SPORC: Group Collaboration using Untrusted Cloud Resources Ariel J. Feldman, William P. Zeller, Michael J. Freedman, Edward W. Felten Published in OSDI’2010.

Slides:

Advertisements

Similar presentations

Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Social Networking with Frientegrity Ariel J. Feldman Usenix Security.

Advertisements

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Depot: Cloud Storage with Minimal Trust OSDI 2010 Prince Mahajan, Srinath Setty, Sangmin Lee, Allen Clement, Lorenzo Alvisi, Mike Dahlin, and Michael Walfish.

SDN Controller Challenges

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Henry C. H. Chen and Patrick P. C. Lee

Applicability of Instant Messaging in the Military Command and Control Systems Author: Juha Vermaja Superviser: Jorma Jormakka Instructor: Marko Luoma,

SUNDR: Secure Untrusted Data Repository

Accountable systems or how to catch a liar? Jinyang Li (with slides from authors of SUNDR and PeerReview)

CTO Office Reliability & Security Distinctions and Interactions Hal Lockhart BEA Systems.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

SANE: A Protection Architecture for Enterprise Networks Offense by: Amit Mondal Bert Gonzalez.

A Dependable Auction System: Architecture and an Implementation Framework

SPORC Group Collaboration using Untrusted Cloud Resources 1SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/10 Ariel J. Feldman,

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

Scaling Distributed Machine Learning with the BASED ON THE PAPER AND PRESENTATION: SCALING DISTRIBUTED MACHINE LEARNING WITH THE PARAMETER SERVER – GOOGLE,

Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.

Group Communications Group communication: one source process sending a message to a group of processes: Destination is a group rather than a single process.

2/18/2004 Challenges in Building Internet Services February 18, 2004.

Metrics for Evaluating ICEBERG ICEBERG Retreat Breakout Session Jan 11, 2000 Coordinators: Chen-Nee Chuah & Jimmy Shih.

EEC-681/781 Distributed Computing Systems Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

Secure Routing in Ad Hoc Wireless Networks

Data Sharing in OSD Environment Dingshan He September 30, 2002.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Wide-area cooperative storage with CFS

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Team CMD Distributed Systems Team Report 2 1/17/07 C:\>members Corey Andalora Mike Adams Darren Stanley.

SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.

Federated, Available, and Reliable Storage for an Incompletely Trusted Environment Atul Adya, Bill Bolosky, Miguel Castro, Gerald Cermak, Ronnie Chaiken,

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

Chapter 1: Hierarchical Network Design

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

An Efficient Topology-Adaptive Membership Protocol for Large- Scale Cluster-Based Services Jingyu Zhou * §, Lingkun Chu*, Tao Yang* § * Ask Jeeves §University.

Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.

A Survey on Secure Cloud Data Storage ZENG, Xi CAI, Peng

Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Prateek Basavaraj April 9 th 2014.

Project Presentation Students: Yan Michalevsky Asaf Cidon Supervisors: Alexander Shraer Assoc. Prof. Idit Keidar.

Low-Overhead Byzantine Fault-Tolerant Storage James Hendricks, Gregory R. Ganger Carnegie Mellon University Michael K. Reiter University of North Carolina.

SecureMR: A Service Integrity Assurance Framework for MapReduce Author: Wei Wei, Juan Du, Ting Yu, Xiaohui Gu Source: Annual Computer Security Applications.

SANE: A Protection Architecture for Enterprise Networks

1 The Design of a Robust Peer-to-Peer System Rodrigo Rodrigues, Barbara Liskov, Liuba Shrira Presented by Yi Chen Some slides are borrowed from the authors’

PRIVACY PRESERVING SOCIAL NETWORKING THROUGH DECENTRALIZATION AUTHORS: L.A. CUTILLO, REFIK MOLVA, THORSTEN STRUFE INSTRUCTOR DR. MOHAMMAD ASHIQUR RAHMAN.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Collusion-Resistant Group Key Management Using Attribute-

CEPH: A SCALABLE, HIGH-PERFORMANCE DISTRIBUTED FILE SYSTEM S. A. Weil, S. A. Brandt, E. L. Miller D. D. E. Long, C. Maltzahn U. C. Santa Cruz OSDI 2006.

Adapted from the original presentation made by the authors Reputation-based Framework for High Integrity Sensor Networks.

Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.

Practical Byzantine Fault Tolerance

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

Presented by: Sanketh Beerabbi University of Central Florida.

1 ZYZZYVA: SPECULATIVE BYZANTINE FAULT TOLERANCE R.Kotla, L. Alvisi, M. Dahlin, A. Clement and E. Wong U. T. Austin Best Paper Award at SOSP 2007.

1 ACTIVE FAULT TOLERANT SYSTEM for OPEN DISTRIBUTED COMPUTING (Autonomic and Trusted Computing 2006) Giray Kömürcü.

Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.

The Replica Location Service The Globus Project™ And The DataGrid Project Copyright (c) 2002 University of Chicago and The University of Southern California.

GLOBE DISTRIBUTED SHARED OBJECT. INTRODUCTION  Globe stands for GLobal Object Based Environment.  Globe is different from CORBA and DCOM that it supports.

GFS. Google r Servers are a mix of commodity machines and machines specifically designed for Google m Not necessarily the fastest m Purchases are based.

1 Secure Peer-to-Peer File Sharing Frans Kaashoek, David Karger, Robert Morris, Ion Stoica, Hari Balakrishnan MIT Laboratory.

POND: THE OCEANSTORE PROTOTYPE S. Rea, P. Eaton, D. Geels, H. Weatherspoon, J. Kubiatowicz U. C. Berkeley.

Antidio Viguria Ann Krueger A Nonblocking Quorum Consensus Protocol for Replicated Data Divyakant Agrawal and Arthur J. Bernstein Paper Presentation: Dependable.

Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud.

Highly Available Services and Transactions with Replicated Data Jason Lenthe.

 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.

OceanStore : An Architecture for Global-Scale Persistent Storage Jaewoo Kim, Youngho Yi, Minsik Cho.

Clouding with Microsoft Azure

Conflict Resolution (OT), Crypto, and Untrusted Cloud Services

ETHANE: TAKING CONTROL OF THE ENTERPRISE

Fault-Tolerant State Machine Replication

Indirect Communication Paradigms (or Messaging Methods)

Indirect Communication Paradigms (or Messaging Methods)

Database System Architectures

Federated, Available, and Reliable Storage for an Incompletely Trusted Environment Atul Adya, William J. Bolosky, Miguel Castro, Gerald Cermak, Ronnie.

Presentation transcript:

SPORC: Group Collaboration using Untrusted Cloud Resources Ariel J. Feldman, William P. Zeller, Michael J. Freedman, Edward W. Felten Published in OSDI’2010. Presented by Cintia Silva Sandeep Vasani

Cloud Based Services Pros – Global accessibility, High availability – Fault tolerance – Elastic resource allocation and scaling Con – Fully trusted servers are high value targets for server attacks Must we sacrifice security and privacy to enjoy the benefits of cloud deployment?

Solution: SPORC Generic Centralized Solution Cloud based system which allows group collaboration services without requiring to trust your cloud provider Server: untrusted, assigns global order, stores updates in encrypted history, can be malicious Clients: handles security using Cryptographic Primitives, does conflict resolution and recover from malicious servers

Goals Flexible framework for a broad class of collaborative services Propagate modifications quickly Tolerate slow or discounted networks Keep data confidential from server Detect a misbehaving server Recover from malicious server behavior

Problem 1: Consistency Solution for consistency in optimistic replication through Operational Transform Client 1Client 2 o1: ABCDEo2: ABCDE o1: ABCEo2: ACDE o1: ACE o2: ABD Delete(4) Delete(2) Delete(4)Delete(2) After the two operations, object view at the clients o1 and o2 different After the applying OT, object view at the clients o1 and o2 same Client 1Client 2 o1: ABCDEo2: ABCDE o1: ABCEo2: ACDE o1: ACEo2: ACE Delete(4) Delete(2) Delete(3) Delete(2)

Problem 2: Malicious Servers Clients communicating via untrusted server: they may be provided with different views Fork* consistency guarantees that server misbehavior is detected within 1 fork (partition)

Data Structure Server maintains: – Encrypted history of operations Client maintains: – Document state (application-view) – Committed history of operations (maintains hash chain of committed operations) – Pending queue of uncommitted operations Document state includes both history and queue.

System Design Invariant 1: Local Coherence Invariant 2: Fork* Consistency Invariant 3: Client-Order Preservation

Operations Client Exchange two types of operations: – Document operation: changes to the content of the document – Meta-operations: changes to Access Control List(ACL) ACL user rights: reader, writer, admin Symmetric Key Maintenance is done via users with admin right without server’s involvement

Membership Management New Shared Key Shared Key (for efficiency) Old key needed to decrypt updates encrypted using it (new clients) Key shared with the new client New client generates current state from Ops stores at server

Implementation generic server client-libraries based on application type – sending, receiving, encryption, OT and consistency checks Authors have discussed the following applications: – Key-value store – collaborative text editor

Evaluation One server, four machines with multiple clients All machines were connected by gigabit switched Ethernet Two configurations: – Low Load: Single client sends operation – High Load: Every client sends operation Metrics: – Latency: “In-flight” time – Server throughput – Client time-to-join

Latency (1/2) Low Load Text Editor “Server processing” increases as broadcast to more clients Client overhead nearly constant

Latency (2/2) “Client queuing” increases with more clients “Server Processing” also increases High Load Text Editor

Server Throughput More payload => More processing/packet More payload => Processing overhead/byte decreases

Time to Join

Related Work Google Wave: – Centralized trusted server – Uses OT for conflict resolution does not make use of Fork* consistency – Like in SPORC only allows one operation “in flight” at once Bayou: – Decentralized P2P system – Application need to specify conflict detection and resolution protocol as an alternative to OT Venus: – Only for key-value stores – Requires a “core set” of clients to be online – Membership can’t be revoked Depot: – Applications-logic for conflict resolution – Client eq. to server, can also tolerate faulty clients

Discussion (1/2) Is the server needed at all? – Limited role: Assign increasing sequence number to updates – clients receive updates in the same order (TCP used). Store history – Required for timely notification and to achieve cloud based deployment Server attack to availability What if the server fails?

Discussion (2/2) How long will it take to detect a malicious server? – Crucial for overall system performance analysis but not discussed or evaluated in the paper How to recover from fork? – Use out of band client communication What if client is malicious? – Can happen and whole system fails They haven’t benchmarked their system to others using the same principles.

Future Work Detecting forks through out-of-band communication Supporting checkpoints to reduce the size of storing committed history Evaluating mean time it takes to detect a malicious server

Conclusion SPORC achieves cloud deployment benefits without sacrificing security and privacy with the use of untrusted servers. Combines OT and Fork* Consistency protocol to preserve consistency and converge to common shared state. System as such is still not completely secured against server availability attacks, malicious clients and server partition of clients.

Thank You Questions???