BFT Services Programming with a Dependable Tuple Space Franc¸ois Aubry, Alysson Neves Bessani, Paulo Sousa University of Lisboa, Faculdade de Ciˆ encias, LaSIGE - Portugal 1. Introduction In the last decade there has been a large body of work in how to make Byzantine fault-tolerant (BFT) systems more practical. Most of these works aim to provide efficient implementations of abstractions such as state machine replication, consensus and read-write registers. These abstractions are well regarded as important build- ing blocks to architect dependable distributed systems. In this paper we advocate the idea of using a new abstraction for programming dependable systems: the coordination service. The idea is to have one or more shared memory objects providing some synchronization power that allows distributed problems to be solved. The final objective is to make dependable services program- ming more simple. The idea is not only interesting from a theoretical point of view, but is also very practical since coordination services are already being used by Google and Yahoo! to coordinate crash fault-tolerant services. In this paper we evolve this idea to deal with Byzan- tine faults and show how we can use a coordination service based on an abstraction called PEATS (Policy Enforced Augmented Tuple Space) [2] to implement BFT services. The PEATS is a simple object that pro- vides operations to insert, read, remove and conditionally insert generic data structures called tuples. The execution of these operations is protected by a fine-grained security policy that allows or denies them based on the opera- tion arguments, its caller and the state of the PEATS. Given the limited number of operations provided by the PEATS, it may seem hard to implement a system just by using it. However, these operations are powerful enough to solve any distributed computing problem [1], [2]. In a previous work [2], it was showed that the PEATS can be used to build BFT algorithms that are very efficient and almost as simple as crash fault-tolerant algorithms. In this paper we want to exploit this ab- straction to build practical BFT services. To illustrate the effectiveness of our approach we present a set of algorithms to implement a LDAP-like Naming and Directory Service (NDS) using the PEATS abstraction. In order to do this, we start by defining a way to represent the directory tree structure using tuples. Then, we develop directory service’s algorithms using only the PEATS’ operations presented before. 2. A PEATS-based Naming Service There are some fundamental challenges that must be addressed in order to implement a NDS over any coordination service. For a PEATS in particular, we have to solve two main problems: (1.) how to represent the hierarchical data structure of a NDS in the non- structured tuple space and (2.) how to implement the NDS standard operations efficiently. The solutions for these two problems are discussed in the next sections. 2.1. NDS Data Structure A namespace of an LDAP-like NDS is a tree structure in which nodes are directories or attributes (pairs name – value). Non-leaf nodes are always directories while leaf nodes can be either directories or attributes. This structure is represented in the PEATS by two kinds of tuples. Directories are represented by tuples like 〈DIR, name, id, pid, ver〉 while attributes are represented by tuples like 〈ATT, name, value, id, pid, ver〉. These tuples are used to represent all elements inside a namespace, and each element has an unique id field that is produced based on the id of the client that introduced the element concatenated with an internal sequence number of this client. The pid field of the tuples are used to specify which is the parent directory of the directory (in the case of a DIR tuple) or to which directory the attribute belongs (in the case of an ATT tuple). Both tuple types have a version field ver which consists on a version number concatenated with the id of the client that inserted the tuple. This field is used to implement update operations on the NDS data, since a PEATS does not provide operations to modify tuples already in the space (more details in the next section). 2.2. NDS Service Algorithms In this section we present the algorithms used to implement the basic operations of a LDAP-like NDS. 2.2.1. System initialization. When a process connects to a PEATS-based NDS system it reads the tuple of the root directory (a DIR tuple with pid = 0) and stores it on its root dir variable.