Presentation is loading. Please wait.

Presentation is loading. Please wait.

SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.

Published byByron Maxwell Modified over 8 years ago

Similar presentations

Presentation on theme: "SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen."— Presentation transcript:

1 SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen

2 Cloud-based Collaborative Services Pros: -Global accessibility, High availability, -Fault tolerance, -Elastic resource allocation and scaling Cons and Problem: -Sacrifice in security and privacy What if the server is malicious?

3 Solution: SPORC Agnostic and untrusted server - provides a generic collaboration service - assigns a global order - stores updates in its encrypted history - can be potentially MALICIOUS

4 Solution: SPORC Smart Clients -guarantee security by users' cryptographic keys -provides operational transformation -provides fork* consistency -recover from malicious forks -access the documents on behalf of authorized users

5 Goals Flexible framework for a broad class of collaborative services Propagate modifications quickly Tolerate slow or discounted networks Keep data confidential Detect a misbehaving server Recover from malicious server behavior

6 Background: Operational Transformation Problem: Operations might conflict with each other Example: State: ABCDE Alice: op1='del 4' Bob: op2='del 2' naïve execution: Alice: ACE Bob:ACD OT enables optimal local updates and eventual consistency

7 Background: Operational Transformation Example: State: ABCDE Alice: op1='del 4'; op2' Bob op2='del 2'; op1'

8 Background: Fork* Consistency Problem: Divergent views from misbehaving server Solution: -Clients share information about the history - - Possible partitions into groups, but solvable

9 Deployment and Threat Model Deployment -Large number of users and documents -Server: replicating functionality and partitioning state -Client-driven failover and recovery Threat Model - Server: potentially malicious; unable to corrupt the clients' states - Client: trusts assigned according to the user; genuine code

10 System Overview

11 Invariance in SPORC Local Coherence: Starting from an empty state, applying the operations in commited history and pending queue will result in the current state Fork* Consistency Client-Order Preservation

12 Operations Labeled with the name of the user Digitally signed by the user's private key Includes the client ID Document Operations - encrypted under a symmetric key Meta Operations Why 2 different operations? Solution later.

13 Sequence Numbers and Hash Chains Client Sequence Number(clntSeqNo) Global Sequence Number(seqNo) Last Commited Operation(op n ) Last Commited Operation Number(prevSeqNo) Verification: - Client order preservation(Efficiency??) - Fork* consistency

14 Resolving confliects with OT Additional Operations from the Server -seqNo>preSeqNo+1 -op' new ← T(op new, ) Uncommited Operations in the Client's Pending Queue -

15 Membership Management Access Control List - reader, editor and administrator - ModifyUserOp Payloads encrypted by AES + users' public keys User Removal: new random AES key Barrier Operation -Continuous Chain of Keys(or Checkpoints)

16 Extension: Checkpoint Supported by individual clients CheckpointOp - Encryption with current document key - contains the hash of encrypted checkpoint data Verification of CheckpointOp - meta-history

17 Extension: Checking for Forks Out-of-Band Fork partition created by the server: -Clients of one fork might never know the history of clients of another fork Check for Forks Out-of-Band - Message exchanging between clients - - Request of missing operation from the server

18 Recovering from a Fork Recovery via a new server -Both clients will roll back their histories to their last common point before fork -One of them upload the common history to the new server -Both of them will resubmit the operations after the fork

19 Implementation generic server client-libraries -sending, receiving, encryption, OT and consistency checks Applications: -Key-value store -collaborative text editor

20 Experimentatal Evaluation Hardware -2.3GHz AMD Opteron -8GB of RAM -gigabit switched ethernet Metrics -Latency -Server throughput -Client time-to-join

21 Latency

22

23 Server Throughput

24 Client time-to-join

25 Conclusion OT enables optimistic updates and reconciles clients' conflicting states OT and fork* consistency complement each other well Membership mamangement architecture

26 Discussion The extension are not evaluated in this paper Check for Forks Out-of-Band or Recovering from a Fork: -What if the client is also malicious? -How should we prevent the client-server collusion? What is the mean time to detect a malicious server with no partition of forks and clients?

Download ppt "SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen."

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Social Networking with Frientegrity Ariel J. Feldman Usenix Security.

Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Social Networking with Frientegrity Ariel J. Feldman Usenix Security.
Depot: Cloud Storage with Minimal Trust OSDI 2010 Prince Mahajan, Srinath Setty, Sangmin Lee, Allen Clement, Lorenzo Alvisi, Mike Dahlin, and Michael Walfish.

Depot: Cloud Storage with Minimal Trust OSDI 2010 Prince Mahajan, Srinath Setty, Sangmin Lee, Allen Clement, Lorenzo Alvisi, Mike Dahlin, and Michael Walfish.
MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.

MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.
Enhancing Demand Response Signal Verification in Automated Demand Response Systems Daisuke Mashima, Ulrich Herberg, and Wei-Peng Chen SEDN (Solutions for.

Enhancing Demand Response Signal Verification in Automated Demand Response Systems Daisuke Mashima, Ulrich Herberg, and Wei-Peng Chen SEDN (Solutions for.
Henry C. H. Chen and Patrick P. C. Lee

Henry C. H. Chen and Patrick P. C. Lee
SPORC: Group Collaboration using Untrusted Cloud Resources Ariel J. Feldman, William P. Zeller, Michael J. Freedman, Edward W. Felten Published in OSDI’2010.

SPORC: Group Collaboration using Untrusted Cloud Resources Ariel J. Feldman, William P. Zeller, Michael J. Freedman, Edward W. Felten Published in OSDI’2010.
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
Chuang, Sang, Yoo, Gu, Killian and Kulkarni, “EventWave” SoCC ‘13 EventWave: Programming Model and Runtime Support for Tightly-Coupled Elastic Cloud Applications.

Chuang, Sang, Yoo, Gu, Killian and Kulkarni, “EventWave” SoCC ‘13 EventWave: Programming Model and Runtime Support for Tightly-Coupled Elastic Cloud Applications.
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Piccolo – Paper Discussion Big Data Reading Group 9/20/2010.

Piccolo – Paper Discussion Big Data Reading Group 9/20/2010.
SPORC Group Collaboration using Untrusted Cloud Resources 1SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/10 Ariel J. Feldman,

SPORC Group Collaboration using Untrusted Cloud Resources 1SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/10 Ariel J. Feldman,
Scaling Distributed Machine Learning with the BASED ON THE PAPER AND PRESENTATION: SCALING DISTRIBUTED MACHINE LEARNING WITH THE PARAMETER SERVER – GOOGLE,

Scaling Distributed Machine Learning with the BASED ON THE PAPER AND PRESENTATION: SCALING DISTRIBUTED MACHINE LEARNING WITH THE PARAMETER SERVER – GOOGLE,
“Managing Update Conflicts in Bayou, a Weakly Connected Replicated Storage System ” Distributed Systems Κωνσταντακοπούλου Τζένη.

“Managing Update Conflicts in Bayou, a Weakly Connected Replicated Storage System ” Distributed Systems Κωνσταντακοπούλου Τζένη.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Information Security of Embedded Systems 3.2.2010: Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
APPLAUS: A Privacy-Preserving Location Proof Updating System for Location-based Services Zhichao Zhu and Guohong Cao Department of Computer Science and.

APPLAUS: A Privacy-Preserving Location Proof Updating System for Location-based Services Zhichao Zhu and Guohong Cao Department of Computer Science and.

Similar presentations

Ads by Google