| Mission-critical services must be replicated to guarantee correctness and high availability in spite of arbitrary (Byzantine) faults. Prior Byzantine-fault-tolerance (BFT) protocols guarantee safety and liveness of a limited class of replicated services that adhere to a severely restrictive service model. These protocols support only passive services that do not process long-lived computations in ongoing threads. Furthermore, most protocols support only self-contained services that do not process nested computations where sub-tasks are out-sourced to third-party services. Additionally, protocols that support nested computations fail to preserve the safety and liveness of replicated calling services when target services are faulty, leading to cascading failures in tiered architectures. Prior protocols also do not support asynchronous invocations from replicated calling services leading to greatly reduced throughput. These and other limitations make these protocols unsuitable for Service Oriented Architectures that combine the functionality advertised by mutually-independent services to perform high-level tasks.;We address these concerns with Perpetual, a protocol that guarantees safety and liveness of any deterministic replicated service in spite of Byzantine failures in a bounded number of replicas. Unlike prior protocols, Perpetual also guarantees the safety and liveness of replicated services during interactions with third-party services with any degree of replication. Perpetual supports replicated services that process long-lived computations in an active thread of control and invoke requests asynchronously. Our contributions include a novel mechanism for failure detection as well as safeguards against attacks aimed at reducing service throughput. We present a modular middleware implementation, an extension for integration with the Axis2 Web Services Framework, and experimental evaluations that demonstrate only a moderate overhead due to replication. |
