DeWS: Decentralized and Byzantine Fault-tolerant Web Services

Many real-world applications employ web service frameworks to provide application programming interface (API) services to businesses and end-consumers, following a client-server architecture. Service providers typically run a web server to deliver services to consumers. Here, service providers and consumers often belong to different organisations in applications such as supply chain management and logistics. In multi-stakeholder safety-critical and mission-critical applications, the centralised web server delivers services by executing computations upon receiving consumers' API requests. Such computations may fail due to crash or byzantine failures. The former happens because of hardware or infrastructure faults, while the latter happens because of a malicious actor. Note that the organisation that runs the web server may act dishonestly by running computations incorrectly for financial benefits, or an external attacker may compromise the web server without the knowledge of the infrastructure owner. As a result of these failures, the centralised web server is susceptible to single-point-of-failure issues. The organisation that runs the web server must be blindly trusted and does not provide transparency and auditability to its clients. We propose DeWS, a Decentralised and Byzantine Fault-tolerant Web Service framework, which overcomes these single-point-of-failure issues while delivering transparency and auditability through a blockchain-based ledger. The proof-of-concept implementation of DeWS using the Tendermint blockchain platform shows that our framework can tolerate byzantine failures at the cost of high latency. DeWS is the first Byzantine Fault-tolerant web service framework. It can support a shift towards more decentralised web services to provide safety assurances for safety-critical and mission-critical applications.

Automated summary

Many real-world applications use web service frameworks to provide APIs to businesses and end-consumers. However, in applications like supply chain management, the organization running the web server may act dishonestly or the server may be compromised. To address this, we propose DeWS, a decentralized and Byzantine fault-tolerant web service framework that provides transparency and auditability through a blockchain ledger. Our proof-of-concept implementation shows that DeWS can tolerate Byzantine failures, although at the cost of high latency. This framework can support the shift towards more decentralized web services for safety-critical and mission-critical applications.