350 likes | 357 Views
This article discusses a distributed P2P storage service that utilizes adaptive trust assessment to ensure long-term trusted storage of electronic documents. It explores the architecture, challenges, and research issues associated with such a service.
E N D
A Distributed P2P Storage Service, Adaptive to Trust Assessment Marco Casassa Mont (marco_casassa-mont@hp.com ) Lorenzo Tomasi (University of Bologna) Trusted E-Services Laboratory (TESL) Hewlett-Packard Laboratories, Bristol, UK
Table of Contents • Background • Trust E-Services • Distributed Long-term Trusted E-Record Storage • Distributed P2P Storage Service • Model • Conclusions & some Future Trends
Storage -contracts -keys -evidential documents Evidential Analysis real time Monitoring Notary Underwriter Policy Identity tracking Reliable Messaging Transactions, contracts, agreements, e-records B2B, B2C, P2P, … Credential Management Access Control Restoration Services Trust E-Services
Long-Term Trusted Storage • Purpose: Long-term preservation of electronic documents • Longevityof e-Documents (E-records) and Processes • Survivability • Long-term identity management and access control • Long-term Renewal of information • Long term Renewal of signatures & time-stamps • Migration of data through technology • Accountability • Integrity • Privacy & Confidentiality • Non-Repudiation • Authenticity
Storage SLAs User/ Application E-Record (Evidence) E-Record Clusters: - Conversation - Bundle Portals Add Retrieve Modify Delete Distributed Long-Term Trusted Storage DERMS Services Distributed E-Records Management & Storage
Distributed Long-term Trusted Storage Architecture Decentralization & Distribution Application Layer • Randomness: • Portals • Service Pools • Services • Storages Portal Layer Portal Portal Portal Diversity Indexing & Management Layer • Replication: • Stored Documents • Metadata Service Pool Service Pool Management Service Pool “Lazy transactional” behaviour Service Pool Service Pool Physical Storage Layer Monitoring Storage Systems Self healing …
Alternative long-term Storage Service • PCs: geographically distributed • (survivability) • Their storage capacity and CPU • time are not fully used • Context: Medium/Large Enterprise • Dynamic (in the medium/long term): • PCs • employees/people • Collaborative but unreliable • not necessary trusted
Research Issues Challenge: cope with a dynamic and unreliable environment PC obsolescence timeframe: 3-4 years Medium-Large enterprise: 15000 people PCs: 10000 Percentage of PCs involved in the service: 10% Number of PCs: 1000 Average obsolescence of involved PCs (per year): 250 (1/4* 1000) This without considering faults, loss of data, PC’s owner accidental and intentional data deletion, time zones, etc. ….
none Trust full centralized centralized distributed Control Resources distributed Research Space: Choices Resources: distributed • Control: variable • not fully centralized • (take advantage of • distributed resources) • not fully distributed • (likely anarchic, need • for a trusted access point • for DERMS Services) • Trust: variable • resources’ behaviour is very dynamic “Trust”: belief that someone/something is going to act and behave as expected
Hybrid P2P Model A A DERMS Services A Trusted Not trusted A Controller Peers • Trusted controller, acting as Gateway with DERMS services • Agents installed on distributed PCs • (not necessarily trusted, at least initially)
Agent Installation (on Peers) A A A Trusted Not trusted A Agents installed on requests (by PCs’ users)
Storage, Retrieval, Deletion of E-Records A A DERMS Services A Trusted Not trusted A • - Replication of stored E-Records • Integrity Check during E-Record retrieval
Tasks Delegation A A DERMS Services A Trusted Not trusted A - Delegation of Tasks to Peers (if Authorised)
Peer-to-Peer Interaction A A DERMS Services A Trusted Not trusted A • Peer-to-Peer interaction triggered by an Agent • (if Authorised)
Is this Sufficient? • Are distribution and replication sufficient to achieve long-term storage? • It depends … • In case of dynamic environment, peers may: • not be available • lose data (or data may get corrupted) • not be able to complete tasks • “Blind” delegation of tasks to Peers
Need for an Adaptive System • Monitor Distributed Peers • Learn from Peers’ behaviour • Adopt dynamic working criteria • “delegation of tasks to peers” depending on peers’ reliability • Select contextual policies depending on peers’ behaviour and • environment dynamics
Monitoring & Learning • Monitoring Objectives: • control replicas’ status (survivability) • observe peers’ behaviour • gather information about peers • trigger reactions • Learn about: • Peers’ availability • Peers’ reliability • Correctness of document replicas • Peers’ ability to complete tasks with success • Peers’ response time • …
Adaptation driven by “Trust Rating” • Aggregation of measures of reliability/ trustworthiness • in TrustRating Information • Usage of Trust Rating Information to dynamically adapt service • by making decision on allocation of storage and delegation tasks • Delegation and Storage Policies driven by measures of trust • Usage of “Trust and Reliability Functions” to define Trust Metrics • based on measured indicators (parameters) “Trust”: belief that a Peer/Resource is going to act and behave as expected
High Level Architecture DERMS Services Central Control Agent Component Communication Manager Secure Communication Manager Connections Task Rating Monitoring Manager Module Module Rating Monitoring Module Module Task Agents Storage Module Registration Manager Local Secure Storage Module Repository Storage Scheduler Secure Connections Index and Registration Secure Repository UNTRUSTED TRUSTED Enterprise
Basic Mechanisms • Communication: authentication based • on secure link (SSL) • Delegation: authorization token • (SPKI based) • Integrity management: hash value, digital signature • Confidentiality: encryption • Survivability: documents’ replication
Conclusions • Usage of distributed cheap resources and agents to underpin • survivability of data over long time • P2P architecture viable to decongest central control • Hybrid control as a balance between full centralization • and completely distributed control (anarchism) • Trust Assessment to underpin adaptability in • dynamic distributed environment • Our approach: • reduces risks in very dynamic environments (Best Effort) • introduces overhead: … need for a “real-life” trial • requires a sustained number of participants
Future Trends on Distributed Systems • Growing importance of Distributed Web Services: • - within Enterprises and across Enterprises (on the Internet) • Growing importance of Peer-to-Peer based environments: • - mobile systems/services, collaborative environments, • dynamic business interactions, resource sharing, etc. • Importance of Adaptability of Systems and Services • to the behaviour of (the involved) resources • (Reliability and Trustworthiness are crucial aspects to be considered) • Keyrole for Trust Services to reduce Risks and increase • Accountability
Use Cases • Agents (on PCs) join or leave the Storage Service • DERMS Service initiative: store, retrieve, delete • Peer’s initiative
Use Case: Retrieve DERMS Services 5. Return the 1. Request to document retrieve a document Central 3. Retrieve a Control Replica Component 2. Retrieve from the Index a Peers list of location where the document has been stored 4. Decrypt and verify the integrity of the replica. If the replica is compromised, repeat step 3. Collaborative Enterprise Environment
Use Case: Delegation of Monitoring Tasks
High Level Architecture • Information base: basic information module and rating information module • Monitoring module • Rating module • Engines for testing, storage, deletion, and retrieval • Registration module • keys and identities manager • Communication manager
Information base High Level Architecture May update Policy-based and “planning” components May influence Engines Interaction with peers (via communication manager) Monitoring
Monitoring Module List of tasks Tasks manager From/to engines requests Generator Delegation manager From/to information base Scheduler
Rating Module Rating information db Trust function Information on peers’ behaviour queries “events” generator notifications