Practical Byzantine fault tolerance
OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
OceanStore: an architecture for global-scale persistent storage
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Security Considerations for Peer-to-Peer Distributed Hash Tables
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
Towards an Archival Intermemory
ADL '98 Proceedings of the Advances in Digital Libraries Conference
Preserving peer replicas by rate-limited sampled voting
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Distributed Computing
Proactive recovery in a Byzantine-fault-tolerant system
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
| Hi-index | 0.00 |
The LOCKSS (Lots Of Copies Keep Stuff Safe) system allows users to store and preserve electronic content through a system of inexpensive computers arranged in an ad hoc peer-to-peer network. These peers cooperate to detect and repair damage by voting in "opinion polls.驴 We develop a more accurate view of how the network will perform over time by simulating the system's behavior using dynamic models in which peers can be subverted and repaired. These models take into account a variety of parameters, including the rate of peer subversion, the rate of repair, the extent of subversion, and the responsiveness of each peer's system administrator. These models reveal certain systemic vulnerabilities not apparent in our static simulations: A typical adversary that begins with a small foothold within the system (e.g., 20 percent of the population) will completely dominate the voting process within 10 years, even if he only exploits one vulnerability each year. In light of these results, we propose and evaluate countermeasures. One technique, Ripple Healing, performs remarkably well. For models in which all system administrators are equally likely to repair their systems, it eliminates nearly systemic levels of corruption within days. For models in which some administrators are more likely to repair their systems, Ripple Healing limits corruption, but proves less effective, since these models already demonstrate superior performance.