This Article 
 Bibliographic References 
 Add to: 
A Secure Group Membership Protocol
January 1996 (vol. 22 no. 1)
pp. 31-42

Abstract—A group membership protocol enables processes in a distributed system to agree on a group of processes that are currently operational. Membership protocols are a core component of many distributed systems and have proved to be fundamental for maintaining availability and consistency in distributed applications. In this paper we present a membership protocol for asynchronous distributed systems that tolerates the malicious corruption of group members. Our protocol ensures that correct members control and consistently observe changes to the group membership, provided that in each instance of the group membership, fewer than one-third of the members are corrupted or fail benignly. The protocol has many potential applications in secure systems and, in particular, is a central component of a toolkit for constructing secure and fault-tolerant distributed services that we have implemented.

[1] K. Birman and T. Joseph, "Reliable Communications in Presence of Failures," ACM Trans. Computing Systems, vol. 5, no. 1, pp. 47-76, 1987.
[2] B.A. Coan and G. Thomas, "Agreeing on a leader in real-time," in Proc. 11th Real-Time Systems Symp., pp. 166-172, Dec. 1990.
[3] F. Cristian, "Reaching agreement on processor group membership in synchronous distributed systems," Distributed Computing, vol. 4, pp. 175-187, 1991.
[4] H. Kopetz, G. Grünsteidl, and J. Reisinger, "Fault-tolerant membership service in a synchronous distributed real-time system," Dependable Computing for Critical Applications, A.$Avi\mathord{\buildrel{\lower3pt\hbox{$\scriptscriptstyle\smile$}}\over z}ienis$and J.C. Laprie, eds., pp. 411-429. Springer-Verlag, 1991.
[5] L.E. Moser, P.M. Melliar-Smith, and V. Agrawala, "Membership algorithms for asynchronous distributed systems," Proc. 11th Int'l Conf. Distributed Computing Systems, pp. 480-488, May 1991.
[6] A. Ricciardi and K. Birman, “Using Process Groups to Implement Failure Detection in Asynchronous Environments,” Proc. ACM Symp. Principles of Distributed Computing, ACM Press, New York, 1991, pp. 341‐351.
[7] S. Mishra, L.L. Peterson, and R.D. Schlicting, "A membership protocol based on partial order," Dependable Computing for Critical Applications. J.F. Meyer and R.D. Schlicting, eds., vol. 2, pp. 309-331. Springer-Verlag, 1992.
[8] Y. Amir, M. Moser, M. Melliar-Smith, D. Agarwal, and P. Ciarfella, "Fast Ordering and Membership Using a Logical Token-Passing ring," Proc. 13th Int'l Conf. Distributed Computing Systems, pp. 551-560.Pittsburgh, May 1993.
[9] F. Jahanian, A. Fakhouri, and R. Rajkumar, "Processor group membership protocols: Specification, design and implementation," Proc. 12th Symp. Reliable Distributed Systems, pp. 2-11, Oct. 1993.
[10] N. Kronenberg, H. Levy, and W. Strecker,“VAXcluster: A closely-coupled distributed system,”ACM Trans. Comput. Syst., vol. 4, pp. 130–146, May 1986.
[11] F. Cristian, B. Dancey, and J. Dehn, “Fault Tolerance in the Advanced Automation System,” Proc. 20th IEEE Int'l Symp. Fault-Tolerant Computing, p. 617, Newcastle, U.K., 1990.
[12] Y. Amir et al., Transis:“A Communication Subsystem for High Availability,” Proc. Int’l Symp. Fault‐Tolerant Computing, IEEE CS Press, Los Alamitos, Calif., 1992, pp. 76‐84.
[13] K. Ilgun, "USTAT: A real-time intrusion detection system for UNIX," Proc. 1993 IEEE Symp. Research in Security and Privacy, pp. 16-28, May 1993.
[14] M. Reiter, K. Birman, and R. van Renesse, “A Security Architecture for Fault-Tolerant Systems,” ACM Trans. Computer Systems, vol. 12, no. 4, pp. 340–371, Nov. 1994.
[15] Y. Lin and S.H. Son, “Concurrency Control in Real-Time Databases by Dynamic Adjustment of Serialization Order,” Proc. IEEE 11th Real-Time Systems Symp., Dec. 1990.
[16] F.B. Schneider, "Implementing Fault-Tolerant Services Using the State Machine Approach: A Tutorial," ACM Computing Surveys, vol. 22, no. 4, pp. 299-319, Dec. 1990.
[17] M.K. Franklin and M. Yung, "The varieties of secure distributed computation," Proc. of Sequences II, Methods in Comm., Security and Computer Science, pp. 392-417, June 1991.
[18] Y. Desmedt, "Threshold cryptography," European Trans. Telecommunications and Related Technologies, vol. 5, no. 4, pp. 449-457, July 1994.
[19] M.K. Reiter and K.P. Birman, "How to Securely Replicate Services," ACM Trans. Programming Language Systems, vol. 16, no. 3, pp. 986-1,009, 1994.
[20] K. Birman, A. Schiper, and P. Stephenson, “Lightweight Causal and Atomic Group Multicast,” ACM Trans. Computer Systems, vol. 9, no. 3, pp. 272-314, Aug. 1991.
[21] M.K. Reiter, Secure Agreement Protocols: Reliable and Atomic Group Multicast in Rampart Proc. Second ACM Conf. Computer and Comm. Security, 1994.
[22] M.K. Reiter, “The Rampart Toolkit for Building High-Integrity Services,” Theory and Practice in Distributed Systems, Lecture Notes in Computer Science 938, Springer-Verlag, pp. 99–110, 1995.
[23] V.L. Voydock and S.T. Kent, "Security mechanisms in high-level network protocols," Computing Surveys, vol. 15, no. 2, pp. 135-171, 1983.
[24] R.L. Rivest,A. Shamir, and L.A. Adleman,"A Method for Obtaining Digital Signatures and Public Key Cryptosystems," Comm. ACM, vol. 21, pp. 120-126, 1978.
[25] A.M. Ricciardi and K.P. Birman, "Process membership in asynchronous environments," Tech. Report 93-1328, Dept. of Computer Science, Cornell Univ., Feb. 1993.
[26] T. Chandra, V. Hadzilacos, S. Toueg, and B. Charron-Bost, “On the Impossibility of Group Membership,” Technical Report 95-1548, Dept. of Computer Science, Cornell Univ., Oct. 1995.
[27] B. Lampson et al., "Authentication in Distributed Systems: Theory and Practice," ACM Trans. Computer Systems, Nov. 1992, pp. 265-310.
[28] J.B. Lacy, D.P. Mitchell, and W.M. Schell, "CryptoLib: Cryptography in software," Proc. Fourth USENIX Security Workshop, pp. 1-17, Oct. 1993.
[29] R. van Renesse, K. Birman, R. Cooper, B. Glade, and P. Stephenson, "Reliable multicast between microkernels," Proc. USENIX Microkernels and Other Kernel Architectures Workshop, Apr. 1992.
[30] V. Hadzilacos and S. Toueg, "Fault-Tolerant Broadcasts and Related Problems," in Distributed Systems, S. Mullender, ed., ACM Press, New York, 1993, pp. 97-138.

Index Terms:
Security, reliability, distributed systems, group membership protocol, Byzantine failures.
Michael K. Reiter, "A Secure Group Membership Protocol," IEEE Transactions on Software Engineering, vol. 22, no. 1, pp. 31-42, Jan. 1996, doi:10.1109/32.481515
Usage of this product signifies your acceptance of the Terms of Use.