Solving Consensus Using Structural Failure Models

Failure models characterise the expected component failures in fault-tolerant computing. In the context of distributed systems, a failure model usually consists of two parts: a functional part specifying in what way individual processing entities may fail and a structural part specifying the potential scope of failures within the system. Such models must be expressive enough to cover all relevant practical situations, but must also be simple enough to allow uncomplicated reasoning about fault-tolerant algorithms. Usually, an increase in expressiveness complicates formal reasoning, but enables more accurate models that allow to improve the assumption coverage and resilience of solutions. In this paper, we introduce the structural failure model class DiDep that allows to specify directed dependent failures, which, for example, occur in the area of intrusion tolerance and security. DiDep is a generalisation of previous classes for undirected dependent failures, namely the general adversary structures, the fail-prone systems, and the core and survivor sets, which we show to be equivalent. We show that the increase in expressiveness of DiDep does not significantly penalise the simplicity of corresponding models by giving an algorithm that transforms any consensus algorithm for undirected dependent failures into a consensus algorithm for a DiDep model. We characterise the improved resilience obtained with DiDep and show that certain models even allow to circumvent the famous FLP impossibility result