SE342: DISTRIBUTED COMPUTING

Lecture # 03-b
Fundamental Models
 Outline
2

 Interaction Model
 Failure Model
 Security Model
 Interaction Model
3

 Distributed systems are composed of many processes, interacting in

complex ways
 Multiple server processes may cooperate with one another to provide a service
(DNS)
 A set of peer processes may cooperate with one another to achieve a common goal
(a voice conferencing system)
 Processes interact by passing messages –
 communication (information flow) and
 coordination (synchronization and ordering of activities) between processes
 Behavior and state of DS can be described by a distributed algorithm:
 Steps to be taken by each interacting process
 + transmission of messages between them
 Interaction Model
4

 Communication takes place with delays of considerable duration

 accuracy with which independent processes can be coordinated is limited by these
delays
 difficulty of maintaining the same notion of time across all the computers in a
distributed system

 There are two significant factors affecting interacting processes in a

distributed system:
1. Performance of communication channels
2. Computer clocks and timing events
 Performance of Communication Channels
5

 Communication over a computer network has the following performance

characteristics
 Latency – delay between the start of message’s transmission from one process and
the beginning of receipt by another
 The time taken for the first of a string of bits transmitted through a network to reach its
destination.
 The delay in accessing the network, which increases significantly when the network is
heavily loaded.
 The time taken by the operating system communication services at both the sending
and the receiving processes, which varies according to the current load on the operating
systems.
 Bandwidth of a computer network – the total amount of information that can be
transmitted over it in a given time
 Jitter – the variation in the time taken to deliver a series of messages
 Computer Clocks and Timing events
6

 Each computer in a distributed system has its own internal clock, which can
be used by local processes to obtain the value of the current time.
 Two processes running on different computers can each associate
timestamps with their events
 However, even if the two processes read their clocks at the same time, their
local clocks may supply different time values. This is because computer
clocks drift from perfect time and, more importantly, their drift rates differ from
one another.
 clock drift rate – rate at which a computer clock deviates from a perfect
reference clock
 Several approaches to correcting the times on computer clocks
 get time readings from the Global Positioning System
 GPS can send timing messages to other computers in its network (variable message delays)
 Classification of Clock Based on Drif Rate
7
 Variants of Interaction Model
8

Synchronous distributed systems

 The time to execute each step of a process has known lower and upper bounds
 Each message transmitted over a channel is received within a known bounded
time.
 Each process has a local clock whose drift rate from real time has a known bound.
 Difficult to arrive at realistic values for the process execution times
 Possible to use timeouts to detect the failure of a process
 Requires
 guaranteed sufficient processor cycles and
 network capacity,
 clocks with bounded drift rates
 Variants of Interaction Model
9

Asynchronous distributed systems

 An asynchronous distributed system is one in which there are no bounds
on:
 Process execution speeds – each step may take an arbitrarily long time
 Message transmission delays – a message may be received after an arbitrarily long
time
 Clock drift rates – the drift rate of a clock is arbitrary
 Actual distributed systems are very often asynchronous because of the
need for processes to share the processors and for communication
channels to share the network
 if too many processes of unknown character are sharing a processor, then the
resulting performance of any one of them cannot be guaranteed
 Event Ordering
10
 Failure Model
11

 In a distributed system both processes and communication channels

may fail.
 The failure model defines the ways in which failure may occur in order to
provide an understanding of the effects of failures
 Omission Failures
 Arbitrary Failures
 Timing Failures
 Omission Failures
12

 The faults classified as omission failures refer to cases when a

process or communication channel fails to perform actions that it is
supposed to do.
 Process Omission Failures
 Communication Omission Failures
 Process Omission Failures
13

 The chief omission failure of a process is to crash.

 Other processes may be able to detect such a crash by the fact that the
process repeatedly fails to respond to invocation messages (timeouts)
 In an asynchronous system a timeout can indicate only that a
process is not responding – it may have crashed or may be slow, or the
messages may not have arrived.
 A process crash is called fail-stop if other processes can detect certainly
that the process has crashed.
 Fail-stop behavior can be produced in a synchronous system if the
processes use timeouts to detect when other processes fail to respond and
messages are guaranteed to be delivered
 Communication Omission Failures
14

 A process performs send by inserting the message m in outgoing message buffer and
performs a receive by taking m from its incoming message buffer
 The communication channel produces an omission failure if it does not transport a
message from outgoing buffer to incoming message buffer.
 This is known as ‘dropping messages’ and is generally caused by lack of buffer space at
the receiver or at an intervening gateway, or by a network transmission error, detected by
a checksum carried with the message data.
 send-omission failures – loss of messages between the sending process and the outgoing message
buffer
 receive-omission failures – loss of messages between the incoming message buffer and the
receiving process
 channel omission failures – loss of messages in between

 Benign failures
 include omission as well as timing and performance failures
 Communication Omission Failures
15
 Arbitrary Failures
16

 Arbitrary or Byzantine failure is used to describe the worst possible failure

semantics, in which any type of error may occur
 For example, a process may set wrong values in its data items, or it may return a
wrong value in response to an invocation
 Arbitrary failures in processes cannot be detected by seeing whether the
process responds to invocations, because it might arbitrarily omit to reply.
 Communication channels can suffer from arbitrary failures; for example,
message contents may be corrupted, nonexistent messages may be
delivered or real messages may be delivered more than once
 Arbitrary failures of communication channels are rare because the
communication software is able to recognize them and reject the faulty
messages.
 For example, checksums are used to detect corrupted messages, and message
sequence numbers can be used to detect nonexistent and duplicated messages.
17
 Timing Failures
18

 Timing failures are applicable in synchronous distributed systems where time

limits are set on process execution time, message delivery time and clock drift
rate.
 In an asynchronous distributed system, an overloaded server may respond too
slowly, but we cannot say that it has a timing failure since no guarantee has been
offered.
 Any of the below failures may result in responses being unavailable to clients within
a specified time interval.
 Masking Failures
19

 Multiple servers that hold replicas of data can continue to provide a service
when one of them crashes.
 Omission failures can be hidden by using a protocol that retransmits
messages that do not arrive at their destination.
 Process crashes may be masked, by replacing the process and
restoring its memory from information stored on disk by its predecessor.
 Reliability of one-to-one communication
20

 The term reliable communication is defined in terms of validity and

integrity as follows:
 Validity: Any message in the outgoing message buffer is eventually delivered to the
incoming message buffer.
 Integrity: The message received is identical to one sent, and no messages are
delivered twice.
 The threats to integrity come from two independent sources:
 Any protocol that retransmits messages but does not reject a message that arrives
twice. Protocols can attach sequence numbers to messages so as to detect those that
are delivered twice.
 Malicious users that may inject spurious messages, replay old messages or tamper
with messages. Security measures can be taken to maintain the integrity property in
the face of such attacks.
 Security Model
21

 The security of a distributed system can be achieved by securing

 the processes
 the channels used for their interactions and
 by protecting the objects against unauthorized access
 Protecting Objects
22

 Include users in our model as the beneficiaries of access rights

 Association of each invocation and each result with the authority on which it
is issued
 such an authority is called a principal – may be a user or a process
 Protecting Objects
23

 The server is responsible for verifying the identity of the principal behind
each invocation and checking their access rights.
 The client may check the identity of the principal behind the server to
ensure that the result comes from the required server.
 Securing Processes and their Interaction
24

 Processes interact by sending messages, exposed to attack because the

network and the communication service
 Servers and peer processes expose their interfaces, enabling invocations to be
sent to them by any other
 Enemy – adversary
 capable of sending any message to any process and reading or copying any message
sent between a pair of processes
 threats to processes
 lack of knowledge of true source of a message
 threats to communication channels.
 threat to the privacy and integrity of messages
 Secure Channels
25

 Encryption and authentication are used to build secure channels as a service

layer on top of existing communication services

 Properties of a secure channel:

 Each of the processes knows reliably the identity of the principal on whose behalf
the other process is executing
 A secure channel ensures the privacy and integrity (protection against tampering) of
the data transmitted across it.
 Each message includes a physical or logical timestamp to prevent messages from
being replayed or reordered.
 Recommended Readings
26

 Page # 61 to 75, Chapter # 2: System Models from CDK: Couloris, G, Dollimore, J.

and Kinberg, T, Distributed Systems - Concepts and Design, 5th
Edition, Addison-Wesley, Pearson Education