2015 IEEE 34th Symposium on Reliable Distributed Systems (SRDS)

Tolerating Byzantine failures in the context of cloud computing is costly. Traditional BFT protocols induce a fixed degree of replication for computations and are therefore wasteful. This paper explores probabilistic Byzantine tolerance, in which computation tasks are replicated on dynamic replication sets whose size is determined based on ensuring probabilistic thresholds of correctness. The prob... View full abstract»

Storage requirements for visual data have been increasing in recent years, following the emergence of many new highly interactive multimedia services and applications for both personal and corporate use. This has been a key driving factor for the adoption of cloud-based data outsourcing solutions. However, outsourcing data storage to the Cloud also leads to new challenges that must be carefully ad... View full abstract»

As the popularity of cloud storage services grows rapidly, it is desirable and even essential for both legacy and new end-user applications to have the cloud storage capability to improve their functionality, usability, and accessibility. However, incorporating the cloud storage capability into applications must be done in a secure manner to ensure the confidentiality, integrity, and availability ... View full abstract»

Geo-replicated databases often offer high availability and low latency by relying on weak consistency models. The inability to enforce invariants across all replicas remains a key shortcoming that prevents the adoption of such databases in several applications. In this paper we show how to extend an eventually consistent cloud database for enforcing numeric invariants. Our approach builds on ideas... View full abstract»

We focus on a protocol for auditable restoration of distributed systems. The need for such protocol arises due to conflicting requirements (e.g., access to the system should be restricted but emergency access should be provided). One can design such systems with a tamper detection approach (based on the intuition of "break the glass door"). However, in a distributed system, such tampering, which a... View full abstract»

As hard disk failure rates are rarely improved and the reconstruction time for TB-level disks typically amounts to days, multiple concurrent disk/storage node failures in datacenter storage systems become common and frequent. As a result, the erasure coding schemes used in datacenters must meet the critical requirements of high fault tolerance, high storage efficiency, and fast fault recovery. In ... View full abstract»

Self-stabilization ensures that a system converges to a legitimate execution in finite time, where a legitimate execution comprises a sequence of configurations satisfying some safety condition. In this work, we investigate the notion of recurrence, which denotes how frequently a condition is satisfied in an execution of a system. We use this notion in self-stabilization to address the convergence... View full abstract»

Rolling upgrade is a practical industry technique for online updating of software in distributed systems. This paper focuses on rolling upgrade of software versions in virtual machine instances on cloud computing platforms, when various failures may occur. An operator can choose the number of instances that are updated in one round and system environments to minimise completion time, availability ... View full abstract»

The decentralized design of Peer-to-Peer (P2P) protocols inherently provides for fault tolerance to non-malicious faults. However, the base P2P scalability and decentralization requirements often result in design choices that negatively impact their robustness to varied security threats. A prominent vulnerability are Eclipse attacks that aim at information hiding and consequently perturb a P2P ove... View full abstract»

Many modern embedded systems use networks to communicate. This increases the attack surface: the adversary does not need to have physical access to the system and can launch remote attacks. By exploiting software bugs, the attacker might be able to change the behavior of a program. Security violations in safety-critical systems are particularly dangerous since they might lead to catastrophic resul... View full abstract»

Denial of Service (DoS) attacks continue to grow in magnitude, duration, and frequency increasing the demand for techniques to protect services from disruption, especially at a low cost. We present Denial of Service Elusion (DoSE) as an inexpensive method for mitigating network layer attacks by utilizing cloud infrastructure and content delivery networks to protect services from disruption. DoSE u... View full abstract»

Power failures in data centers and Cloud Computing infrastructures can cause loss of data and impact revenue. Existing best practice such as persistent logging and checkpointing add overhead during operation and increase recovery time. Other solutions like the use of an uninterruptable power supply incur additional costs and are maintenance-intensive. Novel persistent main memory, i.e. memory that... View full abstract»

With high expansibility and efficient power usage, tiered wireless sensor networks are widely deployed in many fields as an important part of Internet of Things (IoTs). It is challenging to process range query while protecting sensitive data from adversaries. Moreover, most existing work focuses on privacy-preserving range query neglecting collusion attacks and probability attacks, which are more ... View full abstract»

It is well-known that Android mobile advertising networks may abuse their host applications' permission to collect private information. Since the advertising library and host app are running in the same process, the current Android permission mechanism cannot prevent an ad network from collecting private data that is out of an ad network's permission range. In this paper, we propose PmDroid to pro... View full abstract»

In this paper, we propose a signature-based top-k query processing method against data replacement attacks in mobile ad hoc networks (MANETs). In order to rapidly identify a greater number of malicious nodes, nodes share information about identified malicious nodes with other nodes. If nodes share only this information, however, malicious nodes may successfully transmit false information identifyi... View full abstract»