Presentation is loading. Please wait.

Presentation is loading. Please wait.

OceanStore: Data Security in an Insecure world John Kubiatowicz.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "OceanStore: Data Security in an Insecure world John Kubiatowicz."— Presentation transcript:

1 OceanStore: Data Security in an Insecure world John Kubiatowicz

2 OceanStore:2Networking Day©2001 John Kubiatowicz/UC Berkeley OceanStore Context: Ubiquitous Computing Computing everywhere: –Desktop, Laptop, Palmtop –Cars, Cellphones –Shoes? Clothing? Walls? Connectivity everywhere: –Rapid growth of bandwidth in the interior of the net –Broadband to the home and office –Wireless technologies such as CMDA, Satelite, laser But: Where is persistent information? –Must be the network! –Utility Model

3 OceanStore:3Networking Day©2001 John Kubiatowicz/UC Berkeley Utility-based Infrastructure Pac Bell Sprint IBM AT&T Canadian OceanStore IBM How many files in the OceanStore? –Assume 10 10 people, 10,000 files/person (very conservative?) –So 10 14 files in OceanStore! –If 1 gig files (ok, a stretch), get almost 1 mole of bytes!

4 OceanStore:4Networking Day©2001 John Kubiatowicz/UC Berkeley Basic Structure: Untrusted, Peer-to-peer Model

5 OceanStore:5Networking Day©2001 John Kubiatowicz/UC Berkeley But What About Security? End-to-End and Everywhere Else! –Protection at all levels –Data Protected Globally –Attacks recognized and squashed locally How is information protected? –Encryption for privacy –Secure Naming and Signatures for authenticity –Byzantine commitment for integrity Is it Available/Durable? –Redundancy with continuous repair –Redistribution for long-term durability Is it hard to manage? –Automatic optimization, diagnosis and repair

6 OceanStore:6Networking Day©2001 John Kubiatowicz/UC Berkeley Secure Naming Unique, location independent identifiers: –Every version of every unique entity has a permanent, Globally Unique ID (GUID) –GUIDs derived from secure hashes (e.g. SHA-1) –All OceanStore operations operate on GUIDs Naming hierarchy: –Users map from names to GUIDs via hierarchy of OceanStore objects (ala SDSI) Each link is either a GUID (RO) Or a GUID/public key combination Foo Bar Baz Myfile Out-of-Band “Root link”

7 OceanStore:7Networking Day©2001 John Kubiatowicz/UC Berkeley GUIDs  Secure Pointers Name+Key Active GUID Global Object Resolutions Floating Replica (Active Object) Active Data Commit Logs CKPoint GUID Archival GUID Signature RP Keys ACLs MetaData Global Object Resolution Archival copy or snapshot Archival copy or snapshot Archival copy or snapshot Erasure Coded Archival GUID Signature Inactive Object Global Object Resolution

8 OceanStore:8Networking Day©2001 John Kubiatowicz/UC Berkeley But What About the Red Arrows? Location-Independent Routing!

9 OceanStore:9Networking Day©2001 John Kubiatowicz/UC Berkeley 4 2 3 3 3 2 2 1 2 4 1 2 3 3 1 3 4 1 1 43 2 4 Start with: Tapestry Routing Mesh NodeID 0x43FE NodeID 0x13FE NodeID 0xABFE NodeID 0x1290 NodeID 0x239E NodeID 0x73FE NodeID 0x423E NodeID 0x79FE NodeID 0x23FE NodeID 0x73FF NodeID 0x555E NodeID 0x035E NodeID 0x44FE NodeID 0x9990 NodeID 0xF990 NodeID 0x993E NodeID 0x04FE NodeID 0x43FE

10 OceanStore:10Networking Day©2001 John Kubiatowicz/UC Berkeley Then add: Location-Independent Routing

11 OceanStore:11Networking Day©2001 John Kubiatowicz/UC Berkeley Secure Routing Node names are hash of public key –Requests can be signed –Validate Responses in Request/response pairs Data validation built into network: –Pointers signed –Publication process verified –Responses from servers verified by checking GUIDs Denial of Service resilence: locality/redundancy –MACs along all links: local suppression of DoS –Multiple roots to avoid single points of failure –Multiple links for rapid recovery –Pointers provide locality: Find closest version of object

12 OceanStore:12Networking Day©2001 John Kubiatowicz/UC Berkeley What about Update Integrity? Byzantine Agreement!

13 OceanStore:13Networking Day©2001 John Kubiatowicz/UC Berkeley The Path of an OceanStore Update

14 OceanStore:14Networking Day©2001 John Kubiatowicz/UC Berkeley Consistency Mechanism applied directly to encrypted data!

15 OceanStore:15Networking Day©2001 John Kubiatowicz/UC Berkeley Archival Dissemination Built into Update

16 OceanStore:16Networking Day©2001 John Kubiatowicz/UC Berkeley Conclusion: End-to-End and Everywhere Else Secure read-only data Secure the commitment protocols Secure the routing infrastructure Continuous adaptation and repair For more information: http://oceanstore.cs.berkeley.edu/

Download ppt "OceanStore: Data Security in an Insecure world John Kubiatowicz."

Similar presentations

Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.

Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.
Tapestry: Decentralized Routing and Location SPAM Summer 2001 Ben Y. Zhao CS Division, U. C. Berkeley.

Tapestry: Decentralized Routing and Location SPAM Summer 2001 Ben Y. Zhao CS Division, U. C. Berkeley.
What is OceanStore? - 10^10 users with 10.000 files each - Goals: Durability, Availability, Enc. & Auth, High performance - Worldwide infrastructure to.

What is OceanStore? - 10^10 users with files each - Goals: Durability, Availability, Enc. & Auth, High performance - Worldwide infrastructure to.
Storage management and caching in PAST Antony Rowstron and Peter Druschel Presented to cs294-4 by Owen Cooper.

Storage management and caching in PAST Antony Rowstron and Peter Druschel Presented to cs294-4 by Owen Cooper.
Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility Antony Rowstron, Peter Druschel Presented by: Cristian Borcea.

Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility Antony Rowstron, Peter Druschel Presented by: Cristian Borcea.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
CTO Office Reliability & Security Distinctions and Interactions Hal Lockhart BEA Systems.

CTO Office Reliability & Security Distinctions and Interactions Hal Lockhart BEA Systems.
POND: the OceanStore Prototype Sean Rhea, Patrick Eaton, Dennis Geels, Hakim Weatherspoon, Ben Zhao and John Kubiatowicz UC, Berkeley File and Storage.

POND: the OceanStore Prototype Sean Rhea, Patrick Eaton, Dennis Geels, Hakim Weatherspoon, Ben Zhao and John Kubiatowicz UC, Berkeley File and Storage.
Pond: the OceanStore Prototype CS 6464 Cornell University Presented by Yeounoh Chung.

Pond: the OceanStore Prototype CS 6464 Cornell University Presented by Yeounoh Chung.
David Choffnes, Winter 2006 OceanStore Maintenance-Free Global Data StorageMaintenance-Free Global Data Storage, S. Rhea, C. Wells, P. Eaton, D. Geels,

David Choffnes, Winter 2006 OceanStore Maintenance-Free Global Data StorageMaintenance-Free Global Data Storage, S. Rhea, C. Wells, P. Eaton, D. Geels,
OceanStore: An Infrastructure for Global-Scale Persistent Storage John Kubiatowicz, David Bindel, Yan Chen, Steven Czerwinski, Patrick Eaton, Dennis Geels,

OceanStore: An Infrastructure for Global-Scale Persistent Storage John Kubiatowicz, David Bindel, Yan Chen, Steven Czerwinski, Patrick Eaton, Dennis Geels,
Option 2: The Oceanic Data Utility: Global-Scale Persistent Storage John Kubiatowicz.

Option 2: The Oceanic Data Utility: Global-Scale Persistent Storage John Kubiatowicz.
1 U.S. Department of the Interior U.S. Geological Survey A Cognitive Agent Based Geospatial Data Distribution System 12 May 2006.

1 U.S. Department of the Interior U.S. Geological Survey A Cognitive Agent Based Geospatial Data Distribution System 12 May 2006.
OceanStore Global-Scale Persistent Storage John Kubiatowicz University of California at Berkeley.

OceanStore Global-Scale Persistent Storage John Kubiatowicz University of California at Berkeley.
OceanStore Exploiting Peer-to-Peer for a Self-Repairing, Secure and Persistent Storage Utility John Kubiatowicz University of California at Berkeley.

OceanStore Exploiting Peer-to-Peer for a Self-Repairing, Secure and Persistent Storage Utility John Kubiatowicz University of California at Berkeley.
Option 2: The Oceanic Data Utility: Global-Scale Persistent Storage John Kubiatowicz.

Option 2: The Oceanic Data Utility: Global-Scale Persistent Storage John Kubiatowicz.
OceanStore Status and Directions ROC/OceanStore Retreat 1/16/01 John Kubiatowicz University of California at Berkeley.

OceanStore Status and Directions ROC/OceanStore Retreat 1/16/01 John Kubiatowicz University of California at Berkeley.
OceanStore Global-Scale Persistent Storage John Kubiatowicz.

OceanStore Global-Scale Persistent Storage John Kubiatowicz.
OceanStore: An Architecture for Global-Scale Persistent Storage John Kubiatowicz University of California at Berkeley.

OceanStore: An Architecture for Global-Scale Persistent Storage John Kubiatowicz University of California at Berkeley.
1 OceanStore Global-Scale Persistent Storage Ying Lu CSCE496/896 Spring 2011.

1 OceanStore Global-Scale Persistent Storage Ying Lu CSCE496/896 Spring 2011.

Similar presentations

Ads by Google