Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 10 09/15/2011 Security and Privacy in Cloud Computing.

Slides:



Advertisements
Similar presentations
1 Lecture 18: RAID n I/O bottleneck n JBOD and SLED n striping and mirroring n classic RAID levels: 1 – 5 n additional RAID levels: 6, 0+1, 10 n RAID usage.
Advertisements

RAID (Redundant Arrays of Independent Disks). Disk organization technique that manages a large number of disks, providing a view of a single disk of High.
RAID Oh yes Whats RAID? Redundant Array (of) Independent Disks. A scheme involving multiple disks which replicates data across multiple drives. Methods.
RAID Redundant Array of Independent Disks
CSCE430/830 Computer Architecture
Henry C. H. Chen and Patrick P. C. Lee
HAIL (High-Availability and Integrity Layer) for Cloud Storage
Data Integrity Proofs in Cloud Storage Sravan Kumar R, Ashutosh Saxena Communication Systems and Networks (COMSNETS), 2011 Third International Conference.
RAID- Redundant Array of Inexpensive Drives. Purpose Provide faster data access and larger storage Provide data redundancy.
RAID Redundant Arrays of Inexpensive Disks –Using lots of disk drives improves: Performance Reliability –Alternative: Specialized, high-performance hardware.
PORs: Proofs of Retrievability for Large Files
R.A.I.D. Copyright © 2005 by James Hug Redundant Array of Independent (or Inexpensive) Disks.
CSE 486/586 CSE 486/586 Distributed Systems Case Study: Facebook f4 Steve Ko Computer Sciences and Engineering University at Buffalo.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 10 09/15/2011 Security and Privacy in Cloud Computing.
Sean Traber CS-147 Fall  7.9 RAID  RAID Level 0  RAID Level 1  RAID Level 2  RAID Level 3  RAID Level 4 
REDUNDANT ARRAY OF INEXPENSIVE DISCS RAID. What is RAID ? RAID is an acronym for Redundant Array of Independent Drives (or Disks), also known as Redundant.
RAID Technology CS350 Computer Organization Section 2 Larkin Young Rob Deaderick Amos Painter Josh Ellis.
Computer ArchitectureFall 2007 © November 28, 2007 Karem A. Sakallah Lecture 24 Disk IO and RAID CS : Computer Architecture.
Other Disk Details. 2 Disk Formatting After manufacturing disk has no information –Is stack of platters coated with magnetizable metal oxide Before use,
HAIL (High-Availability and Integrity Layer) for Cloud Storage Kevin Bowers and Alina Oprea RSA Laboratories Joint work with Ari Juels.
Codes with local decoding procedures Sergey Yekhanin Microsoft Research.
I/O Systems and Storage Systems May 22, 2000 Instructor: Gary Kimura.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2013 Lecture 3 09/03/2013 Security and Privacy in Cloud Computing.
File System Security Jason Eick and Evan Nelson. What does a file system do? A file system is a method for storing and organizing computer files and the.
Writing on Wind and Water*: Storage Security in the Cloud Ari Juels Chief Scientist RSA © 2011 RSA Laboratories Workshop on Cryptography and Security in.
RAID Systems CS Introduction to Operating Systems.
CSE 451: Operating Systems Winter 2010 Module 13 Redundant Arrays of Inexpensive Disks (RAID) and OS structure Mark Zbikowski Gary Kimura.
Servers Redundant Array of Inexpensive Disks (RAID) –A group of hard disks is called a disk array FIGURE Server with redundant NICs.
Storage System: RAID Questions answered in this lecture: What is RAID? How does one trade-off between: performance, capacity, and reliability? What is.
ICOM 6005 – Database Management Systems Design Dr. Manuel Rodríguez-Martínez Electrical and Computer Engineering Department Lecture 6 – RAID ©Manuel Rodriguez.
Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2
Chapter 6 RAID. Chapter 6 — Storage and Other I/O Topics — 2 RAID Redundant Array of Inexpensive (Independent) Disks Use multiple smaller disks (c.f.
RAID Ref: Stallings. Introduction The rate in improvement in secondary storage performance has been considerably less than the rate for processors and.
RAID Shuli Han COSC 573 Presentation.
CS 352 : Computer Organization and Design University of Wisconsin-Eau Claire Dan Ernst Storage Systems.
©2001 Pål HalvorsenINFOCOM 2001, Anchorage, April 2001 Integrated Error Management in MoD Services Pål Halvorsen, Thomas Plagemann, and Vera Goebel University.
Lecture 9 of Advanced Databases Storage and File Structure (Part II) Instructor: Mr.Ahmed Al Astal.
Redundant Array of Inexpensive Disks aka Redundant Array of Independent Disks (RAID) Modified from CCT slides.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 16 10/11/2011 Security and Privacy in Cloud Computing.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 11 09/27/2011 Security and Privacy in Cloud Computing.
Copyright © Curt Hill, RAID What every server wants!
Redundant Array of Independent Disks.  Many systems today need to store many terabytes of data.  Don’t want to use single, large disk  too expensive.
A Multimedia Presentation by Louis Balzani. o Source of extreme power o High elasticity o Large data centers generate 5-7x savings.
RAID Disk Arrays Hank Levy. 212/5/2015 Basic Problems Disks are improving, but much less fast than CPUs We can use multiple disks for improving performance.
Data Integrity Proofs in Cloud Storage Author: Sravan Kumar R and Ashutosh Saxena. Source: The Third International Conference on Communication Systems.
Lecture 20 CSE 331 July 30, Longest path problem Given G, does there exist a simple path of length n-1 ?
Ari Juels, Burton S. Kaliski Jr 14th ACM conference on Computer and communications security,2007 Cited:793 Presenter: 張哲豪 Date:2014/11/24.
Hands-On Microsoft Windows Server 2008 Chapter 7 Configuring and Managing Data Storage.
Database Laboratory Regular Seminar TaeHoon Kim Article.
Reliability of Disk Systems. Reliability So far, we looked at ways to improve the performance of disk systems. Next, we will look at ways to improve the.
RAID TECHNOLOGY RASHMI ACHARYA CSE(A) RG NO
Network-Attached Storage. Network-attached storage devices Attached to a local area network, generally an Ethernet-based network environment.
I/O Errors 1 Computer Organization II © McQuain RAID Redundant Array of Inexpensive (Independent) Disks – Use multiple smaller disks (c.f.
CS Introduction to Operating Systems
RAID Disk Arrays Hank Levy 1.
RAID RAID Mukesh N Tekwani
ICOM 6005 – Database Management Systems Design
RAID Disk Arrays Hank Levy 1.
CSE 451: Operating Systems Spring 2005 Module 17 Redundant Arrays of Inexpensive Disks (RAID) Ed Lazowska Allen Center 570.
CSE 451: Operating Systems Winter 2009 Module 13 Redundant Arrays of Inexpensive Disks (RAID) and OS structure Mark Zbikowski Gary Kimura 1.
UNIT IV RAID.
Mark Zbikowski and Gary Kimura
CSE 451: Operating Systems Autumn 2004 Redundant Arrays of Inexpensive Disks (RAID) Hank Levy 1.
CSE 451: Operating Systems Winter 2012 Redundant Arrays of Inexpensive Disks (RAID) and OS structure Mark Zbikowski Gary Kimura 1.
CSE 451: Operating Systems Autumn 2009 Module 19 Redundant Arrays of Inexpensive Disks (RAID) Ed Lazowska Allen Center 570.
RAID Disk Arrays Hank Levy 1.
RAID RAID Mukesh N Tekwani April 23, 2019
CSE 451: Operating Systems Winter 2004 Module 17 Redundant Arrays of Inexpensive Disks (RAID) Ed Lazowska Allen Center 570.
CSE 451: Operating Systems Winter 2006 Module 18 Redundant Arrays of Inexpensive Disks (RAID) Ed Lazowska Allen Center 570.
Presentation transcript:

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 10 09/15/2011 Security and Privacy in Cloud Computing

Securing Data Integrity 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan2 Goal: Learn about PoR based techniques for protecting data integrity in clouds Review Assignment #4 Kevin D. Bowers, Ari Juels, and Alina Oprea. HAIL: A high-availability and integrity layer for cloud storage. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS '09), 2009

PoR: Proof of Retrievability Definition: – A compact proof that the stored file is intact It can be retrieved Difference with PDP? – PDP proves the file is present in the server – PDP doesn’t prove the file is retrievable in entirety 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan3

Overview of PoR 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan4 Client Server Challenge c Response r File F Key Generator File Encoder Key k

HAIL: High Availability and Integrity Layer (RSA Labs) RAID for clouds!! Uses PoR and distributed file storage to ensure retrievability, integrity, and availability Allows recovering from malicious cloud providers 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan5

Why we need HAIL? PoR allows checking data retrievability, but if data is deleted by malicious provider, nothing can be done. Even single bit errors can render file useless Idea: – Use error-correcting codes to ignore small errors – Use PoR to detect larger errors – Use RAID like redundancy using multiple cloud providers (to ensure reconstruction) 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan6

Advantages of HAIL Strong file-intactness assurance Low overhead Strong adversarial model Direct client-server communication 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan7

RAID (Redundant Array of Inexpensive Disks) File block Parity block F F1F1 F 1  F 2  F 3 F3F3 F2F2 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan8

F F1F1 F 1  F 2  F 3 F3F3 F2F2 The Cloud isn’t necessarily so nice What if service providers lose data but… don’t tell you until file is lost? X XX Provider AProvider BProvider CProvider D 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan9

Mobile adversary A mobile adversary moves from device to device, corrupting as it goes—potentially silently Mobile adversary models, e.g., system failures / corruptions over time, virus propagation RAID isn’t designed for this kind of adversary – Designed for limited, readily detectable failures in devices you own—the benign case 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan10

Mobile adversary In cryptography, usual approach to mobile adversary is proactive 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan11

Mobile adversary In cryptography, usual approach to mobile adversary is proactive Another, cheaper possibility is reactive: We detect and remediate – Like whack-a-mole! PORs can provide detection here… 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan12

HAIL design principle TAR: Test and Redistribute – Divide time into epochs – At each epoch, test for any corruption/missing blocks – Rebuild corrupted blocks by getting data from other cloud providers, and distributing to damaged copy 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan13

Multiple providers: Naïve approach 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan14 Amazon S3 GoogleEMC Atmos Client F Sample and check consistency across providers FF F Naïve approach

Creeping attack 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan15 Amazon S3 GoogleEMC Atmos Client FFF The probability that client samples the corrupted block is low File can not be recovered after [n/b] epochs F F F

Local PoR checks are costly 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan16 Amazon S3 GoogleEMC Atmos Client F F FF ECC POR Cons: requires integrity checks for each replica

HAIL overview 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan17

Reconstruction in HAIL 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan18

19 Dispersal code Client F dispersal (n,m) P1P1 P2P2 P3P3 P4P4 P5P5 F Dispersal code parity blocks 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan

20 Dispersal code Client P1P1 P2P2 P3P3 P4P4 P5P5 Stripe Check that stripe is a codeword in dispersal code POR encoding to correct small corruption Dispersal code parity POR encoding F Dispersal code parity blocks How to increase file lifetime? 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan

21 Increasing file lifetime with MACs Client P1P1 P2P2 P3P3 P4P4 P5P5 MAC Can we reduce storage overhead? 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan

22 Integrity-protected dispersal code Client P1P1 P2P2 P3P3 P4P4 P5P5 Reed-Solomon dispersal code m h k 1 (m) UHF h k 2 (m) PRF + 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan

23 Integrity-protected dispersal code Client P1P1 P2P2 P3P3 P4P4 P5P5 MACs embedded into parity symbols m PRF+ 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan

Things to consider Practicality of the scheme (test and redistribute) Attacker model Other security issues 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan24

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.