Presentation is loading. Please wait.

Presentation is loading. Please wait.

Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 A Distributed P2P.

Published byLaurence Perry Modified over 9 years ago

Similar presentations

Presentation on theme: "Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 A Distributed P2P."— Presentation transcript:

1 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 A Distributed P2P Storage Service, Adaptive to Trust Assessment Marco Casassa Mont (marco_casassa-mont@hp.com ) Lorenzo Tomasi (University of Bologna) Trusted E-Services Laboratory (TESL) Hewlett-Packard Laboratories, Bristol, UK

2 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Table of Contents  Background  Trust E-Services  Distributed Long-term Trusted E-Record Storage  Distributed P2P Storage Service  Model  Conclusions & some Future Trends

3 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Trust E-Services Notary Restoration Services Restoration Services Access Control Evidential Analysis Evidential Analysis Identity tracking Identity tracking Storage -contracts -keys -evidential documents Storage -contracts -keys -evidential documents real time Monitoring real time Monitoring Reliable Messaging Reliable Messaging Underwriter Credential Management Credential Management Policy Transactions, contracts, agreements, e-records B2B, B2C, P2P, …

4 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Purpose: Long-term preservation of electronic documents  Longevity of e-Documents (E-records) and Processes  Survivability  Long-term identity management and access control  Long-term Renewal of information  Long term Renewal of signatures & time-stamps  Migration of data through technology  Accountability  Integrity  Privacy & Confidentiality  Non-Repudiation  Authenticity Long-Term Trusted Storage

5 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Distributed Long-Term Trusted Storage Portals Storage SLAs E-Record (Evidence) E-Record Clusters: - Conversation - Bundle User/ Application Add Retrieve Modify Delete DERMS Services Distributed E-Records Management & Storage

6 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Portal Layer Indexing & Management Layer Physical Storage Layer Service Pool Management Service Pool Portal Storage Systems Application Layer Distributed Long-term Trusted Storage Architecture Replication: Stored Documents Metadata Randomness: Portals Service Pools Services Storages “Lazy transactional” behaviour Diversity Decentralization & Distribution Monitoring Self healing …

7 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 SAN, NAS, Distributed FSs, for example … Focus on rapid and frequent access to data Dedicated, expensive solutions Not really “Long-termed” Current Approach

8 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Research on alternative long-term storage service of e-records (for DERMS Services at the physical storage layer) Objectives Basic Requirements best-effort preservation a document for a long period storage, retrieval and deletion of documents Assumption High performance, rapid and frequent accesses are not a basic requirement

9 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 PCs: geographically distributed (survivability) Their storage capacity and CPU time are not fully used Alternative long-term Storage Service Context: Medium/Large Enterprise Dynamic (in the medium/long term): PCs employees/people Collaborative but unreliable not necessary trusted

10 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Research Issues Challenge: cope with a dynamic and unreliable environment Medium-Large enterprise: 15000 people PCs: 10000 PC obsolescence timeframe: 3-4 years Percentage of PCs involved in the service: 10% Number of PCs: 1000 Average obsolescence of involved PCs (per year): 250 (1/4* 1000) This without considering faults, loss of data, PC’s owner accidental and intentional data deletion, time zones, etc. ….

11 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Resources: distributed Trust: variable resources’ behaviour is very dynamic Control: variable not fully centralized (take advantage of distributed resources) not fully distributed (likely anarchic, need for a trusted access point for DERMS Services) Research Space: Choices Resources distributed centralized Control distributedcentralized Trust none full “Trust”: belief that someone/something is going to act and behave as expected

12 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 TrustedNot trusted DERMS Services A A A A A A A A Hybrid P2P Model ControllerPeers Agents installed on distributed PCs (not necessarily trusted, at least initially) Trusted controller, acting as Gateway with DERMS services

13 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 TrustedNot trusted A A A A A A A A Agent Installation (on Peers) Agents installed on requests (by PCs’ users)

14 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 TrustedNot trusted A A A A A A A A Storage, Retrieval, Deletion of E-Records DERMS Services - Replication of stored E-Records - Integrity Check during E-Record retrieval

15 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Tasks Delegation TrustedNot trusted A A A A A A A A DERMS Services - Delegation of Tasks to Peers (if Authorised)

16 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Peer-to-Peer Interaction Trusted Not trusted A A A A A A A A DERMS Services -Peer-to-Peer interaction triggered by an Agent (if Authorised)

17 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Are distribution and replication sufficient to achieve long-term storage? It depends … In case of dynamic environment, peers may: not be available lose data (or data may get corrupted) not be able to complete tasks  “Blind” delegation of tasks to Peers Is this Sufficient?

18 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Need for an Adaptive System Monitor Distributed Peers Learn from Peers’ behaviour Adopt dynamic working criteria “delegation of tasks to peers” depending on peers’ reliability Select contextual policies depending on peers’ behaviour and environment dynamics

19 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Monitoring & Learning Monitoring Objectives: control replicas’ status (survivability) observe peers’ behaviour gather information about peers trigger reactions Learn about: Peers’ availability Peers’ reliability Correctness of document replicas Peers’ ability to complete tasks with success Peers’ response time …

20 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Aggregation of measures of reliability/ trustworthiness in Trust Rating Information Usage of Trust Rating Information to dynamically adapt service by making decision on allocation of storage and delegation tasks Delegation and Storage Policies driven by measures of trust Usage of “Trust and Reliability Functions” to define Trust Metrics based on measured indicators (parameters) Adaptation driven by “Trust Rating” “Trust”: belief that a Peer/Resource is going to act and behave as expected

21 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Communication Manager Engines (store, delete, retrieve, etc …) “Intelligent” components (Task Mgr, Monitoring, Rating) High Level Architecture Agents are a cut-down version of the centralized controller Architecture is modular

22 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 DERMS Services Communication Manager Index and Secure Repository Monitoring Module Rating Module Storage Module Task Manager Communication Manager Monitoring Module Rating Module Storage Module Task Manager Enterprise Central Control Component Agents Agent Secure Connections Secure Repository Local Storage Scheduler TRUSTED UNTRUSTED Secure Connections Registration High Level Architecture

23 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Communication: authentication based on secure link (SSL) Delegation: authorization token (SPKI based) Integrity management: hash value, digital signature Confidentiality: encryption Survivability: documents’ replication Basic Mechanisms

24 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Usage of distributed cheap resources and agents to underpin survivability of data over long time P2P architecture viable to decongest central control Hybrid control as a balance between full centralization and completely distributed control (anarchism) Trust Assessment to underpin adaptability in dynamic distributed environment Our approach: reduces risks in very dynamic environments (Best Effort) introduces overhead: … need for a “real-life” trial requires a sustained number of participants Conclusions

25 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Future Trends on Distributed Systems Growing importance of Distributed Web Services: - within Enterprises and across Enterprises (on the Internet) Key role for Trust Services to reduce Risks and increase Accountability Importance of Adaptability of Systems and Services to the behaviour of (the involved) resources (Reliability and Trustworthiness are crucial aspects to be considered) Growing importance of Peer-to-Peer based environments: - mobile systems/services, collaborative environments, dynamic business interactions, resource sharing, etc.

26 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Backup Slides

27 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Agents (on PCs) join or leave the Storage Service DERMS Service initiative: store, retrieve, delete Peer’s initiative Use Cases

28 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Use Case: Join

29 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Use Case: Store

30 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Use Case: Retrieve DERMS Services Collaborative Environment Central Control Component Peers Enterprise 1. Request to retrieve a document 2. Retrieve from the Index a list of location where the document has been stored 4. Decrypt and verify the integrity of the replica. If the replica is compromised, repeat step 3. 3. Retrieve a Replica 5. Return the document

31 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Use Case: Delete

32 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Use Case: Peer-to-Peer

33 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Use Case: Monitoring

34 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Use Case: Delegation of Monitoring Tasks

35 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Information base: basic information module and rating information module Monitoring module Rating module Engines for testing, storage, deletion, and retrieval Registration module keys and identities manager Communication manager High Level Architecture

36 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 Engines Monitoring Interaction with peers (via communication manager) May influence Information base May update Policy-based and “planning” components High Level Architecture

37 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 List of tasks Generator Delegation manager requests From/to information base Tasks manager Scheduler From/to engines Monitoring Module

38 Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 “events” generator Trust function queries Information on peers’ behaviour notifications Rating information db Rating Module

Download ppt "Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 A Distributed P2P."

Similar presentations

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Page 1 Policy-Driven Systems for Enterprise-Wide Security Using PKI and Policies to build Trusted Distributed Authorization Systems Joe Pato Marco Casassa.

Page 1 Policy-Driven Systems for Enterprise-Wide Security Using PKI and Policies to build Trusted Distributed Authorization Systems Joe Pato Marco Casassa.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
High Availability Group 08: Võ Đức Vĩnh50703006 Nguyễn Quang Vũ50703033.

High Availability Group 08: Võ Đức Vĩnh Nguyễn Quang Vũ
Negotiated Revealing of Trader’s Credentials in e-Marketplaces: Dealing with Trust and Privacy Issues Marco Casassa Mont, Mike Yearworth

Negotiated Revealing of Trader’s Credentials in e-Marketplaces: Dealing with Trust and Privacy Issues Marco Casassa Mont, Mike Yearworth
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Chapter 19: Network Management Business Data Communications, 4e.

Chapter 19: Network Management Business Data Communications, 4e.
On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.

On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Peer-to-peer archival data trading Brian Cooper Joint work with Hector Garcia-Molina (and others) Stanford University.

Peer-to-peer archival data trading Brian Cooper Joint work with Hector Garcia-Molina (and others) Stanford University.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
GGF Toronto 19.02.02 Spitfire A Relational DB Service for the Grid Peter Z. Kunszt European DataGrid Data Management CERN Database Group.

GGF Toronto Spitfire A Relational DB Service for the Grid Peter Z. Kunszt European DataGrid Data Management CERN Database Group.
Improving Robustness in Distributed Systems Jeremy Russell Software Engineering Honours Project.

Improving Robustness in Distributed Systems Jeremy Russell Software Engineering Honours Project.
A. Frank 1 Internet Resources Discovery (IRD) Peer-to-Peer (P2P) Technology (1) Thanks to Carmit Valit and Olga Gamayunov.

A. Frank 1 Internet Resources Discovery (IRD) Peer-to-Peer (P2P) Technology (1) Thanks to Carmit Valit and Olga Gamayunov.
1 Introduction to Load Balancing: l Definition of Distributed systems. Collection of independent loosely coupled computing resources. l Load Balancing.

1 Introduction to Load Balancing: l Definition of Distributed systems. Collection of independent loosely coupled computing resources. l Load Balancing.
SOA Security Chapter 12 SOA for Dummies. Outline User Authentication/ authorization Authenticating Software and Data Auditing and the Enterprise Service.

SOA Security Chapter 12 SOA for Dummies. Outline User Authentication/ authorization Authenticating Software and Data Auditing and the Enterprise Service.
Essential Software Architecture Chapter Three - Software Quality Attributes Ian Gorton CS590 – Winter 2008.

Essential Software Architecture Chapter Three - Software Quality Attributes Ian Gorton CS590 – Winter 2008.
ALT-C2010 7/09/2010 14:50 Giving you back control of your data: An e-Qualification system for e-Portfolios Learning Societies Laboratory, School of Electronic.

ALT-C2010 7/09/ :50 Giving you back control of your data: An e-Qualification system for e-Portfolios Learning Societies Laboratory, School of Electronic.
Tcl Agent : A flexible and secure mobile-agent system Paper by Robert S. Gray Dartmouth College Presented by Vipul Sawhney University of Pennsylvania.

Tcl Agent : A flexible and secure mobile-agent system Paper by Robert S. Gray Dartmouth College Presented by Vipul Sawhney University of Pennsylvania.

Similar presentations

Ads by Google