Presentation is loading. Please wait.

Presentation is loading. Please wait.

SPORC: Group Collaboration using Untrusted Cloud Resources Ariel J. Feldman, William P. Zeller, Michael J. Freedman, Edward W. Felten Published in OSDI’2010.

Published byCeleste Grisson Modified over 9 years ago

Similar presentations

Presentation on theme: "SPORC: Group Collaboration using Untrusted Cloud Resources Ariel J. Feldman, William P. Zeller, Michael J. Freedman, Edward W. Felten Published in OSDI’2010."— Presentation transcript:

1 SPORC: Group Collaboration using Untrusted Cloud Resources Ariel J. Feldman, William P. Zeller, Michael J. Freedman, Edward W. Felten Published in OSDI’2010. Presented by Cintia Silva Sandeep Vasani

2 Cloud Based Services Pros – Global accessibility, High availability – Fault tolerance – Elastic resource allocation and scaling Con – Fully trusted servers are high value targets for server attacks Must we sacrifice security and privacy to enjoy the benefits of cloud deployment?

3 Solution: SPORC Generic Centralized Solution Cloud based system which allows group collaboration services without requiring to trust your cloud provider Server: untrusted, assigns global order, stores updates in encrypted history, can be malicious Clients: handles security using Cryptographic Primitives, does conflict resolution and recover from malicious servers

4 Goals Flexible framework for a broad class of collaborative services Propagate modifications quickly Tolerate slow or discounted networks Keep data confidential from server Detect a misbehaving server Recover from malicious server behavior

5 Problem 1: Consistency Solution for consistency in optimistic replication through Operational Transform Client 1Client 2 o1: ABCDEo2: ABCDE o1: ABCEo2: ACDE o1: ACE o2: ABD Delete(4) Delete(2) Delete(4)Delete(2) After the two operations, object view at the clients o1 and o2 different After the applying OT, object view at the clients o1 and o2 same Client 1Client 2 o1: ABCDEo2: ABCDE o1: ABCEo2: ACDE o1: ACEo2: ACE Delete(4) Delete(2) Delete(3) Delete(2)

6 Problem 2: Malicious Servers Clients communicating via untrusted server: they may be provided with different views Fork* consistency guarantees that server misbehavior is detected within 1 fork (partition)

7 Data Structure Server maintains: – Encrypted history of operations Client maintains: – Document state (application-view) – Committed history of operations (maintains hash chain of committed operations) – Pending queue of uncommitted operations Document state includes both history and queue.

8 System Design Invariant 1: Local Coherence Invariant 2: Fork* Consistency Invariant 3: Client-Order Preservation

9 Operations Client Exchange two types of operations: – Document operation: changes to the content of the document – Meta-operations: changes to Access Control List(ACL) ACL user rights: reader, writer, admin Symmetric Key Maintenance is done via users with admin right without server’s involvement

10 Membership Management New Shared Key Shared Key (for efficiency) Old key needed to decrypt updates encrypted using it (new clients) Key shared with the new client New client generates current state from Ops stores at server

11 Implementation generic server client-libraries based on application type – sending, receiving, encryption, OT and consistency checks Authors have discussed the following applications: – Key-value store – collaborative text editor

12 Evaluation One server, four machines with multiple clients All machines were connected by gigabit switched Ethernet Two configurations: – Low Load: Single client sends operation – High Load: Every client sends operation Metrics: – Latency: “In-flight” time – Server throughput – Client time-to-join

13 Latency (1/2) Low Load Text Editor “Server processing” increases as broadcast to more clients Client overhead nearly constant

14 Latency (2/2) “Client queuing” increases with more clients “Server Processing” also increases High Load Text Editor

15 Server Throughput More payload => More processing/packet More payload => Processing overhead/byte decreases

16 Time to Join

17 Related Work Google Wave: – Centralized trusted server – Uses OT for conflict resolution does not make use of Fork* consistency – Like in SPORC only allows one operation “in flight” at once Bayou: – Decentralized P2P system – Application need to specify conflict detection and resolution protocol as an alternative to OT Venus: – Only for key-value stores – Requires a “core set” of clients to be online – Membership can’t be revoked Depot: – Applications-logic for conflict resolution – Client eq. to server, can also tolerate faulty clients

18 Discussion (1/2) Is the server needed at all? – Limited role: Assign increasing sequence number to updates – clients receive updates in the same order (TCP used). Store history – Required for timely notification and to achieve cloud based deployment Server attack to availability What if the server fails?

19 Discussion (2/2) How long will it take to detect a malicious server? – Crucial for overall system performance analysis but not discussed or evaluated in the paper How to recover from fork? – Use out of band client communication What if client is malicious? – Can happen and whole system fails They haven’t benchmarked their system to others using the same principles.

20 Future Work Detecting forks through out-of-band communication Supporting checkpoints to reduce the size of storing committed history Evaluating mean time it takes to detect a malicious server

21 Conclusion SPORC achieves cloud deployment benefits without sacrificing security and privacy with the use of untrusted servers. Combines OT and Fork* Consistency protocol to preserve consistency and converge to common shared state. System as such is still not completely secured against server availability attacks, malicious clients and server partition of clients.

22 Thank You Questions???

Download ppt "SPORC: Group Collaboration using Untrusted Cloud Resources Ariel J. Feldman, William P. Zeller, Michael J. Freedman, Edward W. Felten Published in OSDI’2010."

Similar presentations

Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Social Networking with Frientegrity Ariel J. Feldman Usenix Security.

Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Social Networking with Frientegrity Ariel J. Feldman Usenix Security.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Depot: Cloud Storage with Minimal Trust OSDI 2010 Prince Mahajan, Srinath Setty, Sangmin Lee, Allen Clement, Lorenzo Alvisi, Mike Dahlin, and Michael Walfish.

Depot: Cloud Storage with Minimal Trust OSDI 2010 Prince Mahajan, Srinath Setty, Sangmin Lee, Allen Clement, Lorenzo Alvisi, Mike Dahlin, and Michael Walfish.
SDN Controller Challenges

SDN Controller Challenges
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
Henry C. H. Chen and Patrick P. C. Lee

Henry C. H. Chen and Patrick P. C. Lee
Applicability of Instant Messaging in the Military Command and Control Systems Author: Juha Vermaja Superviser: Jorma Jormakka Instructor: Marko Luoma,

Applicability of Instant Messaging in the Military Command and Control Systems Author: Juha Vermaja Superviser: Jorma Jormakka Instructor: Marko Luoma,
SUNDR: Secure Untrusted Data Repository

SUNDR: Secure Untrusted Data Repository
Accountable systems or how to catch a liar? Jinyang Li (with slides from authors of SUNDR and PeerReview)

Accountable systems or how to catch a liar? Jinyang Li (with slides from authors of SUNDR and PeerReview)
CTO Office Reliability & Security Distinctions and Interactions Hal Lockhart BEA Systems.

CTO Office Reliability & Security Distinctions and Interactions Hal Lockhart BEA Systems.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
SANE: A Protection Architecture for Enterprise Networks Offense by: Amit Mondal Bert Gonzalez.

SANE: A Protection Architecture for Enterprise Networks Offense by: Amit Mondal Bert Gonzalez.
A Dependable Auction System: Architecture and an Implementation Framework

A Dependable Auction System: Architecture and an Implementation Framework
SPORC Group Collaboration using Untrusted Cloud Resources 1SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/10 Ariel J. Feldman,

SPORC Group Collaboration using Untrusted Cloud Resources 1SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/10 Ariel J. Feldman,
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Scaling Distributed Machine Learning with the BASED ON THE PAPER AND PRESENTATION: SCALING DISTRIBUTED MACHINE LEARNING WITH THE PARAMETER SERVER – GOOGLE,

Scaling Distributed Machine Learning with the BASED ON THE PAPER AND PRESENTATION: SCALING DISTRIBUTED MACHINE LEARNING WITH THE PARAMETER SERVER – GOOGLE,
Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.

Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.
Group Communications Group communication: one source process sending a message to a group of processes: Destination is a group rather than a single process.

Group Communications Group communication: one source process sending a message to a group of processes: Destination is a group rather than a single process.
2/18/2004 Challenges in Building Internet Services February 18, 2004.

2/18/2004 Challenges in Building Internet Services February 18, 2004.
Metrics for Evaluating ICEBERG ICEBERG Retreat Breakout Session Jan 11, 2000 Coordinators: Chen-Nee Chuah & Jimmy Shih.

Metrics for Evaluating ICEBERG ICEBERG Retreat Breakout Session Jan 11, 2000 Coordinators: Chen-Nee Chuah & Jimmy Shih.

Similar presentations

Ads by Google