tim Rath, Fan Zhang, Bogdan Munteanu, Marc Brooker, and Michael Deardeuff. 2015. How Amazon web services uses formal methods. Commun. ACM 58, 4 (2015), 66–73. Google Scholar
Digital Library
- OCaml2C 2019. Interfacing C with OCaml. https://caml.inria.fr/pub/docs/manual- ocaml/intfc.htmlGoogle Scholar
- Diego Ongaro and John K. Ousterhout. 2014. In Search of an Understandable Consensus Algorithm. In 2014 USENIX Annual Technical Conference, USENIX ATC ’14, Philadelphia, PA, USA, June 19-20, 2014., Garth Gibson and Nickolai Zeldovich (Eds.). USENIX Association, 305–319. https://www.usenix.org/conference/atc14/technical- sessions/presentation/ongaroGoogle Scholar
Digital Library
- Sam Owre, John M. Rushby, Natarajan Shankar, and Friedrich W. von Henke. 1995. Formal Verification for Fault-Tolerant Architectures: Prolegomena to the Design of PVS. IEEE Trans. Software Eng. 21, 2 (1995), 107–125. Google Scholar
Digital Library
- Oded Padon, Jochen Hoenicke, Giuliano Losa, Andreas Podelski, Mooly Sagiv, and Sharon Shoham. 2018. Reducing liveness to safety in first-order logic. PACMPL 2, POPL (2018), 26:1–26:33. Google Scholar
Digital Library
- Oded Padon, Giuliano Losa, Mooly Sagiv, and Sharon Shoham. 2017. Paxos made EPR: decidable reasoning about distributed protocols. PACMPL 1, OOPSLA (2017), 108:1–108:31. Google Scholar
Digital Library
- Oded Padon, Kenneth L. McMillan, Aurojit Panda, Mooly Sagiv, and Sharon Shoham. 2016. Ivy: safety verification by interactive generalization. In PLDI 2016, Chandra Krintz and Emery Berger (Eds.). ACM, 614–630. Google Scholar
Digital Library
- Prakash Panangaden and Kim Taylor. 1992. Concurrent Common Knowledge: Defining Agreement for Asynchronous Systems. Distributed Computing 6, 2 (1992), 73–93. Google Scholar
Digital Library
- Rafael Pass and Elaine Shi. 2017. Hybrid Consensus: Efficient Consensus in the Permissionless Model. In DISC 2017 (LIPIcs), Andréa W. Richa (Ed.), Vol. 91. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, 39:1–39:16. Google Scholar
Cross Ref
- Vincent Rahli, David Guaspari, Mark Bickford, and Robert L. Constable. 2015. Formal Specification, Verification, and Implementation of Fault-Tolerant Systems using EventML. ECEASST 72 (2015). http://journal.ub.tu- berlin.de/eceasst/ article/view/1013Google Scholar
- Vincent Rahli, David Guaspari, Mark Bickford, and Robert L. Constable. 2017. EventML: Specification, Verification, and Implementation of Crash-Tolerant State Machine Replication Systems. SCP (2017).Google Scholar
- Vincent Rahli, Nicolas Schiper, Robbert van Renesse, Mark Bickford, and Robert L. Constable. 2012. A diversified and correctby-construction broadcast service. In ICNP 2012. IEEE Computer Society, 1–6. Google Scholar
Digital Library
- Vincent Rahli, Ivana Vukotic, Marcus Völp, and Paulo Jorge Esteves Veríssimo. 2018. Velisarios: Byzantine Fault-Tolerant Protocols Powered by Coq. In ESOP 2018 (LNCS), Amal Ahmed (Ed.), Vol. 10801. Springer, 619–650. Google Scholar
Cross Ref
- Nicolas Schiper, Vincent Rahli, Robbert Van Renesse, Mark Bickford, and Robert L. Constable. 2012. ShadowDB: A Replicated Database on a Synthesized Consensus Core. In Eighth Workshop on Hot Topics in System Dependability (HotDep’12). http: //www.nuprl.org/documents/Schiper/ShadowDB_A_Replicated_Database_on_a_Synthesized_Consensus_Core.pdfGoogle Scholar
- Nicolas Schiper, Vincent Rahli, Robbert van Renesse, Mark Bickford, and Robert L. Constable. 2014. Developing Correctly Replicated Databases Using Formal Tools, See [ DBL 2014 ], 395–406. Google Scholar
Digital Library
- Ulrich Schmid, Bettina Weiss, and John M. Rushby. 2002. Formally Verified Byzantine Agreement in Presence of Link Faults. In ICDCS. 608–616. Google Scholar
Cross Ref
- SecureBlue 2019. Secure Blue. https://researcher.watson.ibm.com/researcher/view_page.php?id=6904Google Scholar
- Ilya Sergey, James R. Wilcox, and Zachary Tatlock. 2018. Programming and Proving with Distributed Protocols. In POPL 2018.Google Scholar
- SGX 2019. SGX. https://software.intel.com/en- us/sgxGoogle Scholar
- João Sousa, Alysson Bessani, and Marko Vukolic. 2018. A Byzantine Fault-Tolerant Ordering Service for the Hyperledger Fabric Blockchain Platform. In DSN 2018. IEEE Computer Society, 51–58. Google Scholar
Cross Ref
- Marcelo Taube, Giuliano Losa, Kenneth L. McMillan, Oded Padon, Mooly Sagiv, Sharon Shoham, James R. Wilcox, and Doug Woos. 2018. Modularity for decidability of deductive verification with applications to distributed systems. In PLDI 2018, Jeffrey S. Foster and Dan Grossman (Eds.). ACM, 662–677. Google Scholar
Digital Library
- Joshua A. Tauber. 2004. Verifiable Compilation of I/O Automata without Global Synchronization. Ph.D. Dissertation. Departement of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, Cambridge, MA.Google Scholar
- TrustZone 2019. ARM TrustZone. https://www.arm.com/products/security- on- arm/trustzoneGoogle Scholar
- Chia-che Tsai, Donald E. Porter, and Mona Vij. 2017. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX, Dilma Da Silva and Bryan Ford (Eds.). USENIX Association, 645–658. https://www.usenix.org/conference/atc17/ technical- sessions/presentation/tsaiGoogle Scholar
- Tatsuhiro Tsuchiya and André Schiper. 2007. Model Checking of Consensus Algorithm. In SRDS 2007. IEEE Computer Society, 137–148. Google Scholar
Cross Ref
- Tatsuhiro Tsuchiya and André Schiper. 2008. Using Bounded Model Checking to Verify Consensus Algorithms. In DISC 2008 (LNCS), Gadi Taubenfeld (Ed.), Vol. 5218. Springer, 466–480. Google Scholar
Digital Library
- Paulo Veríssimo. 2006. Travelling through wormholes: a new look at distributed systems models. SIGACT News 37, 1 (2006), 66–81. Google Scholar
Digital Library
- Paulo Veríssimo and Antonio Casimiro. 2002. The Timely Computing Base Model and Architecture. IEEE Trans. Computers 51, 8 (2002), 916–930. Google Scholar
Digital Library
- Paulo Veríssimo, Antonio Casimiro, and Christof Fetzer. 2000. The timely computing base: Timely actions in the presence of uncertain timeliness. In DSN 2000. IEEE Computer Society, 533–542. Google Scholar
Cross Ref
- Guiliana Santos Veronese. 2010. Intrusion Tolerance in Large Scale Networks. Ph.D. Dissertation. Universidade de Lisboa.Google Scholar
- Giuliana Santos Veronese, Miguel Correia, Alysson Neves Bessani, and Lau Cheuk Lung. 2010. EBAWA: Efficient Byzantine Agreement for Wide-Area Networks. IEEE Computer Society, 10–19. Google Scholar
Digital Library
- Giuliana Santos Veronese, Miguel Correia, Alysson Neves Bessani, Lau Cheuk Lung, and Paulo Veríssimo. 2013. Efficient Byzantine Fault-Tolerance. IEEE Trans. Computers 62, 1 (2013), 16–30. Google Scholar
Digital Library
- Ivana Vukotic, Vincent Rahli, and Paulo Verissimo. 2019. Asphalion: Trustworthy Shielding Against Byzantine Faults. (2019). https://vrahli.github.io/articles/asphalion- long.pdf Extended version.Google Scholar
- James R. Wilcox, Doug Woos, Pavel Panchekha, Zachary Tatlock, Xi Wang, Michael D. Ernst, and Thomas E. Anderson. 2015. Verdi: a framework for implementing and formally verifying distributed systems. In PLDI 2015, David Grove and Steve Blackburn (Eds.). ACM, 357–368. Google Scholar
Digital Library
- Doug Woos, James R. Wilcox, Steve Anton, Zachary Tatlock, Michael D. Ernst, and Thomas E. Anderson. 2016. Planning for change in a formal verification of the raft consensus protocol. In CPP 2016, Jeremy Avigad and Adam Chlipala (Eds.). ACM, 154–165. Google Scholar
Digital Library
Index Terms
Asphalion: trustworthy shielding against Byzantine faults
Recommendations
Multi-Threshold Byzantine Fault Tolerance
CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications SecurityClassic Byzantine fault tolerant (BFT) protocols are designed for a specific timing model, most often one of the following: synchronous, asynchronous or partially synchronous. It is well known that the timing model and fault tolerance threshold present ...
Making Byzantine fault tolerant systems tolerate Byzantine faults
NSDI'09: Proceedings of the 6th USENIX symposium on Networked systems design and implementationThis paper argues for a new approach to building Byzantine fault tolerant replication systems. We observe that although recently developed BFT state machine replication protocols are quite fast, they don't tolerate Byzantine faults very well: a single ...
Dynamic Byzantine Quorum Systems
DSN '00: Proceedings of the 2000 International Conference on Dependable Systems and Networks (formerly FTCS-30 and DCCA-8)Byzantine quorum systems enhance the availability and efficiency of fault-tolerant replicated services when servers may suffer Byzantine failures. An important limitation of Byzantine quorum systems is their dependence on a static threshold limit on the ...






Comments