Tutorial Questions

Question 1

1. Why it is sometimes so hard to hide the occurrence and recovery from failures in a distributed system?

Answer 1

Detecting and recovering from failures in a distributed system is hard because it is generally hard to identify the states of remote software/hardware components. For example, it is generally impossible to detect whether a server is actually down, or that it is simply slow in responding

Question 2

2. Why it is not always a good idea to aim at implementing the highest degree of transparency possible?

Answer 2

Considerable loss of performance.

Question 3

3. What is an open distributed system and what benefits does openness provide?

Answer 3

An open distributed system offers services according to clearly defined rules and interfaces. The same system can deliver the service to different type of clients and applications

Question 4

4. Describe precisely what is meant by a scalable system.

Answer 4

Can scale geographically, with size and administration

Question 5

5. Scalability can be achieved applying different techniques. What are these techniques?

Answer 5

Workload and data distribution. This requires distributed/parallel algorithms  Using decentralized architecture  Data replication, and caching.

Question 6

6. If a client and a server are placed far apart, we may see network latency dominating overall performance. How can we tackle this problem?

Answer 6

Use multithreaded clients and servers. Use a buffer.

Question 7

7. What’s a 3 tiered application?

Answer 7

Highest level is the client. Second level is the application and the lowest level is the data.

Question 8

8. In a structured overlay network, messages are routed according to the topology of the overlay. What is an important disadvantage of this approach?

Answer 8

The shortest path between source and destination may not be the physical shortest path. While the source and receivers may be logically very close to each other, they could be physically at the remotest part of the network.

Question 9

9. How interceptors can be used as an approach to adaptive software in distributed systems?

Answer 9

Interceptors offer a way to intercept the usual flow of the software/system and therefore enhance the existing applications with new functions (like logging). Good for context-awareness.

Question 10

10. Discuss whether it is beneficial to limit the number of threads in a server process.

Answer 10

• Threads require their own private stack. - Independent threads can be chaotic (can get race conditions).

Question 11

11. Assume a client calls an asynchronous RPC to a server, and subsequently waits until the server returns a result using another asynchronous RPC. Is this approach the same as letting the client execute a normal RPC?

Answer 11

No. An asynchronous RPC returns an acknowledgement to the caller, meaning that after the first call by the client, an additional message is sent across the network.

Question 12

12. Explain why transient synchronous communication has inherent scalability problems, and how these could be solved?

Answer 12

12. The problem is the limited geographical scalability, which could result in large communication latency. Sysnchronous communication requires blocking until it receives the reply, so it may take a long time if there is distance.

Question 13

13. Give an example showing that multicasting can be useful for discrete data streams.

Answer 13

Passing a large file to many users

Question 14

14. Give an example of where an address of an entity E needs to be further resolved into another address to actually access E.

Answer 14

14. IP addresses in the Internet are used to address hosts. However, to access a host, its IP address needs to be further resolved to, for example, an Ethernet address (or a MAC address).

Question 15

15. What’s a true identifier?

Answer 15

15. Book IBSM, Mac Address, Student number

Question 16

16. In a hierarchical location service with a depth of k, how many location records need to be updated at most when a mobile entity changes its location?

Answer 16

16. 2k + 1

Question 17

17. Explain why transient synchronous communication has inherent scalability problems, and how these could be solved?

Answer 17

17. The problem is the limited geographical scalability. Because synchronous communication requires that the caller is blocked until its message is received, it may take a long time before a caller can continue when the receiver is far away

Question 18

18. Give an example showing that multicasting can be useful for discrete data streams.

Answer 18

18. Passing a large file to many users as is the case, for example, when updating mirror sites for Web services or software distributions.

Question 19

19. Give an example of where an address of an entity E needs to be further resolved into another address to actually access E.

Answer 19

19. IP addresses in the Internet are used to address hosts. However, to access a host, its IP address needs to be further resolved to, for example, an Ethernet address (or a MAC address).

Question 20

20. In your own words explain why and how weak consistency matters in developing distributed systems.

Answer 20

Weak consistency models come from the need to replicate for performance. Because efficient replication can be done only if we can avoid global synchronisation, we then need to consider loosening consistency constraints

Question 21

21. Active replication as described in the lecture notes requires that all operations be carried out in the same order at each replica. Is this ordering always necessary?

Answer 21

Active replication means a set of operations are propagated to other nodes in the system for data updates. It is important that the orders of these operations are obliged at each node. It is necessary to apply the operations in the same order across the system to ensure data consistency.

Question 22

22. A file is replicated on 6 servers. a. List all the combinations of read and write quorums permitted by Gifford’s scheme.

Answer 22

NW which is more constrained (must be > N/2). So greater than 3… (4, 5, 6 are okay.) NR + NW > N so to take one case, for NW = 4, we can have NR values of 3 and above.

Question 23

23. What is the significance of NR = 1?

Answer 23

You only need locate one copy to read, but writers need to communicate with all copies. This is valuable in a case where writes are relatively rare.

Question 24

Answer 24

Strict consistency means, every process reads the most recent write.

Question 25

Answer 25

Everybody reads in the same order. So b)

Question 26

How do you determine which ones are causally related?

Answer 26

“Writes that are potentially causally related must be seen by all processes in the same order. Concurrent writes may be seen in a different order on different machines.”

Question 27

Answer 27

Problem is P2 did not acquire the critical section for y, therefore R(y) by P2 returns NIL which is a unexpected output and could cause system failure.

Question 28

Explain general issues in choosing between client-centric and data-centric consistency models.

Answer 28

The big-picture issue is that client-centric models look at what happens when the client moves, whereas data-centric models look at what happens when a different process looks at the data from a different site.

On the one hand, data-centric models can be categorised into strong to weak models depends on how strict the synchronization rules are.

On the other hand, client-centric models focus on how various actions by a particular mobile client dictate the synchronization process.

Question 29

Which mechanisms could a distributed system provide as security services to application developers that believe only in the end-to-end argument in system’s design, as discussed in Chapter. 6 (Synchronisation)?

Answer 29

End-to-end argument to security services means that developers will not trust anything that is not provided by their own applications.

In effect, the distributed system as a whole is considered to be untrusted.

Question 30

Suppose you were asked to develop a distributed application that would allow teachers to set up exams. Give three example statements that would be part of the security policy for such an application.

Answer 30

Students should not be able to access exams before a specific time.

Also, any teacher accessing an exam before the actual examination date should be authenticated.

Also, there may be a restricted group of people that should be given read access to any exam in preparation, whereas only the responsible teacher should be given full access.

Question 31

What is wrong in implementing a nonce (see Textbook p.402) as a timestamp?

Answer 31

Although a timestamp is used only once, it is far from being random.

Implementations of security protocols exist that use timestamps as nonces, and which have been successfully attacked by exploiting the non-randomness of the nonces.

Question 32

Answer 32

In principle, if RB is never used again, then returning it unencrypted should be enough. However, such randomness is seldom found. Therefore, by encrypting RB, it becomes much more difficult for someone to break in and forge message 3.

Question 33

What is the role of the timestamp in message and why does it need to be encrypted?

Answer 33

The timestamp is used to protect against replays. By encrypting it, it becomes impossible to replay message 6 with a later timestamp. This example illustrates a general application of timestamps in cryptographic protocols.

Question 34

6. How can role changes be expressed in an Access Control Matrix (see Textbook p.415)?

Answer 34

Roles, or protection domains in general, can be viewed as objects with basically a single operation: enter. Whether or not this operation can be called depends on the role from which the request is issued. More sophisticated approaches are also possible, for example, by allowing changes back to previous roles.

Question 35

Name a few advantages and disadvantages of using centralized servers for key management.

Answer 35

An obvious advantage is simplicity. Using a centralized server allows efficient storage and maintenance facilities at a single site.

Potential disadvantages include the server becoming a bottleneck with respect to performance as well as availability. Also, if the server is compromised, new keys will need to be established.

Question 36

Does it make sense to restrict the lifetime of a session key? If so, give an example how that could be established.

Answer 36

Session keys should always have a restricted lifetime as they are easier to break than other types of cryptographic keys. The way to restrict their lifetime is to send along the expiration time when the key is generated and distributed.

Question 37

What are the differences between computer-centric and user-centric approach to computing?

Answer 37

Computer-centric requires users to learn technology and interface, learning curve.

User-centric: self-adapting to user needs, self-configuring, context aware

Question 38

What is context information in pervasive context aware systems?

Answer 38

Context information is a set of data, gathered from sensors, applications and users, which conforms to a context model and provides a snapshot that approximates the real-world context at a given point in time

Question 39

What is the role of the Fusion Layer in processing sensed context information?

Answer 39

The Fusion Layer aggregates the location information gathered by the abstraction layer for a particular entity to provide a single, coherent location of the entity. If there are conflicts in the location information they should be resolved at this layer.

Question 40

What kind of communication paradigms are typically used in context-aware systems? Explain why.

Answer 40

Most pervasive applications/systems use notifications as a communication paradigm

RMI

Question 41

What is the difference between internal and external adaptations of applications? Give examples

Answer 41

Internal adaptation is the ability to coordinate potential adaptation within an application itself. For example, a GPS device and a network based location mechanism would be members of the same type of context (i.e. location). Both of these mechanisms can provide similar types of information but have different specifications and different requirements. When the system gets into a state whereby one of the mechanisms is favoured, the application will switch to the preferred mechanism.

External adaptation is the ability to coordinate the adaptive behaviour when resources become unavailable. For example, 2 adaptive applications run on a mobile device: a web browser and a video player. When a contextual change triggers (such as low of power in the phone) the adaptation control has to decide which adaptation mechanism should be invoked. This could be based on predefined policies such as priorities.

Question 42

. Explain why Byzantine failures require more replicated resources to deal with than silent failures.

Answer 42

Because erroneous results have to be voted down, you need a majority (50%+1) to detect Byzantine failures. On the hand, a silent failure produces no result and hence is not in contention for being part of the solution: provided a timeout or other suitable technique can detect the failure, only one correct alternative source of solution is needed.

Question 43

For each of the following applications, between the fault tolerant protocols: at-leastonce semantics and at-most-once semantics, which do you think is best?

Discuss.

a. Reading and writing files from a file server
b. Compiling a program
c. Remote banking

Answer 43

For (a) and (b), at least once is best. There is no harm trying over and over. For (c), it is best to give it only one try. If that fails, the user will have to intervene to clean up the mess.

Question 44

Answer 44

This is FIFO multicasting because P3 and P4 receives messages from P1 in the order that P1 sent the messages. Same for message from P2.

Question 45

Answer 45

This is atomic multicasting with total-order delivery of message because P3 and P4 receives messages from P1 and P2 in the same order.

Question 46

In our explanation of three-phase commit, it appears that committing a transaction is based on majority voting. Is this true?

Answer 46

Absolutely not. The point to note is that a recovering process that could not take part in the final decision as taken by the other process, will recover to a state that is consistent with the final choice made by the others.

Question 47

Given a server is stateless, are checkpoints necessary for recovery? Explain your example

Answer 47

It depends on what the server does. For example, a database server that has been handed a complete transaction will maintain a log to be able to redo its operations when recovering. However, there is no need to take checkpoints for the sake of the state of the distributed system. Checkpointing is done only for local recovery