Brief Announcement: When You Don’t Trust Clients: Byzantine Proposer Fast Paxos
State machine replication is a general approach for constructing fault-tolerant services, and a key protocol underlying state machine replication is consensus. The set of Byzantine failures is so large that it has been applied for masking the effects of compromised systems, and so Byzantine-tolerant consensus has been used to construct systems that are meant to ameliorate the effect of compromise (see  among others). In the Byzantine model, there is no trust among processes: any process can behave in an arbitrarily faulty manner. However, in multi-site systems, processes in the same administrative domain typically have a measure of mutual trust. This is because such processes share fate: for example, if a process in a domain is compromised, then other processes—perhaps all of them—can be compromised as well, and the local services they rely upon may be compromised. In , this observation was used to argue for the MutuallySuspiciousDomain (MSD) model, in which there is mutual trust between processes in a domain, but no trust for inter-domain communication, i.e., processes within a domain must protect itself from possible uncivil behavior from processes in other domains.
- 4.Mao, Y., Junqueira, F., Marzullo, K.: Towards low latency state machine replication for uncivil wide-area networks. In: Fifth Workshop on Hot Topics in Dependable Systems (HotDep 2009), Estoril, Lisbon, Portugal (June 2009)Google Scholar