Enforcement of Communal Policies for Peer-to-Peer Systems

Peer-to-peer (P2P) computing, where peers in a community interact directly with each other rather than through intermediary servers, is emerging as a powerful paradigm for collaboration over the Internet. However, this paradigm poses a difficult challenge: how to ensure the harmonious, safe, and secure operation of these communities, particularly if they are large and geographically distributed, such that the collaborating principals may not even know or trust each other. Generally, members of such a community must conform to an application specific communal policy (or protocol), if the community is to operate smoothly and securely. Typically, the purpose of such a policy is either (a) to provide for effective coordination between members of the community, and/or (b) to ensure the security of community members, and of the information they share with each other. The question we address in this paper is, how can such a communal policy be established reliably and in a scalable manner? That is, how can one ensure—in a manner consistent with the decentralized nature of the P2P model—that all members of a given P2P community comply with its communal policy? While some communities can rely on voluntary compliance with their stated policy, we believe that many policies required for future P2P applications will not lend themselves to voluntary compliance alone. Such policies, we maintain, need to be enforced to be reliable. We illustrate the nature of such policies by means of an example of a community that operates like Gnutella, but which is established to exchange more sensitive and critical information than music files. Then, we propose to employ the intrinsically distributed control mechanism called Law-Governed Interaction (LGI) for the scalable enforcement of communal P2P policies. To demonstrate the efficacy of the proposed approach, we show how our example policy can be formulated and enforced under LGI. Finally, we modify an existing open-source Gnutella client to work with LGI and show that the use of LGI incurs little overhead.