Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Mechanisms for Distributed Computing Systems A9ID1007, Xu Ling Kobayashi Laboratory GSIS, TOHOKU UNIVERSITY 2011/12/15 1.

Published byJoella Watts Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Mechanisms for Distributed Computing Systems A9ID1007, Xu Ling Kobayashi Laboratory GSIS, TOHOKU UNIVERSITY 2011/12/15 1."— Presentation transcript:

1 Security Mechanisms for Distributed Computing Systems A9ID1007, Xu Ling Kobayashi Laboratory GSIS, TOHOKU UNIVERSITY 2011/12/15 1

2 Background Distributed computing systems (DCSs) – Definition: A system where nodes share their computing power with each other to finish certain goals – Example: P2P systems (Skype), volunteer computing systems (SETI@home), Grid 2

3 3 Background Example: Volunteer computing system – A system that utilizes the idling computing resources on the network to finish computing intensive tasks worker 1 worker 2worker 3worker 4 host Task 1Task 2Task 3Task 4Result 1Result 2Result 3Result 4 The structure of a typical volunteer computing system Task 1 Task 2 Task n

4 Background Categorization – Centralized DCSs (e.g., volunteer computing): Few servers and many clients. Only have server-client communication – Decentralized DCSs (e.g., P2P) : all nodes are equal and communicate with each other – Hybrid DCSs (e.g., skype) Most nodes are equal, and communicate with each other A few servers exist – Authorized DCSs: DCSs that contain trustful authorities (e.g., volunteer computing systems) – Unauthorized DCSs: DCSs that contain no trustful authority (e.g., P2P systems) 4

5 Background: Attack to DCSs False result attack (FRA) (for centralized DCSs) – One host node and multiple worker nodes – Host dispatches tasks to workers. Workers compute tasks and return returns to host – Malicious workers return incorrect results to host 5 worker 1 worker 2worker 3Malicious worker 4 host Task 1Task 2Task 3Task 41+1=2 1+1=3 Task 1 Task 2 Task n

6 Background: Attack to DCSs Sybil attack (SA) (For decentralized and hybrid DCSs) – A few malicious users controls many Sybil nodes (malicious nodes) to break the system protocol – Sybil nodes can launch various attacks 6 1+1=? 1+1=3 1+1=2 1+1=3 1+1=3! malicious user Sybil node Honest node

7 Background: Existing solution to the false result attack The host dispatches multiple tasks to each worker v These tasks contains some special tasks called quizzes The host checks the correctness of the answers of quizzes  Node v is honest only if the answers of the quizzes return by v are correct Problem: – A Quiz should satisfy: the correctness of the answer of a quiz should be easy to check – Unpractical: How to generate quizzes that satisfy this property is an open problem. 7 1+1=? 1+2=? 11*11=? (quiz) 1+1=3 1+2=3 11*11=3 (quiz) v host 11*11=121! v is malicious

8 Background: Existing solution to the Sybil attack Social network model based Sybil detecting (SSD) – Social network model: # of attack edges is small – SSD algorithms Assumption: The network topology of the DCS obeys SNM Functionality: For each honest node v, enable v to judge the types of other nodes Basic idea: the # of attack edges is small  communication between nodes of different types is weakened – My idea: attack edge detecting is important in design effective SSD algorithms Effective: high judging accuracy Detect the attack edges and cut them  communication between nodes of different types can be stopped! 8 Honest clusterSybil cluster Attack edges Attack edge

9 Objective Motivation: – For FRA: existing solutions are unpractical (Quiz) – For SA: Attack edge detecting technique can be used to design effective SSD algorithms Objective: Design effective security mechanisms to resist the false result attack and the Sybil attack on DCSs. 9

10 Approach – Design a practical false result attack resisting algorithm  Enable host to detect malicious workers – Design an effective attack edge detecting-based SSD algorithm for authorized DCSs  For each node v, enable v to know the types of other nodes – Design an attack edge detecting algorithm for unauthorized DCSs  For each node v and an incident edge e of v, enable v to know whether e is an attack edge or not 10 Honest nodesSybil nodes v e2 v1 v2 e1 v1 is honest, v2 is Sybil worker 1 worker 2worker 3worker 4 (Malicious) workers 1 are honest; worker 4 is malicious e1 is not AE, e2 is AE

11 Organization 1.Introduction 2.MSC: an Practical Spot Checking Mechanism for Resisting False Result Attack 3.SybilDetector: an Attack Edge Detecting Based Sybil Detecting Algorithm 4.RSC: an Attack Edge Detecting Algorithm for Sybil Resisting 5.Conclusion 11

12 Comments from Professor Sone Comment: Clarify the approaches( ‘detect the malicious nodes’ is too broad, there are many way to detect) Solution: – To detail the models of FRA and SA, respectively – To specify the research approaches – To specify the functionality of each approach 12 Approach (new) Design an practical and efficient false result attack resisting algorithm. Design an effective attack edge detecting-based SSD algorithm for authorized DCSs. Design an attack edge detecting algorithm for unauthorized DCSs. Approach (old) For false result attack: enable honest nodes to detect malicious nodes For Sybil attack: enable honest nodes to detect Sybil nodes

13 Comments from Professor Sone Comment: Clarify the performance metric (Define the performance metric in the first chapter. Define what is ‘effective’.) Solution: Define the performance metrics of MSC and SSD algorithms in Chapter 1 13

14 Comments from Professor Sone Comment : Clarify the innovational point: – Emphasize on the new idea rather than the algorithm Solution: – Point out that the attack edge detecting technique is the innovation point in chapter 1. – Change chapter 4 Old  RSSR: A Random Walk and Attack Edge Detecting Based Sybil Detecting Algorithm (emphasized RSSR (a SSD algorithm)) New  RSC: an Attack Edge Detecting Algorithm for Sybil Resisting (emphasize RSC (an attack edge detecting algorithm)) 14

15 Comments from Professor Sone Comment : The current social network model considers only two clusters. How to deal with the case of more clusters? Solution : – Discuss this problem in Section Related Work of Chapter 3. – In the case of more clusters, for each cluster, we have to know the type of at least one node this cluster. 15

16 Comments from Professor Sone Comment : How to deal with nodes changing types? Solution – Reputation system? (will be vulnerable to the Sybil attack) 16

17 Comments from Professor Suganuma Comment : Explain the baseline algorithms (SybilLimit) used for the performance comparison Solution: Explain the baseline algorithm (SybilLimit, SOHL) in detail in Section Related Work of Chapter 3 of the dissertation, and in the presentation of the next defense. 17

18 Comments from Professor Takizawa Comment: Clarify the model used (Does this system have trustful authority?). Solution: – Specify the models of FRA and SA FRA: centralized SA: decentralized or hybrid 18

Download ppt "Security Mechanisms for Distributed Computing Systems A9ID1007, Xu Ling Kobayashi Laboratory GSIS, TOHOKU UNIVERSITY 2011/12/15 1."

Similar presentations

An analysis of Social Network-based Sybil defenses Bimal Viswanath § Ansley Post § Krishna Gummadi § Alan Mislove ¶ § MPI-SWS ¶ Northeastern University.

An analysis of Social Network-based Sybil defenses Bimal Viswanath § Ansley Post § Krishna Gummadi § Alan Mislove ¶ § MPI-SWS ¶ Northeastern University.
Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.

1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.
SecureMR: A Service Integrity Assurance Framework for MapReduce Wei Wei, Juan Du, Ting Yu, Xiaohui Gu North Carolina State University, United States Annual.

SecureMR: A Service Integrity Assurance Framework for MapReduce Wei Wei, Juan Du, Ting Yu, Xiaohui Gu North Carolina State University, United States Annual.
Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.

Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.
© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.

© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.
An Analysis of Social Network-Based Sybil Defenses Sybil Defender

An Analysis of Social Network-Based Sybil Defenses Sybil Defender
Toward an Optimal Social Network Defense Against Sybil Attacks Haifeng Yu National University of Singapore Phillip B. Gibbons Intel Research Pittsburgh.

Toward an Optimal Social Network Defense Against Sybil Attacks Haifeng Yu National University of Singapore Phillip B. Gibbons Intel Research Pittsburgh.
TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P Systems Aameek Singh and Ling Liu Presented by: Korporn Panyim.

TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P Systems Aameek Singh and Ling Liu Presented by: Korporn Panyim.
Experience with an Object Reputation System for Peer-to-Peer File Sharing NSDI’06(3th USENIX Symposium on Networked Systems Design & Implementation) Kevin.

Experience with an Object Reputation System for Peer-to-Peer File Sharing NSDI’06(3th USENIX Symposium on Networked Systems Design & Implementation) Kevin.
Haifeng Yu National University of Singapore

Haifeng Yu National University of Singapore
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Peer-to-Peer Technology and Security Issues By Raul Rodriguez, Arash Zarrinbakhsh, Cynthia Roger and Phillip Shires College of Business Administration.

Peer-to-Peer Technology and Security Issues By Raul Rodriguez, Arash Zarrinbakhsh, Cynthia Roger and Phillip Shires College of Business Administration.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Distributed Computing Group TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAA Distributed Asymmetric Verification.

Distributed Computing Group TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAA Distributed Asymmetric Verification.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
1 Introduction to Load Balancing: l Definition of Distributed systems. Collection of independent loosely coupled computing resources. l Load Balancing.

1 Introduction to Load Balancing: l Definition of Distributed systems. Collection of independent loosely coupled computing resources. l Load Balancing.
1 Client-Server versus P2P  Client-server Computing  Purpose, definition, characteristics  Relationship to the GRID  Research issues  P2P Computing.

1 Client-Server versus P2P  Client-server Computing  Purpose, definition, characteristics  Relationship to the GRID  Research issues  P2P Computing.
DIDS part II The Return of dIDS 2/12 CIS 610. 2 GrIDS Graph based intrusion detection system for large networks. Analyzes network activity on networks.

DIDS part II The Return of dIDS 2/12 CIS GrIDS Graph based intrusion detection system for large networks. Analyzes network activity on networks.

Similar presentations

Ads by Google