1 / 13

Agile Survivable Store

Agile Survivable Store. PIs: Mustaque Ahamad, Douglas M. Blough, Wenke Lee and H.Venkateswaran PhD Students: Prahlad Fogla, Lei Kong, Subbu Lakshmanan, Arun Subbiah. Motivation. Secure and highly available storage of confidential and critical information Agility

keaton-petty
Download Presentation

Agile Survivable Store

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Agile Survivable Store PIs: Mustaque Ahamad, Douglas M. Blough, Wenke Lee and H.Venkateswaran PhD Students: Prahlad Fogla, Lei Kong, Subbu Lakshmanan, Arun Subbiah

  2. Motivation • Secure and highly available storage of confidential and critical information • Agility • Everyone is good assumption provides better performance but highly vulnerable to compromises by malicious entities • Being paranoid at all times could severely limit performance or availability • Support various types of security (e.g., confidentiality, availability & integrity) • Allow security levels to be changed dynamically based on application needs or perceived level of threats

  3. Agile Store Architecture Server fault detection Distributed store Security manager Clients Client intrusion detection

  4. Availability through Replication • Objects are replicated on multiple servers • Quorum techniques are used to improve performance over full replication • objects are written to a subset of servers (write quorum) • objects are read from a different subset of servers (read quorum) • all write quorums intersect with all read quorums to ensure most up-to-date data is always read • background dissemination updates servers that are not part of a write quorum to provide same availability as full replication • Adaptive quorum protocols are being developed to allow system and quorum sizes to be changed dynamically

  5. Confidentiality through Fragmentation Disseminate along a column f3 f1 f2 Write along a row Read along a row Periodic share renewal

  6. Agility through Intrusion and Fault Detection • Client profiling to detect suspicious client behavior • Monitoring of quorum protocols to detect faulty or compromised servers • to interfere with store, a server must deviate from quorum protocols • deviation from protocols causes server to be detected as faulty • forces compromised servers to behave correctly in order to escape detection

  7. Architecture for Server Fault Detection Distributed store P P Server fault detection Clients

  8. Distribution of Up-To-Date Responses from a Correct Server write quorum size = 34, n = 50, random quorum selection

  9. Detection Probability

  10. Proposed Work: Prototype Filesytem Implementation Data Servers Client Agent Data operations Appln FS calls Metadata operations NFS client Agile Store Service BFT metadata Service

  11. Proposed Work: Prototype Details • Application interface • Standard Posix file system calls • Extended API for applications that need flexible control • Metadata service implemented by Byzantine fault-tolerant state machine with strong consistency model • Data servers execute data operations and monitor the behavior of other data servers by acting as proxies • MAC used to prevent faulty proxy server from tampering with data communication

  12. Proposed Work: Prototype Details (cont.) • Data access requests are authenticated and authorized individually by each server • Access control managed at metadata servers and enforced by data servers • All traffic through secure channels • A simple Public Key Infrastructure used for key management • Symmetric keys negotiated when necessary or periodically • Data is fragmented and/or replicated (user-selectable)

  13. Deliverables and Milestones • Initial agile filesystem prototype (crypto infrastructure, replication, fragmentation, basic read/write protocols): Summer 2003 • Full prototype (initial prototype + intrusion/fault detection and reconfiguration): December 2003

More Related