System Model. We consider a system with n = 3f +1 nodes, and additionally an unbounded number of clients. There are at most f byzantine nodes, and clients can be byzantine as well. The network is asynchronous, and messages have variable delay and can get lost. Clients send requests that correct nodes have to order to achieve state replication.
System Model. A distributed system is composed of a set of agents with well defined roles that cooperate to achieve a common goal. In practice, an agent can be implemented by a process or collection of them, by a processor, or any computation enabled entity. Moreover, any single entity that implements one agent could also implement multiple of them. Reasoning in terms of agents allows us to specify problems and algorithms more concisely and in terms of heterogeneous agents. Distributed systems can be classified in different axis according to the way agents exchange information, the way they fail and recover, and the relative speeds at which they perform computation. In this work we address asynchronous distributed systems in which agents can crash and recover, and use unreliable communication channels to exchange messages. In asynchronous distributed systems there are no bounds on the time it takes an agent to execute any action or for a message to be transmitted. We show that if such bounds exist, then the protocols we present in this thesis ensure some liveness properties, if the number of failures can be limited in time. Our liveness proofs require the bounds to exist but do not require them to be known by any agent. Even though we assume that agents may recover, they are not obliged to do so once they have failed. For simplicity, an agent is considered to be nonfaulty iff it never fails. Agents are assumed to have access to local stable storage which they can use to keep their state in between failures. State not kept in stable storage is reset after a crash. Lastly, we assume that agents do not execute any arbitrary step, i.e., we do not consider byzantine failures. Although channels are unreliable, we assume that if agents keep retransmitting their messages, then they eventually succeed in communicating with each other. We also assume that messages are not duplicated and cannot be undetectably corrupted.
System Model. Because the nodes of MANET are mobile, the nodes may move away from the MANET or return at any time. In our system, a node that moves away from the MANET in the message-exchange phase is called an “away node”, while a node that returns to the MANET before the decision-making phase is called a “return node”. Because an away node moves away from the MANET, an away node cannot transmit and receive messages from other nodes in the MANET. The detailed descriptions of the message-exchange phase and decision-making phase will be presented in Section 3.1 and 3.2. The BA and FDA problems are considered in an MANET with fallible nodes. The faulty type of a fallible node is malicious (worst case). An MANET example is shown in Figure 1. The assumptions and parameters of the system are listed as follows: ■ Each node in the MANET can be uniquely identified. ■ Let N be the set of all nodes in the network and ∣N∣= n, where n is the number of nodes in the underlying MANET, and n≥4. ■ One of nodes is designated as the source node that holds an initial value. ■ The nodes of the underlying MANET are assumed fallible. a sender node. ■ A node that transmits messages is called ■ There is only one source node that transmits in the BA problem. messages in the first message exchange round ■ Let fm be the maximum number of malicious faulty nodes. ■ Let fa be the maximum number of away nodes. ■ Each node can detect a node that is not in the MANET. ■ A node does not know the faulty status of other nodes.
System Model. Processes The message passing system is formed by a set Π of processes, such that the size n of Π is greater than 1. We use id(i) to denote the identity of the process pi ∈ Π. Homonymy There could be homonymous processes [2], that is, different pro- cesses can have the same identity. More formally, let ID be the set of different identities of all processes in Π. Then, 1 ≤ |ID| ≤ n. So, in this system, id(i) can be equal to id(j) and pi be different of pj (we say in this cases that pi and pj are homonymous). Note that anonymous processes [5] are a particular case of homonymy where all processes have the same identity, that is, id(i) = id(j), for all pi and pj of Π (i.e., |ID| = 1).
System Model. In this section, we first describe the network model compris- ing of details regarding the availability and cost of obtaining an idle TF block. Then, a description of utility achieved by applications from reserving the spectrum in advance is discussed.
System Model. We begin by describing a system model suitable for the deployment scenarios of WBANs. In this model, a System Administrator (SA) initializes the network. The network is composed of three types of nodes; a Hub Node (HN ), Intermediary Nodes (IN ) and Normal Nodes (N ). As the HN is usually a resourceful device with better hardware protection mechanisms in place, we assume it to be trusted and its secret Master Key to be protected. Normal nodes N are resource constrained and their transmission range is assumed to be limited; in particular, they are not always able to communicate directly with HN . Intermediary nodes IN are also located in and around the body but, at a particular time instance, are in direct communication with both N and HN , thus acting as intermediary nodes for the purpose of relaying traffic between HN and N when required.
System Model. The system model of our proposed scheme is illus- trated in Fig. 1. There are three main components: a TA, OBUs and RSUs. TA: Generally, TA is considered as a highly trusted and powerful component in the proposed authentica- tion scheme. Moreover, TA may generate and distribute group key for vehicles for secure V2V communications. Once emergencies happen, TA may track the malicious vehicles with the vehicle’s pseudonym[12][14]. RSU: RSUs are fixed infrastructures deployed on Fig. 1 System model the roadside or some installations. RSU is not com- pletely trusted. Therefore, it must be authenticated by vehicles. In the proposed scheme, they are relay nodes between vehicles and TA[12][14]. OBU: Each vehicle is equipped with an on-board unit (OBU) with tamper-proof equipment. The OBU is responsible for storing the real identity of the vehicle, synchronizing the clock and some secret information to perform cryptographic operations[12][14].
System Model. Figure 1 shows the system model considered in this paper, in which we consider three major participants: a set of UAVs, a set of communication infrastructure or mobile edge computing operators [12], and a UAV service provider (USP) or the organization that owns the UAVs. Note that the communi- cation/MEC operators are companies that are different from the USP and specialize in providing connectivity, real-time analytics, and data processing support to the UAVs. For simplicity, we refer to these third-party communication service providers as well as mobile edge computing service providers as “MEC operators”. There are two major entities in an USP: control and monitoring center (CMC), and cloud data center (CDC). All UAVs are equipped with two PUFs [13] and also integrated with other services such as global positioning system (GPS), wireless communication interface, etc. In order to embark on a mission and be operational, each UAV first needs to register with the USP. Similarly, each MEC operator is required to register with the USP as well and they communicate with the USP via a secure channel. Each UAV is required to send its field data to the USP via a MEC operator. The MEC operators have enough computational capability to support both the UAV and the USP to establish a session key for facilitating secure communication. Since the operational region of the UAVs may span large geographical areas, the area over which a MEC operator provides its service is divided into several smaller regions. Also, it is possible that a single MEC operator does not provide coverage over all regions of interest for a USP. Thus, a USP may rely on more than one MEC operator for its operation. Also, in places with more than one MEC operator, the service rate and effectiveness of each MEC operator may vary based on the location and other factors. For instance, the service rate provided by the MEC operator in region Y (RegY in Fig. 1) could be higher than that in region X (RegX in Fig. 1). Thus, the UAVs should be capable of authenticating with multiple MEC operators without any compromise in their privacy.
System Model. In this section, we describe the model of an RTCS with a single controller that we will replicate using Quarts. The controller is as shown in Algorithm 1 without the parts in red (lines 11-13, 15); and all replicas are copies of the same controller. The part in red is Quarts, which extends the controller model, and is discussed in detail in Section IV. 3 Z ← ∅; // vector of measurements with label r 4 H ← ∅; // controller state after computing setpoints with label r− 6 repeat // Thread 1: Receive and aggregate measurements ← 7 Z, r aggregate_received_measurements(r); 8 forever; 10 repeat // Thread 2: Compute and issue setpoints 11 if r > r− then ← 12 success, Z, H, r− collect_and_vote(Z, H, r, r−); 13 end ← 14 decision ready_to_compute(Z, H, r); 15 if success and decision then ← − 16 X compute_setpoints(Z, H, r r−); ← − 17 H update_state(Z, H, r r−); 18 issue(X, r); ←
