Presentation is loading. Please wait.

Presentation is loading. Please wait.

Efficient Proactive Security for Sensitive Data Storage Arun Subbiah Douglas M. Blough School of ECE, Georgia Tech {arun,

Published byRoberta Douglas Modified over 8 years ago

Similar presentations

Presentation on theme: "Efficient Proactive Security for Sensitive Data Storage Arun Subbiah Douglas M. Blough School of ECE, Georgia Tech {arun,"— Presentation transcript:

1 Efficient Proactive Security for Sensitive Data Storage Arun Subbiah Douglas M. Blough School of ECE, Georgia Tech {arun, dblough}@ece.gatech.edu

2 Efficient Proactive Security for Sensitive Data Storage Arun Subbiah, Douglas M. Blough {arun, dblough}@ece.gatech.edu 2 Autonomic Proactive Detect failures Repair Distributed Data Storage System Autonomic Periodic refresh Proactive Autonomic / self-healing / adaptive –Detect storage node failure / compromise, then repair Proactive security and fault-tolerance –Refresh and renew, don’t rely on failure detector

3 Efficient Proactive Security for Sensitive Data Storage Arun Subbiah, Douglas M. Blough {arun, dblough}@ece.gatech.edu 3 Failure Detector for Byzantine Quorum Systems Integrated into a distributed filesystem prototype L. Kong, A. Subbiah, M. Ahamad, and D. M. Blough, "A Reconfigurable Byzantine Quorum Approach for the Agile Store," SRDS 2003 L. Kong, D. J. Manohar, A. Subbiah, M. Sun, M. Ahamad, and D. M. Blough, "Agile Store: Experience with Quorum-Based Data Replication Techniques for Adaptive Byzantine Fault Tolerance," SRDS 2005 FD Diagnosis Server Byzantine Quorum System Users

4 Efficient Proactive Security for Sensitive Data Storage Arun Subbiah, Douglas M. Blough {arun, dblough}@ece.gatech.edu 4 Failure Detector Performance in Byzantine Quorum Systems Probability of detection bad p

5 Efficient Proactive Security for Sensitive Data Storage Arun Subbiah, Douglas M. Blough {arun, dblough}@ece.gatech.edu 5 Proactive Security – Integrity and Confidentiality Protection p SVR1SVR2SVR3 Time Interval 1 Time Interval 2 Time Interval 3 Time Interval 4

6 Efficient Proactive Security for Sensitive Data Storage Arun Subbiah, Douglas M. Blough {arun, dblough}@ece.gatech.edu 6 Proactive Security – Confidentiality Protection Data storage using perfect secret sharing Problem: Perfect secret sharing schemes have high computation overhead; do not scale with large amounts of data Solution: The GridSharing Framework: Use XOR and replication A. Subbiah and D. M. Blough, "An Approach for Fault Tolerant and Secure Data Storage in Collaborative Work Environments," Workshop on Storage Security and Survivability, ACM CCS, 2005

7 Efficient Proactive Security for Sensitive Data Storage Arun Subbiah, Douglas M. Blough {arun, dblough}@ece.gatech.edu 7 Computation Overheads for Perfect Secret Sharing Verifiable secret sharing: Feldman’s scheme with Shamir’s scheme –Computation times during encoding and decoding over 700 ms For any 3 out of 5 shares scheme Compare with AES (Rijndael) symmetric key encryption –Encryption and decryption times approx. 205 μs Perfect secret sharing is over 3000 times slower than symmetric-key encryption The GridSharing framework: < 1 ms Computation times for an 8 KB data block on a Pentium 4 3GHz computer.

8 Efficient Proactive Security for Sensitive Data Storage Arun Subbiah, Douglas M. Blough {arun, dblough}@ece.gatech.edu 8 Proactive Security – Integrity Protection Each server periodically checks the integrity of its stored data with other servers. Repair if any corruptions are detected. Assume metadata is replicated at all servers Users

9 Efficient Proactive Security for Sensitive Data Storage Arun Subbiah, Douglas M. Blough {arun, dblough}@ece.gatech.edu 9 A Proactively-Secure Document Store Users upload / download encrypted documents. Documents stored at all the servers. Experiments run on the Emulab cluster (http://www.emulab.net). Users 100 Mbps LAN 1 Gbps LAN Time Interval Marker Diagnosis Server All machines: 3 GHz, 64-bit Xeon, 2 GB RAM, 146 GB hard disk

10 Efficient Proactive Security for Sensitive Data Storage Arun Subbiah, Douglas M. Blough {arun, dblough}@ece.gatech.edu 10 Throughput Measurement

11 Efficient Proactive Security for Sensitive Data Storage Arun Subbiah, Douglas M. Blough {arun, dblough}@ece.gatech.edu 11 Storage Repair Rate

12 Efficient Proactive Security for Sensitive Data Storage Arun Subbiah, Douglas M. Blough {arun, dblough}@ece.gatech.edu 12 PhD Work Byzantine-fault detection algorithms –Integrated with Reconfigurable Quorums to give Agile Store. Coding techniques for distributed storage –First secret sharing technique that scales with large amounts of data. Protocol design for integrity and confidentiality protection Prototype implementation and performance evaluation –First practical proactively-secure data store. –Scales to 100s GB of data. More info: http://www.arunsubbiah.com

Download ppt "Efficient Proactive Security for Sensitive Data Storage Arun Subbiah Douglas M. Blough School of ECE, Georgia Tech {arun,"

Similar presentations

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Henry C. H. Chen and Patrick P. C. Lee

Henry C. H. Chen and Patrick P. C. Lee
1 NCFS: On the Practicality and Extensibility of a Network-Coding-Based Distributed File System Yuchong Hu 1, Chiu-Man Yu 2, Yan-Kit Li 2 Patrick P. C.

1 NCFS: On the Practicality and Extensibility of a Network-Coding-Based Distributed File System Yuchong Hu 1, Chiu-Man Yu 2, Yan-Kit Li 2 Patrick P. C.
Abstract HyFS: A Highly Available Distributed File System Jianqiang Luo, Mochan Shrestha, Lihao Xu Department of Computer Science, Wayne State University.

Abstract HyFS: A Highly Available Distributed File System Jianqiang Luo, Mochan Shrestha, Lihao Xu Department of Computer Science, Wayne State University.
Trustworthy Services from Untrustworthy Components: Overview Fred B. Schneider Department of Computer Science Cornell University Ithaca, New York 14853.

Trustworthy Services from Untrustworthy Components: Overview Fred B. Schneider Department of Computer Science Cornell University Ithaca, New York
David Choffnes, Winter 2006 OceanStore Maintenance-Free Global Data StorageMaintenance-Free Global Data Storage, S. Rhea, C. Wells, P. Eaton, D. Geels,

David Choffnes, Winter 2006 OceanStore Maintenance-Free Global Data StorageMaintenance-Free Global Data Storage, S. Rhea, C. Wells, P. Eaton, D. Geels,
S EMINAR A SELF DESTRUCTING DATA SYSTEM BASED ON ACTIVE STORAGE FRAMEWORK ONON P RESENTED BY S HANKAR G ADHVE G UIDED BY P ROF.P RAFUL P ARDHI.

S EMINAR A SELF DESTRUCTING DATA SYSTEM BASED ON ACTIVE STORAGE FRAMEWORK ONON P RESENTED BY S HANKAR G ADHVE G UIDED BY P ROF.P RAFUL P ARDHI.
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
Aims and Motivation The goal of this project is to produce a secure and dependable way of distributing and storing data securely over a distributed system.

Aims and Motivation The goal of this project is to produce a secure and dependable way of distributing and storing data securely over a distributed system.
Sinfonia: A New Paradigm for Building Scalable Distributed Systems Marcos K. Aguilera, Arif Merchant, Mehul Shah, Alistair Veitch, Christonos Karamanolis.

Sinfonia: A New Paradigm for Building Scalable Distributed Systems Marcos K. Aguilera, Arif Merchant, Mehul Shah, Alistair Veitch, Christonos Karamanolis.
Security Considerations in Adaptive Middleware Security and Mobile Agents Ajanta – Mobile Agent’s research project papers (http://www.cs.umn.edu/Ajanta/publications.html)http://www.cs.umn.edu/Ajanta/publications.html.

Security Considerations in Adaptive Middleware Security and Mobile Agents Ajanta – Mobile Agent’s research project papers (
Last Class: Weak Consistency

Last Class: Weak Consistency
SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.

SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.
OceanStore: An Architecture for Global-Scale Persistent Storage Professor John Kubiatowicz, University of California at Berkeley

OceanStore: An Architecture for Global-Scale Persistent Storage Professor John Kubiatowicz, University of California at Berkeley
1 stdchk : A Checkpoint Storage System for Desktop Grid Computing Matei Ripeanu – UBC Sudharshan S. Vazhkudai – ORNL Abdullah Gharaibeh – UBC The University.

1 stdchk : A Checkpoint Storage System for Desktop Grid Computing Matei Ripeanu – UBC Sudharshan S. Vazhkudai – ORNL Abdullah Gharaibeh – UBC The University.
Servers Redundant Array of Inexpensive Disks (RAID) –A group of hard disks is called a disk array FIGURE 14-10 Server with redundant NICs.

Servers Redundant Array of Inexpensive Disks (RAID) –A group of hard disks is called a disk array FIGURE Server with redundant NICs.
Google Distributed System and Hadoop Lakshmi Thyagarajan.

Google Distributed System and Hadoop Lakshmi Thyagarajan.
A Server-less Architecture for Building Scalable, Reliable, and Cost-Effective Video-on-demand Systems Raymond Leung and Jack Y.B. Lee Department of Information.

A Server-less Architecture for Building Scalable, Reliable, and Cost-Effective Video-on-demand Systems Raymond Leung and Jack Y.B. Lee Department of Information.
Network Coding Distributed Storage Patrick P. C. Lee Department of Computer Science and Engineering The Chinese University of Hong Kong 1.

Network Coding Distributed Storage Patrick P. C. Lee Department of Computer Science and Engineering The Chinese University of Hong Kong 1.
SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.

SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.

Similar presentations

Ads by Google