Presentation is loading. Please wait.

Presentation is loading. Please wait.

PeerReview: Practical Accountability for Distributed Systems SOSP 07.

Published byMargery Jordan Modified over 8 years ago

Similar presentations

Presentation on theme: "PeerReview: Practical Accountability for Distributed Systems SOSP 07."— Presentation transcript:

1 PeerReview: Practical Accountability for Distributed Systems SOSP 07

2 Why have Accountability?  Nodes can fail  An attacker can compromise a node  Accidental Mis-configuration  Multiple administrative domains

3  Distributed state, incomplete information  General case: Multiple admins with different interests Admin www.sosp2007.org/talks/sosp118-haeberlen.ppt

4 What is Accountability?  Fault = Anything besides expected behavior  Ideal Accountability: Detect a fault Identify the faulty node (Completeness) Correct node can prove its correctness (Accuracy) Expose the faulty node

5 A few advantages:  Deterring faults  Augment fault tolerant systems  Augmenting best-effort systems

6 Challenges: What can/cannot be detected?  Un-observable faults: Node’s internal state CPU overheating, Display failed Need trusted probes!  Observable faults: Affect a correct node causally No trusted entity required!  How to verify if a node reports correctly?  How to distinguish omission from long delays?

7 Request Grant Release

8

9

10

11

12 Accountability: How much can we do?  Completeness: Eventually suspected Eventually exposed  Accuracy No correct node is forever suspected No correct node ever exposed by a correct node

13 FullReview  Characteristics: A trusted entity exists All messages go through trusted entity Each node maintains a log for every other node Check the log Suspect/Expose a deviant node  Complete?  Accurate?  Practical?

14 PeerReview: Practical Accountability  No trusted entity  Nodes only keep their own log May retrieve others when needed  Logs are tamper-evident  Witness nodes: check correctness of a node  Challenge/Response protocol

15 System Model  Each node modeled as: A state machine A detector An application  Assumptions: Deterministic state machine Correct nodes can communicate A reference implementation of node SW A secure signature mechanism available

16 Overview  Nodes maintain a logof I/O  Witnesses of a node audit its log If faulty, gather evidence Make it known

17 Tamper-evident logs  Append-only list of I/O  Log-entries connected in a hash-chain  Authenticator: A signed statement by a node If a node tampers the log, it will be evident  Logs must be complete No entries missed  Logs must be correct No forged entries No multiple logs

18 Fault Detection  Audit Replay the inputs to a reference implementation Output == Log ?  Evidence Transfer Fetch evidence from witnesses Module B Module A Module B =? Log Network Input Output State machine if ≠ Module A

19 PeerReview: Applications  Overlay Multicast Large amounts of data Freeloaders  Network File System Latency-sensitive Data tampering Message loss in the network  Peer-to-peer email DoS attack

20 Results: Multicast with Freeloader

21 Results: Throughput

22 Results:

23 Discussion  What if all witnesses are faulty?  How to choose T trunc, T audit, T buf

Download ppt "PeerReview: Practical Accountability for Distributed Systems SOSP 07."

Similar presentations

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Accountable systems or how to catch a liar? Jinyang Li (with slides from authors of SUNDR and PeerReview)

Accountable systems or how to catch a liar? Jinyang Li (with slides from authors of SUNDR and PeerReview)
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
SecureMR: A Service Integrity Assurance Framework for MapReduce Wei Wei, Juan Du, Ting Yu, Xiaohui Gu North Carolina State University, United States Annual.

SecureMR: A Service Integrity Assurance Framework for MapReduce Wei Wei, Juan Du, Ting Yu, Xiaohui Gu North Carolina State University, United States Annual.
1 The Case for Byzantine Fault Detection. 2 Challenge: Byzantine faults Distributed systems are subject to a variety of failures and attacks Hacker break-in.

1 The Case for Byzantine Fault Detection. 2 Challenge: Byzantine faults Distributed systems are subject to a variety of failures and attacks Hacker break-in.
LADIS workshop (Oct 11, 2009) A Case for the Accountable Cloud Andreas Haeberlen MPI-SWS.

LADIS workshop (Oct 11, 2009) A Case for the Accountable Cloud Andreas Haeberlen MPI-SWS.
P. Kouznetsov, 2006 Abstracting out Byzantine Behavior Peter Druschel Andreas Haeberlen Petr Kouznetsov Max Planck Institute for Software Systems.

P. Kouznetsov, 2006 Abstracting out Byzantine Behavior Peter Druschel Andreas Haeberlen Petr Kouznetsov Max Planck Institute for Software Systems.
The Byzantine Generals Problem Boon Thau Loo CS294-4.

The Byzantine Generals Problem Boon Thau Loo CS294-4.
Byzantine Generals Problem: Solution using signed messages.

Byzantine Generals Problem: Solution using signed messages.
Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.

Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
WS-Denial_of_Service Dariusz Grabka M.Sc. Candidate University of Guelph February 13 th 2007.

WS-Denial_of_Service Dariusz Grabka M.Sc. Candidate University of Guelph February 13 th 2007.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
SRG PeerReview: Practical Accountability for Distributed Systems Andreas Heaberlen, Petr Kouznetsov, and Peter Druschel SOSP’07.

SRG PeerReview: Practical Accountability for Distributed Systems Andreas Heaberlen, Petr Kouznetsov, and Peter Druschel SOSP’07.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
CSE331: Introduction to Networks and Security Lecture 24 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 24 Fall 2002.
Grids and Grid Technologies for Wide-Area Distributed Computing Mark Baker, Rajkumar Buyya and Domenico Laforenza.

Grids and Grid Technologies for Wide-Area Distributed Computing Mark Baker, Rajkumar Buyya and Domenico Laforenza.
© 2006 Andreas Haeberlen, MPI-SWS 1 The Case for Byzantine Fault Detection Andreas Haeberlen MPI-SWS / Rice University Petr Kouznetsov MPI-SWS Peter Druschel.

© 2006 Andreas Haeberlen, MPI-SWS 1 The Case for Byzantine Fault Detection Andreas Haeberlen MPI-SWS / Rice University Petr Kouznetsov MPI-SWS Peter Druschel.
Building and Programming the Cloud, Mysore, Jan 2010 1 Accountable distributed systems and the accountable cloud Peter Druschel joint work with Andreas.

Building and Programming the Cloud, Mysore, Jan Accountable distributed systems and the accountable cloud Peter Druschel joint work with Andreas.

Similar presentations

Ads by Google