A production-grade distributed file system with 3-way replication, mutual TLS encryption, Totally Ordered Multicast, Raft leader election, and deliberate attack demonstrations — all built in pure Java RMI.
Every layer of a real distributed system, hardened for security
Every file write is replicated to all three nodes. Lose one, lose two — the system keeps serving data with no single point of failure.
Lamport logical clocks + ACK protocol guarantee every replica applies writes in the exact same order — no divergence, ever.
Automatic leader election with randomized timeouts. Heartbeats keep the cluster stable. If the leader crashes, a new one takes over in milliseconds.
No plaintext TCP. Every connection — client↔auth, client↔node, node↔node — is encrypted with mutual TLS. Both sides present certificates.
Custom ObjectInputStream subclass with a strict class whitelist. Any class not explicitly allowed is rejected before instantiation — gadget chains can't fire.
Every write carries a UUID nonce and timestamp. Server rejects any operation older than 5 minutes or with a nonce already seen — replays are dead on arrival.
260,000 iterations of SHA-256 with per-user random salt. Constant-time comparison prevents timing side-channel attacks.
Two complete codebases side by side. The vulnerable version has all 5 flaws intentionally exposed. The secured version patches every one — learn by comparing.
Five logical components communicating over mutual TLS RMI