Resource-efficient fault and intrusion tolerance

More and more network-based services are considered essential by their operators: either because their unavailability might directly lead to economic losses, as with e-commerce applications or online auction services, for example, or because their well-functioning is crucial for the well-functioning of other services, which is, for example, the case for distributed file systems or coordination services. Byzantine fault-tolerant replication allows systems to be built that are able to ensure the availability and reliability of network-based services, even if a subset of replicas fail arbitrarily. As a consequence, such systems not only tolerate fault scenarios in which replicas crash, but also cases in which replicas have been taken over by an adversary as the result of a successful intrusion. Despite the fact that several major outages of network-based services in the past have been caused by non-crash failures, industry is still reluctant to broadly exploit the available research results on Byzantine fault tolerance. One of the main reasons for the decision to retain crash-tolerant systems is the high resource demand associated with Byzantine fault-tolerant systems: Besides the need to execute more costly protocols, the more complex fault model also requires Byzantine fault-tolerant systems to comprise more replicas than their crash-tolerant counterparts. In this thesis, we propose and evaluate different protocols and techniques to increase the resource efficiency of Byzantine fault-tolerant systems. The key insights that serve as a basis for all of these approaches are that during normal-case operation it is sufficient for a system to detect (or at least suspect) faults, while during fault handling a system must be able to actually tolerate faults, and that the former usually requires less resources than the latter. Utilizing these insights, we investigate different ways to improve resource efficiency by implementing a clear separation between normal-case operation and fault handling based on two modes of operation: During normal-case operation, a system reduces its resource usage to a level at which it is only able to ensure progress as long as all replicas behave according to specification. In contrast, in case of suspected or detected faults, the system switches to an operation mode in which it may use additional resources in order to tolerate faults. An important outcome of this thesis is that passive replication can be an effective building block for the implementation of a resource-efficient operation mode for normal-case operation in Byzantine fault-tolerant systems. Furthermore, experimental results show that improving the resource efficiency of a system can also lead to an increase in performance.