The Fail-Stop Controller AE11

How Fail-Stop are Faulty Programs?

Most fault-tolerant systems are designed to stop faulty programs before they write permanent data or communicate with other processes. This property (halt-on-failure) forms the core of the fail-stop model. Unfortunately, little experimental data exists on whether or not program failures follow the fail-stop model. This paper describes a tool, based on the SimOS complete-machine simulator, that ...

Fail-Stop Signatures Without Trees

We construct the first fail-stop signature scheme where neither the signature length nor the length of the public key grows as a function of the number of messages that can be signed with one key. The computation needed for signing and testing is reduced similarly. This removes one of the main differences between the complexity of ordinary signature schemes and previous fail-stop signature sche...

An Efficient Fail-Stop Signature Scheme Based on Factorization

Fail-stop signature (FSS) schemes protect a signer against a forger with unlimited computational power by enabling the signer to provide a proof of forgery, if it occurs. In this paper, we show a flaw in a previously proposed fail-stop signature that is based on the difficulty of factorization, and then describe a secure scheme based on the same assumption.

Beyond Fail-Stop: Wait-Free Serializability and Resiliency in the Presence of Slow-Down Failures

Historically, database researchers have dealt with two kinds of process failures: fail-stop failures and malicious failures. Under the fail-stop assumption, processes fail by halting. Such failures are easily detectable. Under the malicious (or Byzantine) failure assumption, processes fail by behaving unpredictably, perhaps as adversaries. Such failures are not necessarily detectable. When syst...

The Fail-Stop Processor Approach*