Rapid developments in networking technology and a rise in clustered computing have driven research studies in high performance communication architectures. In an effort to standardize the work in this area, industry leaders have developed the Virtual Interface Architecture (VIA) specification. This architecture seeks to provide an operating system-independent infrastructure for high-performance user-level networking in a generic environment. This paper evaluates the inherent costs and performance potential of the Virtual Interface Architecture through a prototype implementation over Myrinet. The VIA prototype is compared against established research user-level networks using simple communication benchmarks on the same hardware. We consider extensions to the VI Architecture that improve its performance for certain types of communication traffic and outline further research areas in the VIA design space that merit investigation.

The Byzantine failure model allows arbitrary behavior of a certain fraction of network nodes in a distributed system. It was introduced to model and analyze the effects of very severe hardware faults in aircraft control systems. Lately, the Byzantine failure model has been used in the area of network security where Byzantine-tolerance is equated with resilience against malicious attackers. We discuss two reasons why one should be careful in doing so. Firstly, Byzantine-tolerance is not concerned with secrecy and so special means have to be employed if secrecy is a desired system property. Secondly, in contrast to the domain of hardware faults, in a security setting it is difficult to compute the assumption coverage of the Byzantine failure model, i.e., the probability that the failure assumption holds in practice. To address this latter point we develop a methodology which allows to estimate the reliability of a Byzantine-tolerant solution exposed to attackers of different strengths.

inequality, which means that all collusions of minorities can be tolerated, is argued to be optimal and makes the main result also optimal. 592 A third construction, on which the second is based but which is interesting in its own right, is that of an "all-honest world." This is a setting, relying only on assumption (b), in which any participant who has revealed secrets to any other can prove publicly that the secrets revealed are correct and receivable by the second participant--even ff the second participant denies receipt orcorrecmess. I INFORMAL INTRODUCTION A spymaster's deepest fear, it might be said, is that of a "double agent., If the spymasters of major countries would be willing to pool all the information they have on their agents, then they could discover--to their mutual benefit-- all double agents who play one side off against the other. But for a spymaster, revealing this sensitive data to "the other side" is, of course, unthinkable. A solution to the spymasters'

We consider the problem of dependable computation with multiple inputs. The goal is to study when redundancy can help to achieve survivability and when it cannot. We use AND/OR graphs to model fault tolerant computations with multiple inputs. While there is a polynomial time algorithm for finding vertex disjoint paths in networks, we will show that the equivalent problem in computation systems with multiple inputs is NP-hard. Our main results are as follows. (1) We present a general model for fault tolerant computation systems with multiple inputs: AND/OR graphs. (2) We show that it is NP-hard to find two vertex disjoint solution graphs in an AND/OR graph. It follows that in the general case redundancy cannot help to achieve survivability, assuming P6=NP. Keywords: Dependable computation, complexity theory, NP-hardness.

Abstract. Game theory has an elegant way of modeling structural aspects of social games. The predicted outcome of the social games holds as long as “the rules of the game ” are kept. Therefore, a game authority (which enforces the “rules”) is required. We present the first design for such a game authority, where the game authority is a middleware of distributed systems. The middleware restricts the agents to “play by the rules”, and excludes agents that do not obey the (selfish) rules of the game since we consider them as Byzantine. We base our design on a self-stabilizing Byzantine agreement that allows processors to audit each other’s actions. We show that when the agents are restricted to act selfishly resource allocation can become asymptotically optimal (according to our performance criteria, which is: multi-round anarchy cost). Our design also includes services that allow owners to share a collaborative effort for coalition optimization using group-preplay negotiation. Since there are no guarantees for successful termination of selfish negotiations, we consider “democratic ” approaches for promoting “free choice”. 1

Abstract. The proposed Competitive Contract Net Protocol has been designed to facilitate a flexible cooperation in competitive multi-agent environments and to support automated or semi-automated negotiations in competitive domains. The protocol is based on FIPA standards. The protocol covers not only the phase of contracting the commitments, but also allows for a decommitment negotiation and contract termination. Thus, it consists of three phases: (i) a contracting phase, where conditions of agreement are concluded, (ii) an optional decommitment phase, where contract may be breached, and (iii) a contract termination phase, where the compliance with the concluded contract conditions is evaluated. Both the decommitment and non-compliance are bounded with penalties which measurably ensure a compliance with the commitments, but also allow an opportunistic behaviour of the agents at some price. 1

nachgewiesen werden:

Abstract. Replication has been used to build intrusion-tolerant systems, which are able to tolerate a limited number intrusions before the system is compromised. An important limitation of intrusion-tolerant systems is that if the system’s replicas are similar, once a flaw is discovered and exploited in one replica, then it is easy to replicate it on the other replicas, compromising the whole system. To circumvent this limitation one must find a way to make these exploits occur independently. We propose the deployment of different operating systems in order to avoid common failures, making a system correct unless f + 1 replicas are compromised. However, if enough time is given to the adversary, then eventually f + 1 different replicas will suffer an intrusion. Hence, to reduce the size of this time window, we introduce diversity on recoveries, where the system will replace the faulty replicas with fresh and different ones (therefore, cleaning their faulty state) as the adversary compromises the replicas. The remaining challenge is to manage the recoveries without violating the availability of the system. Our contribution is to assess the risk on replicated systems to trigger recoveries.