Practical byzantine fault tolerance and proactive recovery

ACM Transactions on Computer Systems - Tập 20 Số 4 - Trang 398-461 - 2002
Miguel Castro1, Barbara Liskov2
1Microsoft research#TAB#
2MIT Laboratory for Computer Science

Tóm tắt

Our growing reliance on online services accessible on the Internet demands highly available systems that provide correct service without interruptions. Software bugs, operator mistakes, and malicious attacks are a major cause of service interruptions and they can cause arbitrary behavior, that is, Byzantine faults. This article describes a new replication algorithm, BFT, that can be used to build highly available systems that tolerate Byzantine faults. BFT can be used in practice to implement real services: it performs well, it is safe in asynchronous environments such as the Internet, it incorporates mechanisms to defend against Byzantine-faulty clients, and it recovers replicas proactively. The recovery mechanism allows the algorithm to tolerate any number of faults over the lifetime of the system provided fewer than 1/3 of the replicas become faulty within a small window of vulnerability. BFT has been implemented as a generic program library with a simple interface. We used the library to implement the first Byzantine-fault-tolerant NFS file system, BFS. The BFT library and BFS perform well because the library incorporates several important optimizations, the most important of which is the use of symmetric cryptography to authenticate messages. The performance results show that BFS performs 2% faster to 24% slower than production implementations of the NFS protocol that are not replicated. This supports our claim that the BFT library can be used to build practical systems that tolerate Byzantine faults.

Từ khóa


Tài liệu tham khảo

Alsberg , P. and Day , J . 1976. A principle for resilient sharing of distributed resources . In Proceedings of the Second International Conference on Software Engineering, IEEE Computer Society Press , San Francisco, 627--644.]] Alsberg, P. and Day, J. 1976. A principle for resilient sharing of distributed resources. In Proceedings of the Second International Conference on Software Engineering, IEEE Computer Society Press, San Francisco, 627--644.]]

Alvisi , L. , Malkhi , D. , Pierce , E. , Reiter , M. , and Wright , R . 2000. Dynamic Byzantine quorum systems . In International Conference on Dependable Systems and Networks (DSN, FTCS-30 and DCCA-8), IEEE Computer Society Press , New York, 283--292.]] Alvisi, L., Malkhi, D., Pierce, E., Reiter, M., and Wright, R. 2000. Dynamic Byzantine quorum systems. In International Conference on Dependable Systems and Networks (DSN, FTCS-30 and DCCA-8), IEEE Computer Society Press, New York, 283--292.]]

Alvisi , L. , Pierce , E. , Malkhi , D. , and Reiter , M . 1999. Fault detection for Byzantine quorum systems . In Proceedings of the Seventh IFIP International Working Conference on Dependable Computing for Critical Applications (DCCA-7), IEEE Computer Society Press , San Jose, Calif. 357--371.]] Alvisi, L., Pierce, E., Malkhi, D., and Reiter, M. 1999. Fault detection for Byzantine quorum systems. In Proceedings of the Seventh IFIP International Working Conference on Dependable Computing for Critical Applications (DCCA-7), IEEE Computer Society Press, San Jose, Calif. 357--371.]]

Bellare M. and Micciancio D . 1997 . A new paradigm for collision-free hashing: Incrementality at reduced cost. In Advances in Cryptology---EUROCRYPT' 97 Lecture Notes in Computer Science vol. 1233 W. Fumy Ed. Springer-Verlag Konstanz Germany 163--192.]] Bellare M. and Micciancio D. 1997. A new paradigm for collision-free hashing: Incrementality at reduced cost. In Advances in Cryptology---EUROCRYPT' 97 Lecture Notes in Computer Science vol. 1233 W. Fumy Ed. Springer-Verlag Konstanz Germany 163--192.]]

Bellare M. and Rogaway P . 1995 . Optimal asymmetric encryption---How to encrypt with RSA. In Advances in Cryptology---EUROCRYPT 94 Lecture Notes in Computer Science vol. 950 A. D. Santis Ed. Springer-Verlag Perugia Italy 92--111.]] Bellare M. and Rogaway P. 1995. Optimal asymmetric encryption---How to encrypt with RSA. In Advances in Cryptology---EUROCRYPT 94 Lecture Notes in Computer Science vol. 950 A. D. Santis Ed. Springer-Verlag Perugia Italy 92--111.]]

Bellare M. and Rogaway P . 1996 . The exact security of digital signatures. How to sign with RSA and Rabin. In Advances in Cryptology---EUROCRYPT 96 Lecture Notes in Computer Science vol. 1070 U. Maurer Ed. Springer-Verlag Zaragoza Spain 399--416.]] Bellare M. and Rogaway P. 1996. The exact security of digital signatures. How to sign with RSA and Rabin. In Advances in Cryptology---EUROCRYPT 96 Lecture Notes in Computer Science vol. 1070 U. Maurer Ed. Springer-Verlag Zaragoza Spain 399--416.]]

Bennett , C. , Bessette , F. , Brassard , G. , Salvail , L. , and Smolin , J. 1992 . Experimental quantum cryptography . J. Cryptol. 5 , 1, 3 -- 28 .]] Bennett, C., Bessette, F., Brassard, G., Salvail, L., and Smolin, J. 1992. Experimental quantum cryptography. J. Cryptol. 5, 1, 3--28.]]

Black , J. , Halevi , S. , Krawczyk , H. , Krovetz , T. , and Rogaway , P . 1999 . UMAC: Fast and secure message authentication. In Advances in Cryptology---CRYPTO'99 , Lecture Notes in Computer Science , vol. 1666 , M. Wiener, Ed ., Springer-Verlag , Santa Barbara, Calif., 216--233.]] Black, J., Halevi, S., Krawczyk, H., Krovetz, T., and Rogaway, P. 1999. UMAC: Fast and secure message authentication. In Advances in Cryptology---CRYPTO'99, Lecture Notes in Computer Science, vol. 1666, M. Wiener, Ed., Springer-Verlag, Santa Barbara, Calif., 216--233.]]

Blum , M. , Evans , W. , Gemmel , P. , Kannan , S. , and Naor , M. 1994 . Checking the correctness of memories . Algorithmica 12 , 225 -- 244 .]] Blum, M., Evans, W., Gemmel, P., Kannan, S., and Naor, M. 1994. Checking the correctness of memories. Algorithmica 12, 225--244.]]

10.1145/4221.214134

Cachin , C. , Kursawe , K. , and Shoup , V . 2000. Random oracles in Constantinople: Practical asynchronous Byzantine agreement using cryptography . In Proceedings of the Nineteenth ACM Symposium on Principles of Distributed Computing (PODC 2000 ), ACM Press, Portland, Ore.]] 10.1145/343477.343531 Cachin, C., Kursawe, K., and Shoup, V. 2000. Random oracles in Constantinople: Practical asynchronous Byzantine agreement using cryptography. In Proceedings of the Nineteenth ACM Symposium on Principles of Distributed Computing (PODC 2000), ACM Press, Portland, Ore.]] 10.1145/343477.343531

Canetti R. and Rabin T. 1992. Optimal asynchronous byzantine agreement. Tech. Rep. #92-15 Computer Science Department Hebrew University.]] Canetti R. and Rabin T. 1992. Optimal asynchronous byzantine agreement. Tech. Rep. #92-15 Computer Science Department Hebrew University.]]

Canetti , R. , Halevi , S. , and Herzberg , A . 1997. Maintaining authenticated communication in the presence of break-ins . In Proceedings of the Fourth ACM Conference on Computers and Communication Security, ACM Press , Zurich, Switzerland.]] Canetti, R., Halevi, S., and Herzberg, A. 1997. Maintaining authenticated communication in the presence of break-ins. In Proceedings of the Fourth ACM Conference on Computers and Communication Security, ACM Press, Zurich, Switzerland.]]

Castro M. and Liskov B. 1999a. A Correctness proof for a practical byzantine-fault-tolerant replication algorithm. Tech. Memo MIT/LCS/TM-590 MIT Laboratory for Computer Science.]] Castro M. and Liskov B. 1999a. A Correctness proof for a practical byzantine-fault-tolerant replication algorithm. Tech. Memo MIT/LCS/TM-590 MIT Laboratory for Computer Science.]]

Castro , M. and Liskov , B . 1999b. Practical Byzantine fault tolerance . In Proceedings of the Third Symposium on Operating Systems Design and Implementation (OSDI), USENIX, New Orleans.]] Castro, M. and Liskov, B. 1999b. Practical Byzantine fault tolerance. In Proceedings of the Third Symposium on Operating Systems Design and Implementation (OSDI), USENIX, New Orleans.]]

Chockler , G. , Malkhi , D. , and Reiter , M . 2001. Backoff protocols for distributed mutual exclusion and ordering . In Proceedings of the 21st International Conference on Distributed Computing Systems, IEEE Computer Society Press, Phoenix, Ariz.]] Chockler, G., Malkhi, D., and Reiter, M. 2001. Backoff protocols for distributed mutual exclusion and ordering. In Proceedings of the 21st International Conference on Distributed Computing Systems, IEEE Computer Society Press, Phoenix, Ariz.]]

Cristian , F. , Aghili , H. , Strong , R. , and Dolev , D . 1985. Atomic broadcast: From simple message diffusion to Byzantine agreement . In Proceedings of the Fifteenth International Conference on Fault Tolerant Computing, IEEE Computer Society Press , Ann Arbor, Mich.]] Cristian, F., Aghili, H., Strong, R., and Dolev, D. 1985. Atomic broadcast: From simple message diffusion to Byzantine agreement. In Proceedings of the Fifteenth International Conference on Fault Tolerant Computing, IEEE Computer Society Press, Ann Arbor, Mich.]]

10.1145/78952.78953

Doudou , A. , Garbinato , B. , and Guerraoui , R . 2000. Modular abstractions for devising Byzantine-resilient state machine Replication . In Proceedings of the IEEE Symposium on Reliable Distributed Systems, IEEE Computer Society Press , Nurnberg, Germany, 144--153.]] Doudou, A., Garbinato, B., and Guerraoui, R. 2000. Modular abstractions for devising Byzantine-resilient state machine Replication. In Proceedings of the IEEE Symposium on Reliable Distributed Systems, IEEE Computer Society Press, Nurnberg, Germany, 144--153.]]

Doudou A. Garbinato B. Guerraoui R. and Schiper A . 1999 . Muteness failure detectors: Specification and implementation. In Proceedings of the Third European Dependable Computing Conference (EDCC-3) Lecture Notes in Computer Science vol. 1667 J. Hlavicka E. Maehle and A. Pataricza Eds. Springer-Verlag Prague Czech Republic 71--87.]] Doudou A. Garbinato B. Guerraoui R. and Schiper A. 1999. Muteness failure detectors: Specification and implementation. In Proceedings of the Third European Dependable Computing Conference (EDCC-3) Lecture Notes in Computer Science vol. 1667 J. Hlavicka E. Maehle and A. Pataricza Eds. Springer-Verlag Prague Czech Republic 71--87.]]

10.1145/3149.214121

Fu , K. , Kaashoek , M. F. , and Mazières , D . 2000. Fast and secure distributed read-only file system . In Proceedings of the Fourth USENIX Symposium on Operating Systems Design and Implementation (OSDI 2000 ), USENIX, San Diego.]] Fu, K., Kaashoek, M. F., and Mazières, D. 2000. Fast and secure distributed read-only file system. In Proceedings of the Fourth USENIX Symposium on Operating Systems Design and Implementation (OSDI 2000), USENIX, San Diego.]]

10.1137/S0097539794265232

10.1016/S0304-3975(98)00263-1

Gifford , D. K. 1979 . Weighted voting for replicated data . In Proceedings of the Seventh Symposium on Operating Systems Principles, ACM Press, Pacific Grove, Calif., 150--162 .]] 10.1145/800215.806583 Gifford, D. K. 1979. Weighted voting for replicated data. In Proceedings of the Seventh Symposium on Operating Systems Principles, ACM Press, Pacific Grove, Calif., 150--162.]] 10.1145/800215.806583

10.1145/130704.130709

Gray J. 2000. FT 101. Talk at the University of California at Berkeley.]] Gray J. 2000. FT 101. Talk at the University of California at Berkeley.]]

Herlihy , M. P. and Wing , J. M . 1987. Axioms for concurrent objects . In Proceedings of the Fourteenth ACM Symposium on Principles of Programming Languages, ACM Press , Munich, 13--26.]] 10.1145/41625.41627 Herlihy, M. P. and Wing, J. M. 1987. Axioms for concurrent objects. In Proceedings of the Fourteenth ACM Symposium on Principles of Programming Languages, ACM Press, Munich, 13--26.]] 10.1145/41625.41627

Herzberg , A. , Jakobsson , M. , Jarecki , S. , Krawczyk , H. , and Yung , M . 1997. Proactive public key and signature systems . In Proceedings of the Fourth ACM Conference on Computers and Communication Security, ACM Press , Zurich, Switzerland.]] 10.1145/266420.266442 Herzberg, A., Jakobsson, M., Jarecki, S., Krawczyk, H., and Yung, M. 1997. Proactive public key and signature systems. In Proceedings of the Fourth ACM Conference on Computers and Communication Security, ACM Press, Zurich, Switzerland.]] 10.1145/266420.266442

Herzberg A. Jarecki S. Krawczyk H. and Yung M . 1995 . Proactive secret sharing or: How to cope with perpetual leakage. In Advances in Cryptology---CRYPTO'95 Lecture Notes in Computer Science vol. 963 D. Coppersmith Ed. Springer-Verlag Santa Barbara Calif.]] Herzberg A. Jarecki S. Krawczyk H. and Yung M. 1995. Proactive secret sharing or: How to cope with perpetual leakage. In Advances in Cryptology---CRYPTO'95 Lecture Notes in Computer Science vol. 963 D. Coppersmith Ed. Springer-Verlag Santa Barbara Calif.]]

10.1145/35037.35059

Keidar , I. and Dolev , D . 1996. Efficient message ordering in dynamic networks . In Proceedings of the Fifteenth ACM Symposium on Principles of Distributed Computing, ACM Press , Philadelphia, 68--76.]] 10.1145/248052.248062 Keidar, I. and Dolev, D. 1996. Efficient message ordering in dynamic networks. In Proceedings of the Fifteenth ACM Symposium on Principles of Distributed Computing, ACM Press, Philadelphia, 68--76.]] 10.1145/248052.248062

10.1006/jcss.1998.1566

Kihlstrom , K. , Moser , L. , and Melliar-Smith , P . 1998. The SecureRing protocols for securing group communication . In Proceedings of the Hawaii International Conference on System Sciences, IEEE Computer Society Press, Hawaii.]] 10 .1109/HICSS. 1998 .656294 Kihlstrom, K., Moser, L., and Melliar-Smith, P. 1998. The SecureRing protocols for securing group communication. In Proceedings of the Hawaii International Conference on System Sciences, IEEE Computer Society Press, Hawaii.]] 10.1109/HICSS.1998.656294

Lamport , L. 1977 . Proving the correctness of multiprocess programs . IEEE Trans. Softw. Eng. 3 , 2 (Nov.), 125--143.]] Lamport, L. 1977. Proving the correctness of multiprocess programs. IEEE Trans. Softw. Eng. 3, 2 (Nov.), 125--143.]]

10.1145/359545.359563

10.1145/2993.2994

Lamport , L. 1989. The part-time parliament. Research Rep. 49 , Digital Equipment Corporation Systems Research Center , Palo Alto , Sept.]] Lamport, L. 1989. The part-time parliament. Research Rep. 49, Digital Equipment Corporation Systems Research Center, Palo Alto, Sept.]]

10.1145/357172.357176

Lampson B. 2001. The ABCDs of Paxos. Presented at Principles of Distributed Computing. Available at http://www.research.microsoft.com/lampson.]] 10.1145/383962.383969 Lampson B. 2001. The ABCDs of Paxos. Presented at Principles of Distributed Computing. Available at http://www.research.microsoft.com/lampson.]] 10.1145/383962.383969

Liskov , B. and Zilles , S. 1975 . Specification techniques for data abstractions . IEEE Trans. Softw. Eng. SE-1, 1 (Mar.), 7--17.]] Liskov, B. and Zilles, S. 1975. Specification techniques for data abstractions. IEEE Trans. Softw. Eng. SE-1, 1 (Mar.), 7--17.]]

Liskov , B. , Ghemawat , S. , Gruber , R. , Johnson , P. , Shrira , L. , and Williams , M . 1991. Replication in the Harp file system . In Proceedings of the Thirteenth ACM Symposium on Operating System Principles (SOSP), ACM Press, Pacific Grove, Calif., 226--238 .]] 10.1145/121132.121169 Liskov, B., Ghemawat, S., Gruber, R., Johnson, P., Shrira, L., and Williams, M. 1991. Replication in the Harp file system. In Proceedings of the Thirteenth ACM Symposium on Operating System Principles (SOSP), ACM Press, Pacific Grove, Calif., 226--238.]] 10.1145/121132.121169

Lynch , N. 1996. Distributed Algorithms . Morgan Kaufmann Publishers , San Mateo , Calif.]] Lynch, N. 1996. Distributed Algorithms. Morgan Kaufmann Publishers, San Mateo, Calif.]]

Maheshwari , U. , Vingralek , R. , and Shapiro , B . 2000. How to build a trusted database system on untrusted storage . In Proceedings of the Fourth USENIX Symposium on Operating Systems Design and Implementation (OSDI 2000 ), USENIX, San Diego.]] Maheshwari, U., Vingralek, R., and Shapiro, B. 2000. How to build a trusted database system on untrusted storage. In Proceedings of the Fourth USENIX Symposium on Operating Systems Design and Implementation (OSDI 2000), USENIX, San Diego.]]

Malkhi , D. and Reiter , M . 1996a. A high-throughput secure reliable multicast protocol . In Proceedings of the Ninth Computer Security Foundations Workshop, IEEE Computer Society Press, Ireland, 9--17 .]] Malkhi, D. and Reiter, M. 1996a. A high-throughput secure reliable multicast protocol. In Proceedings of the Ninth Computer Security Foundations Workshop, IEEE Computer Society Press, Ireland, 9--17.]]

Malkhi , D. and Reiter , M . 1996b. Unreliable intrusion detection in distributed computations . In Proceedings of the Ninth Computer Security Foundations Workshop, IEEE Computer Society Press, Ireland, 9--17 .]] Malkhi, D. and Reiter, M. 1996b. Unreliable intrusion detection in distributed computations. In Proceedings of the Ninth Computer Security Foundations Workshop, IEEE Computer Society Press, Ireland, 9--17.]]

10.1007/s004460050050

Malkhi , D. and Reiter , M . 1998b. Secure and scalable replication in phalanx . In Proceedings of the Seventeenth IEEE Symposium on Reliable Distributed Systems, IEEE Computer Society Press, West Lafayette, Ind.]] Malkhi, D. and Reiter, M. 1998b. Secure and scalable replication in phalanx. In Proceedings of the Seventeenth IEEE Symposium on Reliable Distributed Systems, IEEE Computer Society Press, West Lafayette, Ind.]]

10.1109/69.842262

Malkhi D. Reiter M. and Lynch N. 1998. A correctness condition for memory shared by Byzantine processes (Submitted).]] Malkhi D. Reiter M. and Lynch N. 1998. A correctness condition for memory shared by Byzantine processes (Submitted).]]

Mazières , D. , Kaminsky , M. , Kaashoek , M. F. , and Witchel , E . 1999. Separating key management from file system security . In Proceedings of the Seventeenth ACM Symposium on Operating System Principles, ACM Press, Kiawah Island, S.C.]] 10 .1145/3 1915 1.319160 Mazières, D., Kaminsky, M., Kaashoek, M. F., and Witchel, E. 1999. Separating key management from file system security. In Proceedings of the Seventeenth ACM Symposium on Operating System Principles, ACM Press, Kiawah Island, S.C.]] 10.1145/319151.319160

Merkle , R. 1987. A digital signature based on a conventional encryption function . In Advances in Cryptology---Crypto'87 , Lecture Notes in Computer Science , vol. 293 , C. Pomerance, Ed ., Springer-Verlag , Santa Barbara, Calif., 369--378.]] Merkle, R. 1987. A digital signature based on a conventional encryption function. In Advances in Cryptology---Crypto'87, Lecture Notes in Computer Science, vol. 293, C. Pomerance, Ed., Springer-Verlag, Santa Barbara, Calif., 369--378.]]

Minnich R. 2000. The Linux BIOS home page. Available at http://www.acl.lanl.gov/linuxbios.]] Minnich R. 2000. The Linux BIOS home page. Available at http://www.acl.lanl.gov/linuxbios.]]

Murphy , B. and Levidow , B . 2000. Windows 2000 dependability . In Proceedings of IEEE International Conference on Dependable Systems and Networks, IEEE Computer Society Press , New York.]] Murphy, B. and Levidow, B. 2000. Windows 2000 dependability. In Proceedings of IEEE International Conference on Dependable Systems and Networks, IEEE Computer Society Press, New York.]]

Oki , B. and Liskov , B . 1988. Viewstamped replication: A new primary copy method to support highly-available distributed systems . In Proceedings of ACM Symposium on Principles of Distributed Computing, ACM Press , Toronto, 8--17.]] 10.1145/62546.62549 Oki, B. and Liskov, B. 1988. Viewstamped replication: A new primary copy method to support highly-available distributed systems. In Proceedings of ACM Symposium on Principles of Distributed Computing, ACM Press, Toronto, 8--17.]] 10.1145/62546.62549

Ostrovsky , R. and Yung , M . 1991. How to withstand mobile virus attack . In Proceedings of the Nineteenth Symposium on Principles of Distributed Computing, ACM Press, Montreal, 51--59 .]] 10.1145/112600.112605 Ostrovsky, R. and Yung, M. 1991. How to withstand mobile virus attack. In Proceedings of the Nineteenth Symposium on Principles of Distributed Computing, ACM Press, Montreal, 51--59.]] 10.1145/112600.112605

Ousterhout , J. 1990 . Why aren't operating systems getting faster as fast as hardware? In Proceedings of USENIX Summer Conference, USENIX, Anaheim, Calif., 247--256 .]] Ousterhout, J. 1990. Why aren't operating systems getting faster as fast as hardware? In Proceedings of USENIX Summer Conference, USENIX, Anaheim, Calif., 247--256.]]

10.1145/322186.322188

Postel J. 1980. User datagram protocol. DARPA-Internet RFC-768.]] Postel J. 1980. User datagram protocol. DARPA-Internet RFC-768.]]

Reiter , M. 1994 . Secure agreement protocols . In Proceedings of the Second ACM Conference on Computer and Communication Security, ACM Press, Fairfax, Va., 68--80 .]] 10.1145/191177.191194 Reiter, M. 1994. Secure agreement protocols. In Proceedings of the Second ACM Conference on Computer and Communication Security, ACM Press, Fairfax, Va., 68--80.]] 10.1145/191177.191194

Reiter , M. 1995. The Rampart toolkit for building high-integrity services . In Theory and Practice in Distributed Systems . Lecture Notes in Computer Science , vol. 938 , Springer Verlag , New York , 99--110.]] Reiter, M. 1995. The Rampart toolkit for building high-integrity services. In Theory and Practice in Distributed Systems. Lecture Notes in Computer Science, vol. 938, Springer Verlag, New York, 99--110.]]

10.1109/32.481515

Rivest R. 1992. The MD5 message-digest algorithm. Internet RFC-1321.]] Rivest R. 1992. The MD5 message-digest algorithm. Internet RFC-1321.]]

Rodrigues , R. , Castro , M. , and Liskov , B . 2001. BASE: Using abstraction to improve fault tolerance . In Proceedings of the Eighteenth Symposium on Operating System Principles, ACM Press , Banff, Canada.]] 10.1145/50 2034 .502037 Rodrigues, R., Castro, M., and Liskov, B. 2001. BASE: Using abstraction to improve fault tolerance. In Proceedings of the Eighteenth Symposium on Operating System Principles, ACM Press, Banff, Canada.]] 10.1145/502034.502037

Sandberg , R. , Goldberg , D. , Kleiman , S. , Walsh , D. , and Lyon , B . 1985. Design and implementation of the sun network filesystem . In Proceedings of the Summer 1985 USENIX Conference, USENIX, Portland, Oreo, 119--130.]] Sandberg, R., Goldberg, D., Kleiman, S., Walsh, D., and Lyon, B. 1985. Design and implementation of the sun network filesystem. In Proceedings of the Summer 1985 USENIX Conference, USENIX, Portland, Oreo, 119--130.]]

10.1145/98163.98167

10.1145/357162.357163

Schneier , B. 1996. Applied Cryptography . Wiley , New York .]] Schneier, B. 1996. Applied Cryptography. Wiley, New York.]]

SHA1 1994. Announcement of Weakness in Secure Hash Standard.]] SHA1 1994. Announcement of Weakness in Secure Hash Standard.]]

Wensley , J. , Lamport , L. , Goldberg , J. , Green , M. , Levitt , K. , Melliar-Smith , M. , Shostak , R. , and Weinstock , C. 1978 . SIFT: Design and analysis of a fault-tolerant computer for aircraft control . Proc. IEEE 66 , 10 (Oct.), 1240--1255.]] Wensley, J., Lamport, L., Goldberg, J., Green, M., Levitt, K., Melliar-Smith, M., Shostak, R., and Weinstock, C. 1978. SIFT: Design and analysis of a fault-tolerant computer for aircraft control. Proc. IEEE 66, 10 (Oct.), 1240--1255.]]

Zhou , L. , Schneider , F. , and Renesse , R . 2000 . COCA: A secure distributed on-line certification authority. Tech. Rep. 2000-1828, Department of Computer Science , Cornell University, Ithaca , NY. , Dec. ACM Trans. Comput. Syst. (to appear).]] Zhou, L., Schneider, F., and Renesse, R. 2000. COCA: A secure distributed on-line certification authority. Tech. Rep. 2000-1828, Department of Computer Science, Cornell University, Ithaca, NY., Dec. ACM Trans. Comput. Syst. (to appear).]]

Thông tin
Thông tin xuất bản

ACM Transactions on Computer Systems

Tập 20 Số 4

398-461

Thông tin tác giả