http:^^simon.cs.cornell.edu^info^projects^horus^abstracts.html

来自「This data set contains WWW-pages collect」· HTML 代码 · 共 520 行 · 第 1/2 页

  definitions.
<P><hr><p>
<A NAME="tr95-1505"></A>
<H2>Protocol Composition in Horus</H2>
 Robbert Van Renesse and  Kenneth P. Birman<br>
March 29, 1995
<p>
 Horus is a communication architecture that treats a protocol as an
 abstract data type. Protocol layers can be stacked on top of each
 other in a variety of ways, at run-time. This paper starts out with
 describing the many classes of protocols that can be supported this
 way. Next, we describe the Horus object model that we designed for
 this technology, and the interface between the layers that makes it
 all work. We then present an example layer which implements a group
 membership protocol. Then, we look at a example stack of protocols,
 which provides fault-tolerant, totally ordered communication between a
 group of processes. We conclude with presenting some remaining
 challenges in our project.<P>
<hr><p>
<A NAME="tr95-1500"></A>
<H2>Horus: A Flexible Group Communications System</H2>
Robbert Van Renesse,  Kenneth P. Birman,  Bradford B. Glade,  Katie
Guo,  Mark Hayden,  Takako Hickey,  Dalia Malki,  Alex Vaysburd and
Werner Vogels<br>
March 23, 1995
<p>
The Horus system offers flexible group communication support for
distributed applications. It is extensively layered and highly
reconfigurable, allowing applications to only pay for services they
use, and for groups with different communication needs to coexist in a
single system. The approach encourages experimentation with new
communication properties and incremental extension of the system, and
enables us to support a variety of application-oriented interfaces.<P>
<hr><P>
<A NAME="tr95-1493"></A>
<H2>Achieving Critical Reliability With Unreliable Components and
Unreliable Glue</H2>
 Mark Hayden and  Kenneth P. Birman<br>
 March 14, 1995
 <p>
  Even the most aggressive quality assurance procedures yield at best
  probabilistic confidence in the reliability of complex systems.
  Distributed systems, because of their large numbers of components,
  are enormously complex engineering artifacts, and hence may appear
  to be inherently unreliable -- despite the best efforts of
  researchers and developers. A cellular distributed systems
  architecture offers the hope of drastically improving the
  reliability of current technologies in settings where reliability is
  critical. The approach combines a stateful style of distributed
  computing within cells with a loosely coupled probabilistic
  inter-cell computing model based on a probabilistic broadcast
  primitive. We give an implementation of this primitive, called
  pbcast, and demonstrate how to use it to implement this methodology.
  Our approach is compatible with the use of popular distributed
  computing and reliability technologies, while offering considerable
  isolation against the spread of failures among cells.
<P><hr><p>
<A NAME="tr95-1490"></A><H2>Preserving Privacy in a Network of Mobile Computers</H2>
 David A. Cooper and  Kenneth P. Birman<br>
 March 03, 1995
 <p>
  Even as wireless networks create the potential for access to information 
  from mobile platforms, they pose a problem for privacy. In order to 
  retrieve messages, users must periodically poll the network. The 
  information that the user must give to the network could potentially be 
  used to track that user. However, the movements of the user can also be 
  used to hide the user's location if the protocols for sending and 
  retrieving messages are carefully designed. We have developed a 
  replicated memory service which allows users to read from memory without 
  revealing which memory locations they are reading. Unlike previous 
  protocols, our protocol is efficient in its use of computation and 
  bandwidth. In this paper, we will show how this protocol can be used 
  in conjunction with existing privacy preserving protocols to allow a 
  user of a mobile computer to maintain privacy despite active attacks.
<P><hr><p>
<A NAME="tr95-1489"></A>
<H2>Incorporating System Resource Information into Flow Control</H2>
 Takako M. Hickey and  Robbert Van Renesse<br>
February 27, 1995
<p>
 Upcall-based distributed systems have become widespread in recent
 years. While upcall-based systems provide some obvious advantages,
 experiences with these systems have exposed unanticipated problems of
 unpredictability and inefficiency. Incorporating system resources
 information into flow control is essential in solving these problems.
 Variants of window-based flow control suitable for distributed systems
 are investigated. Next, message packing, which improves network
 bandwidth usage efficiency, and, consequently, message throughput, is
 presented. Finally, a back pressure mechanism which controls admission
 of messages into the system by blocking applications at high load is
 presented. The combination of the window mechanism and the back
 pressure mechanism provides end-to-end management of system resources.
 The former manages network resources, while the latter manages
 operating system resources. The combination maintains good throughput
 even under high load.<P>
<hr><p>
<A NAME="95-1442"></A><H2>Design and Performance of Horus:
A Lightweight Group Communications System</H2>
<P>Robbert van Renesse, Takako M. Hickey, and Kenneth P. Birman<BR>
december 1994
<P>
The Horus project seeks to develop a communication system addressing
the requirements of a wide variety of distributed applications.
Horus implements the <em>group communications</em> model providing
(among others)
unreliable or reliable FIFO, causal, or total group multicasts.
It is extensively layered and highly reconfigurable allowing
applications to only pay for services they use.
This architecture enables groups with different
communication needs to coexist in a single system.
The approach permits experimentation with new communication
properties and incremental extension of the system, and enables
us to support a variety of application-oriented interfaces.
Our initial experiments show good performance.
<P><HR><P>
<A NAME="nossdav"></A><H2>
Support for Complex Multi-Media Applications using the Horus system.
</H2>
Werner Vogels and Robbert van Renesse 
<BR>
December 1994.
</P>

A distributed multi-media application involves more than just protocols
for the dissemination of video and audio data. As in any other
distributed application, protocols are necessary that guarantee the
 consistency, fault-tolerance, and security of shared data objects. The
Horus system offers a framework for buildin g complex distributed
systems that involve any number of protocols, as well as a variety of
protocols for the diffe rent aspects of a distributed application
(including some protocols specific to multi-media applications). We
believe that
 this integrated approach is superior to combining different toolkits,
and illustrate this with a detailed example of an existing
video-on-demand application.
<P>
<HR>
<P>
<A NAME="tr93-1354"></A>
<H2>A Security Architecture for Fault-Tolerant Systems</H2>
 Michael K. Reiter,  Kenneth P. Birman and  Robbert Van Renesse<br>
June 1993
<p>
 Process groups are a common abstraction for fault-tolerant computing
 in distributed systems. We present a security architecture that
 extends the process group into a security abstraction. Integral parts
 of this architecture are services that securely and fault-tolerantly
 support cryptographic key distribution using novel techniques. We
 detail the design and implementation of these services and the secure
 process group abstraction they support. We also give performance
 figures for some common group operations.
<P>
<hr>
<p>
<A NAME="tr95-1490">
</A><H2>Preserving Privacy in a Network of Mobile Computers</H2>
 David A. Cooper and  Kenneth P. Birman<br>
 October 26, 1994
 <p>
  Even as wireless networks create the potential for access to
  information from mobile platforms, they pose a problem for privacy.
  In order to retrieve messages, users must periodically poll the
  network. The information that the user must give to the network
  could potentially be used to track that user. However, the movements
  of the user can also be used to hide the user's location if the
  protocols for sending and retrieving messages are carefully
  designed. In this paper we will describe a set of protocols that we
  have developed to allow a user with a mobile computer to communicate
  without compromising privacy.

<A NAME="tr94-1447"></A>
<H2>Uniform Actions in Asynchronous Distributed Systems</H2>
 Dalia Malki,  Kenneth P. Birman,  Aleta M. Ricciardi and  Andre
 Schiper<br>
 September 08, 1994
 <p>
  We develop necessary conditions for the development of asynchronous
  distributed software that will perform {\em uniform} actions (events
  that if performed by any process, must be performed at all
  processes). The paper focuses on {\em dynamic uniformity}, which
  differs from the classical problems in that processes continually
  leave and join the ongoing computation. Here, we first treat a
  static version of the problem (lacking joins), and then extend the
  results so obtained to also include joins. Our results demonstrate
  that in contrast to Consensus, which cannot be solved in
  asynchronous systems with even a single faulty process, dynamic
  uniformity can be solved using a failure detection mechanism that
  makes bounded numbers of mistakes. Because dynamic uniformity arises
  in systems that maintain safety within a ``primary partition'' of a
  network, our paper provides a rigorous characterization of the
  framework upon which several existing distributed programming
  environments are based.<P>
  <hr><p>
<P><hr><p>
<A NAME="tr93-1355"></A>
<H2>Understanding Partitions and the ``No Partition'' Assumption</H2>
 Aleta M. Ricciardi,  Andre Schiper and  Kenneth P. Birman<br>
 June 1993
 <p>
  The paper discusses partitions in asynchronous message-passing
  systems. In such systems slow processes and slow links can lead to
  virtual partitions that are indistinguishable from real ones. This
  raises the following question: what is a ``partition'' in an
  asynchronous system? To overcome the impossibility of detecting
  crashed processes in an asynchronous system, our system model
  incorporates a failure suspector to detect (possibly erroneously)
  process failures. Based on failure suspicions we give a definition
  of partitions that acccounts for real partitions as well as virtual
  ones. We show that under certain assumptions about the process
  behavior, any incorrect failure suspicion inevitably partitions the
  system. We then show how to interpret the ``absence of partition''
  assumption.
<P><hr><p>
<A NAME="tr93-1339"></A>
<H2>Virtually-Synchronous Communication Based on a Weak Failure
Suspector</<A NAME=""></A></H2>
 Andre Schiper and  Aleta M. Ricciardi<br>
 April 1993
 <p>
  Failure detectors (or, more accurately, Failure Suspectors - FS)
  appear to be a fundamental service upon which to build
  fault-tolerant, distributed applications. This paper shows that a FS
  with very weak semantics (i.e. that delivers failure and recovery
  information in no specific order) suffices to implement
  virtually-synchronous communication (VSC) in an asynchronous system
  subject to process crash failures and network partitions. The VSC
  paradigm is particularly useful in asynchronous systems and greatly
  simplifies building fault-tolerant applications that mask failures
  by replicating processes. We suggest a three-component architecture
  to implement virtually-synchronous communication : 1) at the lowest
  level, the FS component; on top of it, 2a) a component that defines
  new views, and 2b) a component that reliably multicasts messages
  within a view. The issues covered in this paper also lead to a
  better understanding of the various membership service semantics
  proposed in recent literature.
<P> <hr><p>
<A NAME="tr93-1328"></A>
<H2>Process Membership in Asynchronous Environments</H2>
 Aleta M. Ricciardi and  Kenneth P. Birman<br>
 February 1993
 <p>
  The development of reliable distributed software is simplified by
  the ability to assume a fail-stop failure model. We discuss the
  emulation of such a model in an asynchronous distributed
  environment. The solution we propose, called Strong-GMP, can be
  supported through a highly efficient protocol, and has been
  implemented as part of a distributed systems software project at
  Cornell University. Here, we focus on the precise definition of the
  problem, the protocol, correctness proofs and an analysis of costs.
  Keywords: Asynchronous computation; Fault detection; Process
  membership; Fault tolerance; Process group.
<P><HR>
<EM>
Comments to
<!WA22><!WA22><!WA22><!WA22><!WA22><!WA22><!WA22><!WA22><!WA22><!WA22><!WA22><!WA22><!WA22><!WA22><!WA22><!WA22><!WA22><!WA22><!WA22><!WA22><A HREF="mailto:vogels@cs.cornell.edu">Werner Vogels </A>
</EM>
</TD>
</TR>
</TABLE>