The Architecture of the Starfish System: Mapping the Survivability Space

Kim KihlstromChris PhillipsChris Ritchey

Ben LaBarberaWestmont College

Priya NarasimhanCarnegie Mellon

University

The Starfish System

IASTED PDCS 2003

Starfish Goals

Provide survivability for middleware applications

Not specific to any middleware system

Applicable to local and wide area systems

Provide support for connected enterprises such as web services

Allow linking of multiple Starfish

The Starfish System

IASTED PDCS 2003

Starfish Protocol Stack

The Starfish System

IASTED PDCS 2003

Creating the Survivability Space

Define what is meant by survivability

Evaluate existing systems

Identify tradeoffs in survivability issues

Develop cohesive framework for survivable system design

The Starfish System

IASTED PDCS 2003

Survivability

Encompasses but goes beyond reliability and security

Provide useful services even in event of malicious attacks, intrusions, accidents, or faults

The Starfish System

IASTED PDCS 2003

Survivability Space

The Starfish System

IASTED PDCS 2003

Reliability Subspace

The Starfish System

IASTED PDCS 2003

Security Subspace

The Starfish System

IASTED PDCS 2003

Quality of Service Subspace

The Starfish System

IASTED PDCS 2003

Mapping of Prior Systems

Mapped a number of existing systems to survivability space

The Starfish System

IASTED PDCS 2003

Starfish Philosophy

Starfish allows for tradeoffs between security, reliability, and quality of service by providing body, shoulders, and arm regions

Body: Byzantine fault model and high security guarantees, but lower performance and not scalable to wide area or large number of processors

Arms: High performance and highly scalable, but supports only crash/omission/timing fault model and less stringent security guarantees

Shoulders: Intermediate fault tolerance, security, performance and scalability

The Starfish System

IASTED PDCS 2003

The Starfish System

IASTED PDCS 2003

Linked Starfish

The Starfish System

IASTED PDCS 2003

Starfish Reliability Subspace

The Starfish System

IASTED PDCS 2003

Starfish Security Subspace

The Starfish System

IASTED PDCS 2003

Starfish Quality of Service Subspace

The Starfish System

IASTED PDCS 2003

Reliability Mechanisms

Active and passive replication

Majority voting

Secure reliable ordered multicast

Byzantine fault detector

Value fault detector

Secure membership

Vaccination

Timeouts

Retransmission

The Starfish System

IASTED PDCS 2003

Security Mechanisms

Threshold schemeEncryptionIdentifiersPasswordsMACsSignaturesByzantine fault detectorValue fault detectorSecure membershipLoggingAnomaly detection

SandboxingIntrusion historyMessage digestsState transferQuarantineVaccinationMembershipMessage DigestsRemovalRecovery

The Starfish System

IASTED PDCS 2003

Quality of Service Mechanisms

Removal/addition

Migration

Hierarchical Groups

Message prioritization

Optimistic Delivery

Live Upgrades

The Starfish System

IASTED PDCS 2003

Conclusions

Mapping of prior systems to survivability space

Mapping of Starfish body, shoulders, and arms to survivability space

Identification of survivability properties and mechanisms for Starfish body, shoulders, and arms

The Starfish System

IASTED PDCS 2003

Questions and Feedback

Kim Kihlstromkimkihls@westmont.eduhttp://homepage.westmont.edu/kimkihls/

Priya Narasimhanpriya@cs.cmu.eduhttp://www.cs.cmu.edu/~priya/

Chris Phillipschphilli@westmont.edu