International Journal of Computer Applications (0975 – 8887) Volume 105 – No. 7, November 2014 13 Rigorous Design of Moving Sequencer Atomic Broadcast with Malicious Sequencer Prateek Srivastava Department of Computer Science and Engineering Sir Padampat Singhania University Udaipur, Rajasthan, India Prasun Chakrabarti Department of Computer Science and Engineering Sir Padampat Singhania University Udaipur, Rajasthan, India Avinash Panwar Department of Computer Science and Engineering Sir Padampat Singhania University Udaipur, Rajasthan, India ABSTRACT This article investigates a mechanism to tolerate malicious nature of sequencer in moving sequencer based atomic broadcast in distributed systems. Various mechanisms are already given for moving sequencer based atomic broadcast like RMP [1], DTP [2], Pin Wheel [3] and mechanism proposed by Srivastava et al. [4]. But none of these mechanisms are efficient to tolerate different failure. Scholarly observation is that, these algorithms can tolerate only crash failure but not capable to tolerate omission or byzantine (malicious) failure. This work proposes a mechanism to tolerate byzantine failure (malicious nature) of sequencer in moving sequencer based atomic broadcast. The mechanism proposed in [4], has been considered as an abstract model and design refined model in order to fulfill objective. Since it relies on unicast broadcast hence it will introduce a very less number of messages in comparison to previous mechanisms [5]. B [6] formal technique has been used for development of this model and Pro B [7] model checker tool for constraint based checking to discover errors due to invariant violation and deadlocks, thereby, validating the specifications. The models have been verified for invariant violations, errors and deadlock occurrence. The B machine animated through Pro B worked very well. The Pro B managed to explore the entire state space of the B-machine in few minutes and confirming the specifications. General Terms Distributed Systems, Model Verification Keywords Broadcast, Atomic Broadcast, Total Order, Unicast, Sequencer, Crash, Byzantine, Model Checking, B formal method. 1. INTRODUCTION Atomic broadcast (also known as total order broadcast) is an important abstraction in fault tolerant distributed computing [8]. It ensures that messages broadcasted by different processes are delivered by all destination processes in same order [9]. Lamport has proposed state machine replication [10] for implementing fault tolerant services. Basically state machine replication is way to achieve highly available system. These systems are available in any case whether very high load or any failure. So the question arises that what is the role of atomic broadcast in context to highly available systems. To answer this question one has to understand the functioning of state machine replication. A state machine is set of state variable which implements its state and commands, which transform its state [11]. The client interacts with replicated servers by submitting same order of input commands. The replicas are in same initial state, after receiving input they will go through same state of execution and generate same result and finally go to same final state. The voting will be there for correctness of result and then correct result will be given back to client. In Distributed environment it is very difficult to achieve same order (or sequence) on input commands due to lackness of global clock in distributed systems. To achieve this, variety of algorithms have been given by different scholars. Different scholars use to classify these algorithms on their own assumptions and requirements. In result of this question that “who is responsible for sequencing?” these algorithms can be classified into following categories[5]: (a) fixed sequencer atomic broadcast (b) moving sequencer atomic broadcast (c) privilege based atomic broadcast (d) communication history based atomic broadcast and (e) destination agreement based atomic broadcast mechanisms. Fixed sequencer is the easiest, where one dedicated process is there for sequencing of messages but at high load or in case of sequencer failure the whole system will suffer. Though mechanisms like, Amoeba [12], MTP [13], Tandem [14], [15], Jia [16], ISIS [17], [18], Phoenix [19] and Rampart [20, 21] are fixed sequencer based and can tolerate crash but for any researcher it’s always a conundrum to face sequencer failure and bad performance at high load. So to get rid of this problem moving sequencer is a best option where not a fixed process will be sequencer. RMP [1], DTP [2], pin wheel [3] and mechanism proposed in [4] are based on moving sequencer and tolerate crash failure but not capable to tolerate the byzantine failure. So this work proposes a new mechanism to build atomic broadcast that is based on moving sequencer and will tolerate the byzantine failure of sequencer. Subsequently this mechanism can apply to whole system in order to get byzantine resistant system. The failure may be different types as (i) Crash failure; where process gets crashed at all and not responding. (ii) Omission failure; where process is omitting to do some work. (iii) Timing failure; it is due to time out. It occurs in synchronous system and (iv) Byzantine failure; where process is behaving completely maliciously. It means there is no fix pattern of its behavior. Even in case of failures the system must be efficient enough to tolerate any failure such that availability and reliability should be maintained. This work focuses on byzantine nature of sequencer. 2. CONTRIBUTION OF THE PAPER The paper contributes a tranche in direction to achieve the fault tolerant systems. It presents a mechanism that tolerates byzantine nature of sequencer in moving sequencer based atomic broadcast. The B [6] formal method is used to design this model. Pro B [7] model animator and checker tool is used to verify this model for any deadlock, constraint violations, error and inconsistencies. The results are obtained in sequential steps.