SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.

Slides:

Advertisements

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Advertisements

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Social Networking with Frientegrity Ariel J. Feldman Usenix Security.

Depot: Cloud Storage with Minimal Trust OSDI 2010 Prince Mahajan, Srinath Setty, Sangmin Lee, Allen Clement, Lorenzo Alvisi, Mike Dahlin, and Michael Walfish.

MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.

Enhancing Demand Response Signal Verification in Automated Demand Response Systems Daisuke Mashima, Ulrich Herberg, and Wei-Peng Chen SEDN (Solutions for.

Henry C. H. Chen and Patrick P. C. Lee

SPORC: Group Collaboration using Untrusted Cloud Resources Ariel J. Feldman, William P. Zeller, Michael J. Freedman, Edward W. Felten Published in OSDI’2010.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Chuang, Sang, Yoo, Gu, Killian and Kulkarni, “EventWave” SoCC ‘13 EventWave: Programming Model and Runtime Support for Tightly-Coupled Elastic Cloud Applications.

Fundamentals of Computer Security Geetika Sharma Fall 2008.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Piccolo – Paper Discussion Big Data Reading Group 9/20/2010.

SPORC Group Collaboration using Untrusted Cloud Resources 1SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/10 Ariel J. Feldman,

Scaling Distributed Machine Learning with the BASED ON THE PAPER AND PRESENTATION: SCALING DISTRIBUTED MACHINE LEARNING WITH THE PARAMETER SERVER – GOOGLE,

“Managing Update Conflicts in Bayou, a Weakly Connected Replicated Storage System ” Distributed Systems Κωνσταντακοπούλου Τζένη.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

APPLAUS: A Privacy-Preserving Location Proof Updating System for Location-based Services Zhichao Zhu and Guohong Cao Department of Computer Science and.

Efficient Proactive Security for Sensitive Data Storage Arun Subbiah Douglas M. Blough School of ECE, Georgia Tech {arun,

Chapter 31 Network Security

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Accelerating Mobile Applications through Flip-Flop Replication

Orbe: Scalable Causal Consistency Using Dependency Matrices & Physical Clocks Jiaqing Du, EPFL Sameh Elnikety, Microsoft Research Amitabha Roy, EPFL Willy.

Week #7 Objectives: Secure Windows 7 Desktop

Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.

An Efficient and Secure Event Signature (EASES) Protocol for Peer-to-Peer Massively Multiplayer Online Games Mo-Che Chan, Shun-Yun Hu and Jehn-Ruey Jiang.

Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Prateek Basavaraj April 9 th 2014.

Project Presentation Students: Yan Michalevsky Asaf Cidon Supervisors: Alexander Shraer Assoc. Prof. Idit Keidar.

Yongzhi Wang, Jinpeng Wei VIAF: Verification-based Integrity Assurance Framework for MapReduce.

SecureMR: A Service Integrity Assurance Framework for MapReduce Author: Wei Wei, Juan Du, Ting Yu, Xiaohui Gu Source: Annual Computer Security Applications.

CEPH: A SCALABLE, HIGH-PERFORMANCE DISTRIBUTED FILE SYSTEM S. A. Weil, S. A. Brandt, E. L. Miller D. D. E. Long, C. Maltzahn U. C. Santa Cruz OSDI 2006.

Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.

Practical Byzantine Fault Tolerance

Presented by: Sanketh Beerabbi University of Central Florida.

1 ZYZZYVA: SPECULATIVE BYZANTINE FAULT TOLERANCE R.Kotla, L. Alvisi, M. Dahlin, A. Clement and E. Wong U. T. Austin Best Paper Award at SOSP 2007.

Serverless Network File Systems Overview by Joseph Thompson.

SPECULATIVE EXECUTION IN A DISTRIBUTED FILE SYSTEM E. B. Nightingale P. M. Chen J. Flint University of Michigan.

Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Matej Bel University Cascaded signatures Ladislav Huraj Department of Computer Science Faculty of Natural Sciences Matthias Bel University Banska Bystrica.

Chapter 2 Securing Network Server and User Workstations.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

1 Secure Peer-to-Peer File Sharing Frans Kaashoek, David Karger, Robert Morris, Ion Stoica, Hari Balakrishnan MIT Laboratory.

Geo-distributed Messaging with RabbitMQ

Distributed Quota Enforcement for Spam Control Jee Whan Choi Chaoting Xuan.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

P2PSIP Security Analysis and evaluation draft-song-p2psip-security-eval-00 Song Yongchao Ben Y. Zhao

A N I N - MEMORY F RAMEWORK FOR E XTENDED M AP R EDUCE 2011 Third IEEE International Conference on Coud Computing Technology and Science.

7.6 Secure Network Security / G.Steffen1. In This Section Threats to Protection List Overview of Encrypted Processing Example.

The Hierarchical Trust Model. PGP Certificate Server details Fast, efficient key repository –LDAP, HTTP interfaces Secure remote administration –“Pending”

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

Database Laboratory Regular Seminar TaeHoon Kim Article.

 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.

Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Database architecture and security Workshop 4.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.

CalvinFS: Consistent WAN Replication and Scalable Metdata Management for Distributed File Systems Thomas Kao.

The Network Aware IoT Service at Edge Guoxi Wang.

Chapter 40 Internet Security.

Searchable Encryption in Cloud

Conflict Resolution (OT), Crypto, and Untrusted Cloud Services

Computer Communication & Networks

Hybrid Cloud Architecture for Software-as-a-Service Provider to Achieve Higher Privacy and Decrease Securiity Concerns about Cloud Computing P. Reinhold.

Providing Secure Storage on the Internet

Building a Database on S3

AEGIS: Secure Processor for Certified Execution

PLANNING A SECURE BASELINE INSTALLATION

Federated, Available, and Reliable Storage for an Incompletely Trusted Environment Atul Adya, William J. Bolosky, Miguel Castro, Gerald Cermak, Ronnie.

Presentation transcript:

SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen

Cloud-based Collaborative Services Pros: -Global accessibility, High availability, -Fault tolerance, -Elastic resource allocation and scaling Cons and Problem: -Sacrifice in security and privacy What if the server is malicious?

Solution: SPORC Agnostic and untrusted server - provides a generic collaboration service - assigns a global order - stores updates in its encrypted history - can be potentially MALICIOUS

Solution: SPORC Smart Clients -guarantee security by users' cryptographic keys -provides operational transformation -provides fork* consistency -recover from malicious forks -access the documents on behalf of authorized users

Goals Flexible framework for a broad class of collaborative services Propagate modifications quickly Tolerate slow or discounted networks Keep data confidential Detect a misbehaving server Recover from malicious server behavior

Background: Operational Transformation Problem: Operations might conflict with each other Example: State: ABCDE Alice: op1='del 4' Bob: op2='del 2' naïve execution: Alice: ACE Bob:ACD OT enables optimal local updates and eventual consistency

Background: Operational Transformation Example: State: ABCDE Alice: op1='del 4'; op2' Bob op2='del 2'; op1'

Background: Fork* Consistency Problem: Divergent views from misbehaving server Solution: -Clients share information about the history - - Possible partitions into groups, but solvable

Deployment and Threat Model Deployment -Large number of users and documents -Server: replicating functionality and partitioning state -Client-driven failover and recovery Threat Model - Server: potentially malicious; unable to corrupt the clients' states - Client: trusts assigned according to the user; genuine code

System Overview

Invariance in SPORC Local Coherence: Starting from an empty state, applying the operations in commited history and pending queue will result in the current state Fork* Consistency Client-Order Preservation

Operations Labeled with the name of the user Digitally signed by the user's private key Includes the client ID Document Operations - encrypted under a symmetric key Meta Operations Why 2 different operations? Solution later.

Sequence Numbers and Hash Chains Client Sequence Number(clntSeqNo) Global Sequence Number(seqNo) Last Commited Operation(op n ) Last Commited Operation Number(prevSeqNo) Verification: - Client order preservation(Efficiency??) - Fork* consistency

Resolving confliects with OT Additional Operations from the Server -seqNo>preSeqNo+1 -op' new ← T(op new, ) Uncommited Operations in the Client's Pending Queue -

Membership Management Access Control List - reader, editor and administrator - ModifyUserOp Payloads encrypted by AES + users' public keys User Removal: new random AES key Barrier Operation -Continuous Chain of Keys(or Checkpoints)

Extension: Checkpoint Supported by individual clients CheckpointOp - Encryption with current document key - contains the hash of encrypted checkpoint data Verification of CheckpointOp - meta-history

Extension: Checking for Forks Out-of-Band Fork partition created by the server: -Clients of one fork might never know the history of clients of another fork Check for Forks Out-of-Band - Message exchanging between clients - - Request of missing operation from the server

Recovering from a Fork Recovery via a new server -Both clients will roll back their histories to their last common point before fork -One of them upload the common history to the new server -Both of them will resubmit the operations after the fork

Implementation generic server client-libraries -sending, receiving, encryption, OT and consistency checks Applications: -Key-value store -collaborative text editor

Experimentatal Evaluation Hardware -2.3GHz AMD Opteron -8GB of RAM -gigabit switched ethernet Metrics -Latency -Server throughput -Client time-to-join

Latency

Server Throughput

Client time-to-join

Conclusion OT enables optimistic updates and reconciles clients' conflicting states OT and fork* consistency complement each other well Membership mamangement architecture

Discussion The extension are not evaluated in this paper Check for Forks Out-of-Band or Recovering from a Fork: -What if the client is also malicious? -How should we prevent the client-server collusion? What is the mean time to detect a malicious server with no partition of forks and clients?