Crash and AuthenticatedByzantine Fault Tolerance: A Fail Signaling Approach

Group communication middlewaresystems are particularly useful in supporting replication and thus in building dependable services. Many such systemshave been implemented assuming crash failure semantics. While this assumption is not unreasonable, it becomes hard to justify when applications are required to meet high reliability requirements and are built using commercial off the shelf (COTS) components. This paper presents a structuredapproachto extend a crash-tolerant middleware system into an authenticated Byzantine tolerant one with minor modifications to the original system. The proposed approach is based on state machine replication (SMR) and is motivated by the composability features of standard distributed object technologies such as CORBA. SMR is used to assure signal-on-failure(fail-signal) semantics at a level where existing crash-tolerant services can be seamlessly deployed. The resulting system can provide deterministic total ordering without liveness requirements at the service provisioninglevel.We demonstrate our claims of seamless deploymentby porting a crash-tolerant CORBA group communication service. We additionally measure the performance of the resulting system and examine the trade-offs between performance and the rigor with which the fail-signal abstractioncan be built.