[Innovative Technology]

By

Acknowledgement

I would take this opportunity to thank my research supervisor, family and friends for their support and guidance without which this research would not have been possible.

DECLARATION

I [type your full first names and surname here], declare that the contents of this dissertation represent my own unaided work, and that the dissertation has not previously been submitted for academic examination towards any qualification. Furthermore, it represents my own opinions and not necessarily those of the University.

Signed __________________ Date _________________

Abstract

The wide deployment of high-speed computer networks has made distributed systems ubiquitous in today's connected world. The systems are affected by disruption i.e. errors within the protocol or intrusions. This motivates the need for building distributed systems that are capable of tolerating disruptions and providing highly available and correctly functioning services. The machines on which the applications are hosted are heterogeneous in nature, the applications often run legacy code without the availability of their source code, the systems are of very large scales (of the order of tens of thousands of protocol participants) and the systems often have soft real-time guarantees. While it may be possible to devise very optimized and targeted solutions for individual distributed applications, such approaches are not very interesting from a research standpoint due to their limited applicability. In developing this thesis we have focused on Monitor based detection of disruptions in a distributed environment. Monitor detects the disruptions by looking at only the external message exchanges, without looking at the internal transitions of the monitored entity. It is made to run asynchronously to the application thus avoiding the performance bottleneck. We have chosen a black box Monitor approach suitable for any generic protocol. By developing the "Monitor Based Detection Approach", aim is to provide higher reliability and dependability. We propose a Hierarchical Monitoring approach by placing a hierarchy of local and Global Monitors in the system. A Local Monitor only monitors a set of local nodes while a Global Monitor can have several local monitors reporting local interactions to it. This provides increased coverage and accuracy of detection. The Monitor consists of a Rule Classifier, Data Capture and Matching Engine as the main components. The rules are classified into Local and Global rules intelligently by the rule classifier. The Matching Engine consists of fast matching algorithms each for Temporal and Combinatorial rules. Testing of the Monitor is done on a Distributed Reliable Multicast Protocol called TRAM. The Monitor is tested by injecting faults into the running protocol using a Fault Injector.

Table of Contents

CHAPTER 1: INTRODUCTION7

CHAPTER 2: SYSTEM DESCRIPTION11

Session Initiation Protocol (SIP)11

Potential Threats12

Tree Based reliable Multicast Protocol (TRAM)14

TRAM Protocol Features15

Flow Control18

Lacking Security and Robustness in TRAM19

CHAPTER 3: MAKING PROTOCOL ROBUST : TRAM++21

TRAM++21

TRAM Implementation24

Modifications for TRAM++25

Test-bed Setup27

Output measures29

Normal and Error Injection Runs29

Error Injection Case32

Evaluation of TRAM++34

Error-free Case34

Error Injection36

CHAPTER 5: MONITOR BASED DETECTION APPROACH40

Monitor Architecture40

Data Capture41

State Maintainer41

Rule Classifier42

CHAPTER 6: EXPERIMENTS AND RESULTS44

Systems Details44

Fault Injection45

Preliminary Results47

CHAPTER 5: CONCLUSION AND FUTURE WORK50

REFERENCES51

CHAPTER 1: Introduction

In recent years, several active measurement tools have been developed for end-to-end estimation of the unused traffic capacity along packet-switched ...