Distributed Systems Distributed Systems design and algorithms Edited by Serge Haddad Fabrice Kordon Laurent Pautet Laure Petrucci First published 2011 in Great Britain and the United States by ISTE Ltd and John Wiley & Sons, Inc. Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form or by any means, with the prior permission in writing of the publishers, or in the case of reprographic reproduction in accordance with the terms and licenses issued by the CLA. Enquiries concerning reproduction outside these terms should be sent to the publishers at the undermentioned address: ISTE Ltd John Wiley & Sons, Inc. 27-37 St George’s Road 111 River Street London SW19 4EU Hoboken, NJ 07030 UK USA www.iste.co.uk www.wiley.com © ISTE Ltd 2011 The rights of Serge Haddad, Fabrice Kordon, Laurent Pautet and Laure Petrucci to be identified as the authors of this work have been asserted by them in accordance with the Copyright, Designs and Patents Act 1988. ____________________________________________________________________________________ Library of Congress Cataloging-in-Publication Data Distributed systems : design and algorithms / edited by Serge Haddad ... [et al.]. p. cm. Includes bibliographical references and index. ISBN 978-1-84821-250-3 1. Electronic data processing--Distributed processing. 2. Peer-to-peer architecture (Computer networks) 3. Computer algorithms. 4. Embedded computer systems. 5. Real-time data processing. I. Haddad, Serge. QA76.9.D5D6144 2011 004'.33--dc22 2011012243 British Library Cataloguing-in-Publication Data A CIP record for this book is available from the British Library ISBN 978-1-84821-250-3 Printed and bound in Great Britain by CPI Antony Rowe, Chippenham and Eastbourne. Contents Foreword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Chapter1.Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 SergeHADDAD,FabriceKORDON,LaurentPAUTETandLaurePETRUCCI FIRSTPART. LARGESCALE PEER-TO-PEER DISTRIBUTED SYSTEMS . . 19 Chapter2.IntroductiontoLarge-ScalePeer-to-PeerDistributedSystems 21 FabriceKORDON 2.1.“Large-Scale”distributedsystems? . . . . . . . . . . . . . . . . . . . . . 21 2.2.Consequencesof“large-scale” . . . . . . . . . . . . . . . . . . . . . . . 22 2.3.Somelarge-scaledistributedsystems . . . . . . . . . . . . . . . . . . . . 23 2.4.Architecturesoflargescaledistributedsystems . . . . . . . . . . . . . . 26 2.5.ObjectiveofPart1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 2.6.Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Chapter3.DesignPrinciplesofLarge-ScaleDistributedSystem . . . . . . 33 XavierBONNAIREandPierreSENS 3.1.Introductiontopeer-to-peersystems . . . . . . . . . . . . . . . . . . . . 33 3.2.Thepeer-to-peerparadigms . . . . . . . . . . . . . . . . . . . . . . . . . 34 3.3.Servicesonstructuredoverlays . . . . . . . . . . . . . . . . . . . . . . . 41 3.4.BuildingtrustinP2Psystems . . . . . . . . . . . . . . . . . . . . . . . . 43 3.5.Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 3.6.Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Chapter4.Peer-to-PeerStorage . . . . . . . . . . . . . . . . . . . . . . . . . 59 OlivierMARIN,SébastienMONNETandGaëlTHOMAS 4.1.Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 v 6 DistributedSystems 4.2.BitTorrent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 4.3.Gnutella . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 4.4.Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 4.5.Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Chapter5.Large-ScalePeer-to-PeerGameApplications . . . . . . . . . . . 81 SébastienMONNETandGaëlTHOMAS 5.1.Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 5.2.Large-scalegameapplications:modelandspecificrequirements . . . . 83 5.3.Overviewofpeer-to-peeroverlaysforlarge-scalegameapplications . . 90 5.4.OverlaysforFPSgames . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 5.5.Overlaysforonlinelife-simulationgames . . . . . . . . . . . . . . . . . 95 5.6.Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 5.7.Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 SECOND PART. DISTRIBUTED, EMBEDDED AND REAL-TIME SYSTEMS . 105 Chapter6.IntroductiontoDistributed EmbeddedandReal-timeSystems . . . . . . . . . . . . . . . . . . . . . . . . 107 LaurentPAUTET 6.1.Distributedreal-timeembeddedsystems . . . . . . . . . . . . . . . . . . 108 6.2.SafetycriticalsystemsasexamplesofDREsystems . . . . . . . . . . . 109 6.3.DesignprocessofDREsystems . . . . . . . . . . . . . . . . . . . . . . 112 6.4.ObjectivesofPart2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 6.5.Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Chapter7.SchedulinginDistributedReal-TimeSystems . . . . . . . . . . 117 EmmanuelGROLLEAU,MichaëlRICHARD,andPascalRICHARD 7.1.Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 7.2.Generalitiesaboutreal-timesystems . . . . . . . . . . . . . . . . . . . . 118 7.3.Temporalcorrectness. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 7.4.WCRTofthetasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 7.5.WCRTofthemessages . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 7.6.Casestudy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 7.7.Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 7.8.Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 Chapter8.SoftwareEngineeringforAdaptativeEmbeddedSystems . . . 159 EtienneBORDE 8.1.Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 8.2.Adaptation,anadditionalcomplexityfactor . . . . . . . . . . . . . . . . 160 8.3.Theoreticalaspectsofadaptationmanagement . . . . . . . . . . . . . . 163 Contents 7 8.4.Technicalsolutionsforthedesignofadaptativeembeddedsystems. . . 171 8.5.Anexampleofadaptativesystemfromtheroboticdomain . . . . . . . 176 8.6.ApplyingMDEtechniquestothedesignoftheroboticuse-case . . . . 177 8.7.Exploitationofthemodels. . . . . . . . . . . . . . . . . . . . . . . . . . 184 8.8.Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 8.9.Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Chapter9.TheDesignofAerospaceSystems . . . . . . . . . . . . . . . . . . 191 MaximePERROTIN,JulienDELANGE,andJérômeHUGUES 9.1.Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 9.2.Flightsoftwaretypicalarchitecture . . . . . . . . . . . . . . . . . . . . . 193 9.3.Traditionaldevelopmentmethodsandtheirlimits. . . . . . . . . . . . . 195 9.4.ModelingasoftwaresystemusingTASTE:philosophy . . . . . . . . . 197 9.5.Commonsolutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 9.6.WhatTASTEspecificallyproposes . . . . . . . . . . . . . . . . . . . . . 200 9.7.Modelingprocessandtools . . . . . . . . . . . . . . . . . . . . . . . . . 201 9.8.Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208 9.9.Modeltransformations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209 9.10.TheTASTErun-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213 9.11.Illustratingourprocessbydesigningheterogeneoussystems. . . . . . 215 9.12.FirstuserfeedbackandTASTEfuture . . . . . . . . . . . . . . . . . . 224 9.13.Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225 9.14.Bibliography. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226 THIRDPART. SECURITY IN DISTRIBUTED SYSTEMS . . . . . . . . . . . . 229 Chapter10.IntroductiontoSecurityIssuesinDistributedSystems . . . . 231 LaurePETRUCCI 10.1.Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231 10.2.Securedataexchange . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233 10.3.Securityinspecificdistributedsystems . . . . . . . . . . . . . . . . . . 234 10.4.OutlineofPartIII . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234 10.5.Bibliography. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235 Chapter11.PracticalSecurityinDistributedSystems . . . . . . . . . . . . 237 BenoîtBERTHOLON,ChristopheCÉRIN,CamilleCOTI, Jean-ChristopheDUBACQ andSébastienVARRETTE 11.1.Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237 11.2.Confidentiality. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249 11.3.Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252 11.4.Availabilityandfaulttolerance . . . . . . . . . . . . . . . . . . . . . . 261 11.5.Ensuringresourcesecurity . . . . . . . . . . . . . . . . . . . . . . . . . 278 8 DistributedSystems 11.6.Resultcheckingindistributedcomputations . . . . . . . . . . . . . . . 283 11.7.Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291 11.8.Bibliography. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292 Chapter12.EnforcingSecuritywithCryptography . . . . . . . . . . . . . . 301 SamiHARARIandLaurentPOINSOT 12.1.Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301 12.2.Cryptography:fromageneralperspective . . . . . . . . . . . . . . . . 303 12.3.Symmetricencryptionschemes . . . . . . . . . . . . . . . . . . . . . . 308 12.4.Primenumbersandpublickeycryptography. . . . . . . . . . . . . . . 324 12.5.Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328 12.6.Bibliography. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329 List of Authors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333 Foreword Itishardtoimaginetodayasinglecomputationthatdoesnotrelyonatleastone distributed system directly or indirectly. It could be a distributed file system, a dis- tributeddatabase,acontentdistributionnetwork,apeer-to-peergame,aremotemal- waredetectionservice,asensornetwork,oranyotherdistributedcomputation. Dis- tributedsystemshavebecometheequivalentofeconomicglobalizationinthe world ofcomputing. Adoptedforeconomicreasons,poweredbyhighlyefficientandubiq- uitousnetworking,distributedsystemsdefinethedefaultarchitectureforalmostevery computinginfrastructureinusetoday. Overthelasttwodecades,distributedsystemshavetakenmanyshapesandforms. Clusters of computers were among the earliest generations of distributed systems, whose goal was to provide a cost-effective alternative to highly expensive parallel machines. File serverswerefirsttoevolvefromthecluster-baseddistributedsystem model to serve an increasing hunger for storage. The World Wide Web introduced thewebserverand,withit,theclient-serverdistributedsystemmodel,onwhichmil- lionsofotherInternetserviceshavebeenbuilt. Peer-to-peersystemsappearedasan “anti-globalizationmovement”,infactananti-corporateglobalizationmovementthat foughtagainstthemonopolyoftheserviceproviderintheclient-servermodel.Cloud computingturneddistributedsystemsintoautilitythatofferscomputingandstorage as services over the Internet. One of the emerging and least expected beneficiaries of cloudcomputingwill be the mobileworld of smartphonesand personaldevices, whoseresourcelimitationcanbesolvedthroughcomputationoffloading.Attheother end, wireless networking has initiated the use of distributed systems in sensor net- worksandembeddeddevices. Finally,onlinesocialnetworkingisprovidinganovel usefordistributedsystems. With this multitudeof realizations, distributed systems have generateda rich set of research problemsand goals. Performancewas the first one. However, although the performanceof distributed systems has increased, there has been a resultant in- crease in the programming burden. For a decade, research in distributed systems ix 10 DistributedSystems had tried to reconcile performanceand programmabilityby making the distribution of computation transparent to the programmer through software distributed shared memory. Intheend,thingshavenotbecomesimplerasachievingperformanceunder distributedsharedmemorycomeswithanon-negligiblesemanticcostcausedbythe relaxedmemoryconsistencymodels. With theshiftofdistributedsystemstowardsfile systemsandInternet-basedser- vices,theresearchchangedfocusfromperformancetofaulttoleranceandavailability. More recently, the ubiquity of distributed system architecture has resulted in an in- creasedresearchinterestinmanageabilityaspects. Concernsofsustainabilityresulted inenergy-awaredistributedservers,whichessentiallyproposeddynamicreconfigura- tion for energysaving withoutperformanceloss. In the mobile arena, wireless net- working introduced the important issues of location-awareness, ad-hoc networking, anddistributeddatacollectionandprocessing. Finally,ascomputationandstorageis increasinglyoffloadedtothecloud,issuesofsecurityandprivacyhaverecentlygained momentum. Thisbookisajourneyintothreedomainsofthisvastlandscapeofdistributedsys- tems:large-scalepeer-to-peersystems,embeddedandreal-timesystems,andsecurity indistributedsystems. Theauthorshaverecognizedexpertiseinallthreeareas,and, moreimportantly,theexperienceofbuildingrealdistributedsystems. Thisbookre- flects the expertiseof its authorsbybalancingalgorithmsand fundamentalconcepts withconcreteexamples. Peer-to-peersystemshavegenerateda certainfascinationamongstresearchers. I seeatleasttworeasonsforthis. First,peer-to-peersystemscomefromthepositionof thechallengerwhowantstotakeawaythecrownfromthelong-reigningclient-server model. Essentially, the challenge is whether it is possible for a democratic society of systems to function efficiently without leadership. I am not sure whether history has ever proven that this is possible, but the peer-to-peer systems researchers have shown it to be possible. They employedefficient peer-to-peerdata structurescalled distributedhashtables(DHT)toachievescalabledataretrievalwhenpeerscomeand go,failormisbehave. Tribalinstinctmightalsoberesponsibleforourinterestinpeer-to-peersystems:it ismorelikelytoseekhelpfromourpeerswheneverpossibleratherthanfromtheout- siders. Thismayexplainthepopularityofpeer-to-peerapplications,suchasGnutella, BitTorrent,andthepeer-to-peergamesdiscussedinthebook,someofthem(Gnutella) developed even before researchers showed how to design peer-to-peer systems effi- ciently. However,takeheed,occasionally,peer-to-peersystemscanbeanillusion.Popular socialnetworkstodaymaylooklike peer-to-peersystemsto the user, but, in reality, their implementationis heavily centralized. Recent concernsof data ownership and Foreword 11 privacy have triggered an appetite for building truly peer-to-peer online social net- works. Itisbettertounderstandhowpeer-to-peersystemsworkratherthanbefooled again. Thedistributedembeddedandreal-timesystems, whichmakethe middlepartof the book, take distributed systems’ computing labs or centers, into the real, uncon- trollableworld. Whetherembeddedincars,buildings,orourownbodies,embedded systemsmustfunctionwithoutcontinuousoperatorassistance,adaptingtheirfunction- alitytothechangingdemandsofthephysicalsystemstheyassistorcontrol. Physical systems may also incorporate highly inter-connected embedded computers in order tobecomecyber-physicalsystems. Computerscientistshavealwaysbeengoodatde- signingsystemsforthemselves:languages,operatingsystems,andnetworkprotocols. However,embeddedsystemsareaboutothers.Theyrepresentaprerequisiteinimple- mentingMarkWeiser’svisionofpervasivecomputing,accordingtowhichcomputers willnotjustbecomeubiquitous,butalsoinvisible. Embeddedcomputingoftendemandsreal-timeguarantees,arequirementthathas beenshowntobechallengingforanykindofcomputing,notjustfordistributedsys- tems.Thispartofthebookcoversdistributedreal-timesystems,howtobuildadaptive embedded systems from a software engineering perspective, and concludes with an interestingreal-worldexampleofsoftwaredesignforan aerospacesystemusingthe modelingtooltheydeveloped. Afterreadingthisbook,wheneveryoufly, I amsure youwillhopethattheengineerwhodesignedtheplane’ssoftwarehasreadittoo. Finally,thelastpartofthebookcoverssecurityindistributedsystems. Distributed systemsinherentlyrequiresecurity.Whethertheyareclientsandserversorjustpeers, these parties, as in reallife, rarelytrust each other. The authorspresentkey aspects of grid systems’ security and dependability such as confidentiality, authentication, availability,andintegrity.Withtheincreasingpopularityofcloudcomputing,security andprivacyissueswillbeanevengreaterconcern.Virtualmachineenvironmentsare shownnottobesufficientlytrustworthyaslongastheyareinthehandsofthecloud providers. Users are likely to ask for stronger assurances, which may come from usingtheTrustedPlatformModule(TPM)support,presentedinthisbook,aswellas from intelligent auditing techniques. The book’s last section is about cryptography, the mystical part of computer science, which we always rely on when it comes to protectingtheconfidentialityofourcommunications. Whoshouldreadthebook? Theauthorsrecommenditforengineersandmasters students. I am inclined to agree with them that this book is certainly not for the inexperienced. Itrequiressomebackgroundknowledge,butalsothematuritytoread