1 Configurable Security for Scavenged Storage Systems NetSysLab The University of British Columbia Abdullah Gharaibeh with: Samer Al-Kiswany, Matei Ripeanu.

Slides:

Advertisements

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Advertisements

Towards Automating the Configuration of a Distributed Storage System Lauro B. Costa Matei Ripeanu {lauroc, NetSysLab University of British.

Data Management Expert Panel - WP2. WP2 Overview.

System Area Network Abhiram Shandilya 12/06/01. Overview Introduction to System Area Networks SAN Design and Examples SAN Applications.

Enhancing Demand Response Signal Verification in Automated Demand Response Systems Daisuke Mashima, Ulrich Herberg, and Wei-Peng Chen SEDN (Solutions for.

1 A GPU Accelerated Storage System NetSysLab The University of British Columbia Abdullah Gharaibeh with: Samer Al-Kiswany Sathish Gopalakrishnan Matei.

Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility Antony Rowstron, Peter Druschel Presented by: Cristian Borcea.

1 GridTorrent Framework: A High-performance Data Transfer and Data Sharing Framework for Scientific Computing.

© 2005 Andreas Haeberlen, Rice University 1 Glacier: Highly durable, decentralized storage despite massive correlated failures Andreas Haeberlen Alan Mislove.

GridFTP: File Transfer Protocol in Grid Computing Networks

1 The Case for Versatile Storage System NetSysLab The University of British Columbia Samer Al-Kiswany, Abdullah Gharaibeh, Matei Ripeanu.

Distributed Processing, Client/Server, and Clusters

Chapter 16 Client/Server Computing Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Secure Off Site Backup at CERN Katrine Aam Svendsen.

11 DICOM Image Communication in Globus-Based Medical Grids Michal Vossberg, Thomas Tolxdorff, Associate Member, IEEE, and Dagmar Krefting Ting-Wei, Chen.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

Enabling Cross-Layer Optimizations in Storage Systems with Custom Metadata Elizeu Santos-Neto Samer Al-Kiswany Nazareno Andrade Sathish Gopalakrishnan.

Figure 1.1 Interaction between applications and the operating system.

Homework 2 In the docs folder of your Berkeley DB, have a careful look at documentation on how to configure BDB in main memory. In the docs folder of your.

Applied Cryptography for Network Security

1 stdchk : A Checkpoint Storage System for Desktop Grid Computing Matei Ripeanu – UBC Sudharshan S. Vazhkudai – ORNL Abdullah Gharaibeh – UBC The University.

Data Security in Local Networks using Distributed Firewalls

1 Exploring Data Reliability Tradeoffs in Replicated Storage Systems NetSysLab The University of British Columbia Abdullah Gharaibeh Matei Ripeanu.

DISTRIBUTED COMPUTING

Client/Server Architecture

Middleware for P2P architecture Jikai Yin, Shuai Zhang, Ziwen Zhang.

Implementing Failover Clustering with Hyper-V

RAID-x: A New Distributed Disk Array for I/O-Centric Cluster Computing Kai Hwang, Hai Jin, and Roy Ho.

Design and Implementation of a Single System Image Operating System for High Performance Computing on Clusters Christine MORIN PARIS project-team, IRISA/INRIA.

1 Exploring Data Reliability Tradeoffs in Replicated Storage Systems NetSysLab The University of British Columbia Abdullah Gharaibeh Advisor: Professor.

A Workflow-Aware Storage System Emalayan Vairavanathan 1 Samer Al-Kiswany, Lauro Beltrão Costa, Zhao Zhang, Daniel S. Katz, Michael Wilde, Matei Ripeanu.

Object-based Storage Long Liu Outline Why do we need object based storage? What is object based storage? How to take advantage of it? What's.

1 The Google File System Reporter: You-Wei Zhang.

CSC 456 Operating Systems Seminar Presentation (11/13/2012) Leon Weingard, Liang Xin The Google File System.

Towards a Safe Playground for HTTPS and Middle-Boxes with QoS2 Zhenyu Zhou CS Dept., Duke University.

The Hadoop Distributed File System

Cryptography and Network Security

Emalayan Vairavanathan

Yongzhi Wang, Jinpeng Wei VIAF: Verification-based Integrity Assurance Framework for MapReduce.

Latest Relevant Techniques and Applications for Distributed File Systems Ela Sharda

Energy Prediction for I/O Intensive Workflow Applications 1 MASc Exam Hao Yang NetSysLab The Electrical and Computer Engineering Department The University.

CCGrid 2014 Improving I/O Throughput of Scientific Applications using Transparent Parallel Compression Tekin Bicer, Jian Yin and Gagan Agrawal Ohio State.

Building a Parallel File System Simulator E Molina-Estolano, C Maltzahn, etc. UCSC Lab, UC Santa Cruz. Published in Journal of Physics, 2009.

Module 11: Implementing ISA Server 2004 Enterprise Edition.

Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.

Hao Wang Computer Sciences Department University of Wisconsin-Madison Authentication and Authorization.

Introduction to dCache Zhenping (Jane) Liu ATLAS Computing Facility, Physics Department Brookhaven National Lab 09/12 – 09/13, 2005 USATLAS Tier-1 & Tier-2.

Practical Byzantine Fault Tolerance

1 MosaStore -A Versatile Storage System Lauro Costa, Abdullah Gharaibeh, Samer Al-Kiswany, Matei Ripeanu, Emalayan Vairavanathan, (and many others from.

Serverless Network File Systems Overview by Joseph Thompson.

The Replica Location Service The Globus Project™ And The DataGrid Project Copyright (c) 2002 University of Chicago and The University of Southern California.

CCGrid 2014 Improving I/O Throughput of Scientific Applications using Transparent Parallel Compression Tekin Bicer, Jian Yin and Gagan Agrawal Ohio State.

11 CLUSTERING AND AVAILABILITY Chapter 11. Chapter 11: CLUSTERING AND AVAILABILITY2 OVERVIEW  Describe the clustering capabilities of Microsoft Windows.

1 Secure Peer-to-Peer File Sharing Frans Kaashoek, David Karger, Robert Morris, Ion Stoica, Hari Balakrishnan MIT Laboratory.

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Secure Sharding.

POND: THE OCEANSTORE PROTOTYPE S. Rea, P. Eaton, D. Geels, H. Weatherspoon, J. Kubiatowicz U. C. Berkeley.

Globus and PlanetLab Resource Management Solutions Compared M. Ripeanu, M. Bowman, J. Chase, I. Foster, M. Milenkovic Presented by Dionysis Logothetis.

 Introduction  Architecture NameNode, DataNodes, HDFS Client, CheckpointNode, BackupNode, Snapshots  File I/O Operations and Replica Management File.

Super Computing 2000 DOE SCIENCE ON THE GRID Storage Resource Management For the Earth Science Grid Scientific Data Management Research Group NERSC, LBNL.

Rights Management for Shared Collections Storage Resource Broker Reagan W. Moore

Distributed File System. Outline Basic Concepts Current project Hadoop Distributed File System Future work Reference.

PARALLEL AND DISTRIBUTED PROGRAMMING MODELS U. Jhashuva 1 Asst. Prof Dept. of CSE om.

Chapter 16 Client/Server Computing Dave Bremer Otago Polytechnic, N.Z. ©2008, Prentice Hall Operating Systems: Internals and Design Principles, 6/E William.

Presenter: Yue Zhu, Linghan Zhang A Novel Approach to Improving the Efficiency of Storing and Accessing Small Files on Hadoop: a Case Study by PowerPoint.

Presented by Edith Ngai MPhil Term 3 Presentation

CSS534: Parallel Programming in Grid and Cloud

Introduction to Networks

A Software-Defined Storage for Workflow Applications

DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S

Presentation transcript:

1 Configurable Security for Scavenged Storage Systems NetSysLab The University of British Columbia Abdullah Gharaibeh with: Samer Al-Kiswany, Matei Ripeanu

2 Introduction StorageSS ‘08  Data Deluge  Scientific applications (e.g., climate simulation, biological research)  Checkpointing (e.g., application and virtual machine checkpointing)  Scavenged storage provides a solution with good price/performance ratio

3 Scavenged Storage? Systems that opportunistically aggregate idle disk space and I/O bandwidth from participating workstations. StorageSS ‘08 Offers two main advantages:  high-throughput due to striping and component decoupling  low-cost solution as it is built atop of commodity resources

4 Trust Assumptions in Distributed Storage Systems StorageSS ‘08  Completely trusted environment  All system components and communication channels are trusted  Hosted on dedicated clusters and are optimized for performance  E.g., GoogleFS, Lustre  Untrusted environment  System components and communication channels are untrusted  Deployed over wide area networks  E.g., Farsite, OceanStore  Partially trusted environment  Includes a combination of trusted and untrusted components  E.g., Plutus, MosaStore

5 Our Goal We aim to design and implement a security protocol in the context of a partially trusted environment, and to evaluate the associated overheads for different security levels. StorageSS ‘08

6 Our Environment  A partially trusted environment  Trusted metadata service  Untrusted storage nodes, clients and communication channels  An adversary can  Modify and deploy a malicious client or storage node  Spoof messages on communication channels  The system doesn’t need to provide stored data confidentiality  As a tradeoff to simplicity and performance StorageSS ‘08 We conduct this study in the context of MosaStore scavenged storage system

7 Outline  MosaStore Architecture  Security Requirements  Security Protocol  Evaluation StorageSS ‘08

8 MosaStore Architecture StorageSS ‘08

9 MosaStore Design Guidelines StorageSS ‘08  Component decoupling – to improve scalability  Lazy interaction – to enable high-performance  Statelessness – to minimize failure effects and recovery overhead

10 Outline  MosaStore Architecture  Security Requirements  Security Protocol  Evaluation StorageSS ‘08

11 Requirements  Requirements related to security services  Authentication and authorization  Data and transport integrity  Accountability (i.e. assigning blame for integrity violations and data loss)  Requirements related to system characteristics  Acceptable performance degradation StorageSS ‘08

12 Security Protocol – Supporting mechanisms StorageSS ‘08  Public key cryptography  Used to manage trust and certification  Two types of certificates  Machine certificates  User certificate  Generic Security Services API (GSSAPI)  Used to establish mutual authentication and security contexts

13 Security protocol – write operation StorageSS ‘08

14 Outline  MosaStore Architecture  Security Requirements  Security Protocol  Evaluation StorageSS ‘08

15 Protocol Evaluation – Security Argument StorageSS ‘08  Authentication: offered by enforcing mutual authentication between communicating entities  Authorization: provided by an independent access control module consulted by the manager  Transport integrity: provided by sending all traffic within the security context resulted from the mutual authentication  Stored data integrity: maintained by having the manager to store per chunk hash  Accountability (i.e. responsibility for integrity violations): proved by using chunk receipts stored at the manager and having the client to sign each stored chunk

16 Performance Evaluation StorageSS ‘08 Testbed: 10 machines Each machine has : Quad-core 2.33GHz Xeon processors, 4 GB RAM, connected at 1Gbps.

17 Performance Evaluation StorageSS ‘08 1GB file split into 1MB chunks, one client and eight benefactors

18 Performance Evaluation StorageSS ‘08 1GB file split into 1MB chunks, one client and eight benefactors

19 Performance Evaluation StorageSS ‘08 1GB file split into 1MB chunks, one client and eight benefactors Caching dramatically improves performance  Less than 17% degradation for the full solution

20 File Size Impact StorageSS ‘08 Files are split into 1MB chunks, one client and eight benefactors

21 Number of Benefactors Impact StorageSS ‘08 1 GB file split into 1MB chunks, one client

22 Summary StorageSS ‘08  Design and implementation of a security protocol that operates in a partially trusted environment (only the management service is trusted)  Protocol evaluation demonstrates  Low performance degradation in small deployments  Close to original performance in deployments that offer more parallelism

23 Thank you netsyslab.ece.ubc.ca StorageSS ‘08

24 Security Protocol – Write Operation StorageSS ‘08

25 GSS-API StorageSS ‘08

26 Replication StorageSS ‘08  The manager sends a signed replicate command (contains the source benefactor B and its chunk receipt) to benefactor A the target for the new chunk replica.  Benefactor A copies the data from benefactor B and verify it against the chunk receipt  Benefactor A generates a chunk receipt and sends it back to the manager.