Data consistency and coordination for untrusted environments

Abstract

Users of today’s computing devices are accustomed to having a permanent and capable connection to the Internet. Personal data and computational tasks are increasingly assigned to online services. Besides many advantages, online services may not be fully trusted by the users as they are usually hosted by a third party provider. Cryptographic techniques are able to prevent a provider from leaking or modifying sensitive user data. However, other attacks are still possible: When clients interact only through an untrusted online service, the latter may send diverging and inconsistent replies. In this context, fork-consistent semantics make it much easier for the clients to detect such violations. They ensure that if an untrusted service only once sent a wrong response to some client, then this client remains forever forked from those other clients to which the service replied differently. If fork-consistency is provided, clients may easily detect service misbehavior by out-of-band communication. Recent research results have shown that it is impossible to implement a service that provides full consistency and wait-free operations in the fault-free case and gracefully degrades to fork-linearizability, the strongest notion of fork-consistency, if the service acts maliciously. All existing solutions are based on locks, and thus, client operations may block even if the service is correct. This thesis introduces the first lock-free implementations with fork-linearizability, providing abortable (and therefore obstruction-free) operations if the service behaves correctly. In practical settings, obstruction-free solutions can easily be boosted to wait-freedom. In the context of fork-consistency, the thesis demonstrates that the underlying system assumptions can be significantly reduced. Existing works require the shared service to execute non-trivial computation steps. In the thesis at hand it is shown that for a wide range of fork-consistent implementations a service providing only a simple read/write interface is sufficient. For practical systems this makes a big difference in cost as fullfledged servers are typically more expensive than simple storage devices. The second part of this thesis deals with the orthogonal question how to implement shared storage abstractions that do not exhibit malicious, i.e., Byzantine faulty, behavior. The basic principle is to achieve Byzantine fault-tolerance by replication over a set of replicas out of which a fraction may act maliciously. The thesis presents lightweight, Byzantine fault-tolerant implementations of an atomic register and a key-value-store as required for many modern services in the cloud. The notion of lightweight comprises several aspects to reduce the costs incurred by replication, e.g., a minimal number of replicas and communication rounds, no employment of self-verifying data, and the support of an unbounded number of possible malicious readers.

12 Figures and Tables

Cite this paper

@inproceedings{Majuntke2012DataCA, title={Data consistency and coordination for untrusted environments}, author={Matthias Majuntke}, year={2012} }