srlog2

High-Level Goals

• Reliable log delivery
• Messages must be recorded in order of delivery (per service)
• Low overhead
• Reliability across sender crashes
• Non-forgeable (authentication)
• Non-sniffable (encryption)

Design Issues

1. Lost message / receiver outage

   If a message is lost between the sender and the receiver, reasonable effort must be made to retransmit that message.

   Solution: If the sender does not acknowledge a message within a brief interval, write the message and all subsequent messages to a file, and retry the first lost message until it is accepted. At that time, resend all the subsequent messages and remove the file.

2. Lost ack / sender outage

3. Duplicated message

   If an ack is lost, the original message may be retransmitted. The duplicate must not enter the logs.

   Solution: The sender will apply a sequence number to all messages. The receiver will acknowledge and drop all authenticated messages with a sequence number less than the one it expects to see next.

4. Lost message during retransmit

   If a message is lost during retransmit, all messages between the lost message and the current message must be retransmitted.

5. Lost ACK during retransmit

6. Sender crash

7. Forged message

   The system must prevent an attacker from adding a forged message to the logs for any system.

8. Forged acknowledgement

   The system must prevent an attacker from forging an acknowledgement for a message. While this may not appear to be a big deal, it may result in lost messages in the worst case.

9. Intercepted message

   The system must prevent an attacker from discerning the contents of a message.

   Solution: Encrypt messages. Blowfish? DES? Rijndael?

Ideas / Optimizations

• Reduce the number of times the buffer file is created and deleted by temporarily storing lines into an internal linked list while waiting for an ACK.
• Merge multiple messages into a single packet; merge multiple ACKs into a single packet.