Fundamental Models

Fundamentals models are lower-level representations of specific aspects of a software system, such as
its data structures, algorithms, or programming paradigms. They provide a way to understand the
fundamental building blocks of a software system and how they are implemented.
Basis of Fundamental Models (Three Perspectives)
Interaction Model: Algorithms for communication and coordination with timing/delay analysis.
(Includes Communication Protocols (RestAPI, MPI, Socket Programming), & Synchronization Protocols.
 Synchronous Systems  Asynchronous Systems
Failure Model: Types of hardware, software or network inaccuracies or faults analysis.
 Omission Failures
 Arbitrary / Byzantine Failures  Masking Failures
 Timing Failures  Reliability
Security Model: Modularity of process/services and openness make distributed system vulnerable.
Security model classify possible cases of attack for analysis. (kinds, mapping attacks or with asset
perspective, only assets and their vulnerabilities are mapped).
 Protecting Objects  Defeating Security Threats
 Protecting Processes & their Interaction  Secure Channels

Interaction Model
Interacting processes perform all of the activities in a DS. Each process has its own state, consisting of
the set of data that it can access and update, including the variables in its program.
The state belonging to each process is completely private – it cannot be accessed or updated by any
other process. The data link layer knows what kind of physical layer there is and how data in delivered
that’s why interaction is important.
• Two significant factors affecting interacting processes in a DS:
– Performance of communication channels is often a limiting characteristic.
– It is impossible to maintain a single global time.
Interaction Model - Performance of Communication Channels
• Latency: The delay between the start of a message’s transmission from one process and the
beginning of its receipt by another. The latency includes: time to transfer/receipt, setup time, OS
service overhead. Latency is losses to continuous communication channels.
• Bandwidth: The total amount of information that can be transmitted over a network in a given time.
You have to work in the constraints.
• Jitter: The variation in time taken to deliver a series of messages e.g. multimedia data. You may get
good bandwidth at some time and bad bandwidth at some other time. You don’t have guarantee.
1|Page
 Failure Model
The failure model describes the possible ways in which failures can occur to understand their effects.
Taxonomy of Failures
• Omission Failures • Timing Failures
• Arbitrary / Byzantine Failures • Masking Failures
Omission Failures: A process or communication channel fails to perform actions that it is supposed to
do. Your data is omitted from the system, you no longer have a data or process executing.
Process Omission Failure: Major process omission failure is due to crash. Process is no longer there.
Clean Crash: Other processes either function Fail-Stop: A fail-stop failure occurs when a
correctly or else stop, other process does not process halts its execution, and other processes
have certainty of process failure. They may can detect this failure with certainty. Process
detect such a crash via timeouts. crashes and other processes can detect it with
certainty.
In an asynchronous system a timeout can
indicate only that a process is not responding – Hello Timer (10 seconds) and Death Timer (40
it may have crashed or may be slow, or seconds) - (OSPF Process)
messages may not have arrived.
 If the server handling your incoming emails • In an online multiplayer game, if one player's
experiences a clean crash, you might not connection fails and they stop responding
receive new emails until the server restarts (fail-stop), the game might pause or display
or redirected to another server. But, you can a message indicating connection issues.
ability send emails or access old emails (they Other players know that the player is
are other processes). disconnected
Communication Omission Failure: Failure to transport a message from p’s outgoing message buffer to
q’s incoming message buffer. These buffers are usually provided by OS.

Also known as dropping messages and its typical causes are:

• Insufficient buffer space at receiver’s end or at an intervening gateway.
• Network transmission error.

2|Page
Send-omission failure - loss of messages Receive-omission failure - loss of messages
between sending process and outgoing message between incoming message buffer and
buffer. It's like dropping a letter before putting receiving process. It's like the mailbox receiving
it in the mailbox. the letter but not delivering it to your doorstep.
Arbitrary / Byzantine Failures: They are not well defined errors, they are sort of errors that happen by
their own, out of control errors. Bits replaced during communication due to some external influence.
The worst possible failure semantics, in which any type of error may occur. When it occurs, the system
may respond in any unpredictable manner.
 In a Byzantine failure, a process might return an incorrect value or behave in a completely
unexpected way. Process might send incorrect data to disrupt the system or return an arbitrary
value instead of the expected result.
An arbitrary failure of a process is the one in which it arbitrarily omits intended processing steps or
takes unintended process steps. Therefore these failures can’t be detected by seeing whether the
process responds to invocations, because it might arbitrarily omit to reply.
These failures are uncommon in communication channels because the communication software can
use techniques like checksums for detecting corrupted messages or sequence numbers to detect non-
existent or duplicated messages.
• Timing Failures: Applicable in synchronous distributed systems. Any sort of timing failure may result
in responses being unavailable to clients within a specified time interval.

– (Clock) Process’s local clock exceeds the bounds on its rate of drift from real time. (every local
physical clock will have some drift rate, because of battery, it slows and ultimately stops, that
can lead to time failure). All of its modules should have preset global clock.

– (Performance) Process exceeds the bounds on the interval between two steps. Data is not being
received so you have to wait so next processes has to wait (unplanned backlog).

– (Performance) A message’s transmission takes longer than the stated bound. Data was received
after double time, due to which other tasks also delayed. Failure because of communication or
transmission.

– (Prepare examples for each).

• RTOS (real-time operating system) are designed with a view to providing timing guarantees, but
they are more complex to design and may require redundant hardware. OS variations are
application based.
• In contrast, most general-purpose operating systems, like UNIX, are not real-time and do not
guarantee strict timing requirements.
3|Page
 Reliable Communication
Reliable Communication ensures that messages are delivered correctly and efficiently between
processes in a distributed system. If it happens, we trust the communication.
Validity: Any message in the outgoing message buffer is eventually delivered to the incoming message
buffer (No Omission Failure).
Integrity: The message received is identical to the one sent, and no message is delivered twice (No
Duplicate). Integrity can be broken both by failures and by security breaches as well. Messages has not
been changed during communication. Threats to Security, Any protocol that retransmits messages but
doesn’t reject a message that arrives twice. Malicious users that may inject spurious messages, replay
old messages or tamper with messages.
Exercise: Consider two communication services for use in asynchronous DS.
– In service A, messages may be lost, duplicated or delayed and checksums apply only to headers.
– In service B, messages may be lost, delayed or delivered too fast for the recipient to handle them,
but those that are delivered arrive in order and with the correct contents.
Describe the classes of failure exhibited by each service.
– Classify their failures according to their effect on the properties of validity & integrity.
– Can service B be described as a reliable communication service? Explain your answer.
Note: 10 marks (definition + answer), 2 marks (answer only)
Service A:

4|Page
Lost Messages: Omission Failures, Validity is Lost Messages: Omission Failures, Validity is
denied. Duplicated Messages: Arbitrary denied. No Duplicated Messages: No Arbitrary
Failures, Integrity is denied Failures, Integrity is maintained. Not reliable.
Service B
Exercise: Describe the classes of failures exhibited in each of the following scenarios:
• Process A sends a message to process B. The message is lost.
• Process A sends a message to process B. Process B receives two identical copies of the message.
• Suggest how to mask the failure in the first scenario.
Solution:
• Process A sends a message to process B. The message is lost (Communication Omission Failure). This
can be masked by re-sending the message.
• Process A sends a message to process B. Process B receives two identical copies of the message
(Arbitrary Failure). Nothing can be done – some damages are irreparable.
Process omission failure, consider an example that email is generated on logs collected from the
routers, however due to email server backlog, email was not send (process omission). Procure another
server dedicated to only email notification of that router or network. Different email server.

Security Model
Security in a distributed system involves securing processes and communication channels to protect
the objects they encapsulate from unauthorized access.
In a cloud computing environment, access to
virtual machines is secured by ensuring that
only authorized users or processes can access
them, and communication between these
virtual machines is encrypted to prevent
eavesdropping.
Security Model – Enemy Model (MITM)
Stands for Man-In-The-Middle attack, where an attacker secretly intercepts and possibly alters the
communication between two parties. In a MITM attack, an attacker intercepts the communication
between a user and a website, allowing them to steal sensitive information like login credentials.

5|Page
Security Key Terms
• Cryptography: The science of keeping messages secure.
• Encryption: The process of scrambling a message in such a way as to hide its contents.
• Authentication: Proving the identities supplied by their senders.
• Secure Channels: Encryption and authentication are used to build secure channels as a service layer
on top of existing communication services. HTTPS (Hypertext Transfer Protocol Secure) uses
encryption (SSL/TLS) to establish a secure channel between a web browser and a server.
Following are the key uses:

 Identity Assurance: A secure channel is a communication channel connecting a pair of processes,

each of which acts on behalf of a principal. Each process involved in the communication knows
the identity of the other process. This ensures that the server can protect its resources correctly,
and the client can be sure it is communicating with a legitimate server, not an impostor. This
enables the server to protect its objects correctly and allows the client to be sure that is receiving
results from a bona fide server.

 Privacy and Integrity: Secure channels ensure that the data transmitted between processes is
protected against eavesdropping and tampering. Encryption is used to keep the data private,
and mechanisms such as digital signatures or message authentication codes (MACs) are used to
ensure the integrity of the data.

 Prevention of Message Replay and Reordering: To prevent attacks where messages are
intercepted, replayed, or reordered, each message includes a timestamp. This timestamp can be
either a physical time stamp (e.g., using the system clock) or a logical time stamp (e.g., a
sequence number).
Examples: Examples of secure channels include Virtual Private Networks (VPNs) and the Secure Sockets
Layer (SSL) protocol (now superseded by Transport Layer Security or TLS).

Other Possible Threats

Denial of Service (DoS):
Excessive and pointless invocations on services
or message transmissions in a network,
resulting in overloading of physical resources
(network bandwidth, server processing
capacity).
Mobile Code:
A Trojan horse role, purporting to fulfill an
innocent purpose, but in fact including code that
accesses or modifies resources that are
legitimately available to the host process, but
not to the originator of the code.

6|Page