Accountability for distributed systems
Speaker: Andreas Haeberlen, Max Planck Institute for Software Systems
Location: Warren Weaver Hall 1302
Date: April 3, 2009, 11:30 a.m.
Host: Michael Overton
Social expectations play an important role in distributed systems that span multiple administrative domains. For example, participants in peer-to-peer systems are expected to contribute resources for the common good, and members of federated systems are expected to adhere to best practices and fulfill contractual obligations. However, these expectations are not always met - sometimes by mistake, sometimes to gain an advantage, and sometimes even due to a deliberate attack.
In society, accountability is widely used to counter such threats. Accountability incentivizes good performance, exposes faults and unwanted behavior, and builds trust between competing individuals and organizations. In this talk, I will argue that accountability is also a powerful tool in designing distributed systems. Accountability ensures that misbehavior can be detected and linked to a faulty node. Thus, it complements fault tolerance techniques and offers an alternative to these techniques where failures do not have irrecoverable consequences - for example, in systems that provide a best-effort service.
I will present a set of techniques that can enforce accountability for a wide range of distributed systems, and I will show that they can detect a large and general class of faults. This class includes not only benign problems, such as bugs or misconfigurations, but also intentional misbehavior and deliberate attacks. To demonstrate that accountability is practical, I will then discuss two concrete applications, a decentralized email system and the Internet's interdomain routing system. Our evaluation results show that accountability is effective, that it has a reasonable overhead, and that it can scale to systems with a large number of nodes.
In-person attendance only available to those with active NYU ID cards. All individuals must show the Daily Screener green pass in order to gain entry to the building.