Design and Verification of Time-Critical Byzantine Fault-Tolerant Systems

时间关键拜占庭容错系统的设计和验证

• 批准号: EP/W034514/1
• 负责人: Vincent Rahli
• 金额: $ 50.53万
• 依托单位: University of Birmingham
• 依托单位国家: 英国
• 项目类别: Research Grant
• 财政年份: 2023
• 资助国家: 英国
• 起止时间: 2023 至 无数据
• 项目状态: 未结题
• 来源: https://gtr.ukri.org/projects?ref=EP%2FW034514%2F1
• 关键词: Design; Verification; Time; Critical; Byzantine

Our society strongly depends on critical information infrastructures such as electrical grids, autonomous vehicles, blockchain applications, IoT critical infrastructures, etc. Not only do we increasingly rely on such complex infrastructures for the correct functioning of our society, in many occasions, even our lives depend on them being safe and secure.Critical infrastructures are the target of attacks aiming at stealing critical assets such as money and data. Vulnerabilities in software components used by these infrastructures are regularly found and exploited, sometimes allowing attackers to control physical components of SCADA (Supervisory Control And Data Acquisition) systems such as the New York Dam or Ukraine's Power Grid. As we keep seeing in the news, failures of such systems can be catastrophic.The decentralized nature of some of these infrastructures require complex mechanisms to guarantee that the data they handle is safe and secure. For example, blockchain systems allow remote users to agree on and maintain a digital ledger of transactions. They rely on complex agreement algorithms to provide those guarantees and ensure the correct functioning of the systems while users interact remotely and propose transactions concurrently. Such systems can even work correctly when some users are faulty (possibly acting maliciously). As for SCADA systems, bugs are regularly found and exploited to steal critical assets in such systems.Among the agreement algorithms used in blockchain technology, traditional Byzantine Fault Tolerant (BFT) protocols require little computing power, and can be used to harden any (deterministic) service (e.g., a banking service). They achieve this by replicating the service across a number of machines such that the correctly functioning machines hide the behavior of the faulty ones. However, one drawback of such protocols is that they require two thirds of the users to be honest, and a large number of messages to be exchanged before transactions are accepted.While BFT techniques have primarily been used in blockchain systems, other infrastructures could benefit from it if it was delivering the required properties. For example, in order to use BFT protocols in SCADA systems, they would have to guarantee that operations that need to be agreed upon between multiple remote components, can be achieved in a timely manner.These issues call for (1) developing generic, yet efficient defence mechanisms that can be applied to a wide range of infrastructures, and(2) provide strong correctness guarantees.First, in this project we propose to develop efficient BFT protocols that can be applied to a wide range of infrastructures. More precisely, we propose to develop novel BFT techniques that are less costly (less replicas and less exchanged messages) than state-of-the-art solutions by relying on trusted components (e.g., secure hardware components such as Intel SGX), and to apply these techniques to develop more efficient and reliable blockchain systems. Moreover, we also propose to develop techniques to turn state-of-the-art BFT protocols into protocols that achieve timeliness guarantees, allowing their integration in real-time applications.Secondly, we propose to guarantee the correctness of these novel protocols. One way to provide strong correctness guarantees is to useformal verification methods, such as theorem provers to automatically or interactively prove that a piece of software or hardware behaves asintended. Many theorem provers have been developed and improved over the years allowing to do just that, such as Agda, Coq, Isabelle, etc.Our project will make use of the highly expressive Coq prover to ensure the correctness of these protocols. More precisely, we propose to develop within Coq, support to implement BFT protocols, models to capture the environments in which those protocols execute, as well asproof techniques to guarantee their correctness.

我们的社会强烈依赖于关键的信息基础设施，如电网，自动驾驶汽车，区块链应用，物联网关键基础设施等，我们不仅越来越依赖这些复杂的基础设施来确保我们社会的正常运作，而且在许多情况下，甚至我们的生命也依赖于它们的安全和保障。关键基础设施是攻击的目标，攻击的目的是窃取关键资产，如金钱和数据这些基础设施使用的软件组件中的漏洞经常被发现和利用，有时允许攻击者控制SCADA（监督控制和数据采集）系统的物理组件，例如纽约大坝或乌克兰电网。正如我们在新闻中不断看到的那样，此类系统的故障可能是灾难性的。其中一些基础设施的分散性需要复杂的机制来保证它们处理的数据是安全的。例如，区块链系统允许远程用户同意并维护交易的数字分类账。它们依靠复杂的协议算法来提供这些保证，并确保系统的正确运作，同时用户进行远程交互并同时提出交易。这样的系统甚至可以在某些用户出错（可能是恶意行为）时正常工作。至于SCADA系统，经常发现并利用漏洞窃取此类系统中的关键资产。在区块链技术中使用的协议算法中，传统的拜占庭容错（BFT）协议需要很少的计算能力，并且可以用于加固任何（确定性）服务（例如，银行服务）。他们通过在多台机器上复制服务来实现这一点，以便正确运行的机器隐藏故障机器的行为。然而，这种协议的一个缺点是，它们需要三分之二的用户是诚实的，并且在交易被接受之前需要交换大量的消息。虽然BFT技术主要用于区块链系统，但如果它提供所需的属性，其他基础设施可以从中受益。例如，为了在SCADA系统中使用BFT协议，他们必须保证需要在多个远程组件之间达成一致的操作可以及时实现。这些问题要求（1）开发通用的，但有效的防御机制，可以应用于广泛的基础设施，以及（2）提供强大的正确性保证。首先，在这个项目中，我们建议开发有效的BFT协议，可以应用于广泛的基础设施。更确切地说，我们提出开发新的BFT技术，其通过依赖于可信组件（例如，安全的硬件组件，例如英特尔SGX），并应用这些技术来开发更高效、更可靠的区块链系统。此外，我们还建议开发技术，把国家的最先进的BFT协议的协议，实现及时性保证，允许他们在实时应用程序的集成。其次，我们建议保证这些新的协议的正确性。提供强正确性保证的一种方法是使用形式验证方法，例如定理证明器自动或交互地证明软件或硬件的行为符合预期。多年来，许多定理证明器已经开发和改进，允许这样做，如Agda，Coq，Isabelle等。我们的项目将利用高度表达的Coq证明器来确保这些协议的正确性。更确切地说，我们建议在Coq中开发，支持实现BFT协议，捕获这些协议执行的环境的模型，以及保证其正确性的证明技术。