A Trustworthiness Detector for Intrusion-Tolerant Group Communication Systems

A trustworthiness detector in a group communication system raises a suspicion event, whenever one or more group members can no longer be trusted. This suspicion event triggers a group membership protocol to create a new group. This paper describes the design, implementation, and experimental evaluation of a trustworthiness detector that can be incorporated in most group communication systems. The design of this trustworthiness detector is based on two important principles: (1) focusing on observable effects, and (2) detection in depth. This detector is generic in the sense that it is independent of the actual broadcast or group membership protocol being supported by the group communication system. It has been integrated with three different atomic broadcast protocols: a positive acknowledgement-based atomic broadcast protocol, a negative acknowledgement-based atomic broadcast protocol, and a logical ring-based atomic broadcast protocol. The paper describes these implementations, and present an extensive experimental evaluation.