Title: A Distributed P2P Storage Service,
1A Distributed P2P Storage Service, Adaptive to
Trust Assessment
Marco Casassa Mont (marco_casassa-mont_at_hp.com
) Lorenzo Tomasi (University of Bologna)
Trusted E-Services Laboratory (TESL) Hewlett-Packa
rd Laboratories, Bristol, UK
2Table of Contents
- Background
- Trust E-Services
- Distributed Long-term Trusted E-Record Storage
- Distributed P2P Storage Service
- Model
- Conclusions some Future Trends
3Trust E-Services
4Long-Term Trusted Storage
- Purpose Long-term preservation of electronic
documents - Longevity of e-Documents (E-records) and
Processes - Survivability
- Long-term identity management and access control
- Long-term Renewal of information
- Long term Renewal of signatures time-stamps
- Migration of data through technology
- Accountability
- Integrity
- Privacy Confidentiality
- Non-Repudiation
- Authenticity
5DERMS Services Distributed E-Records Management
Storage
6Distributed Long-term Trusted Storage Architecture
Decentralization Distribution
Application Layer
- Randomness
- Portals
- Service Pools
- Services
- Storages
Portal Layer
Portal
Portal
Portal
Diversity
Indexing Management Layer
Service Pool
- Replication
- Stored Documents
- Metadata
Service Pool
Management Service Pool
Lazy transactional behaviour
Service Pool
Service Pool
Physical Storage Layer
Monitoring
Storage Systems
Self healing
7Current Approach
SAN, NAS, Distributed FSs, for example Focus
on rapid and frequent access to data Dedicated,
expensive solutions Not really Long-termed
8Objectives
Research on alternative long-term storage service
of e-records (for DERMS Services at the physical
storage layer)
- Basic Requirements
- best-effort preservation a document for a long
period - storage, retrieval and deletion of documents
Assumption High performance, rapid and
frequent accesses are not a basic requirement
9Alternative long-term Storage Service
- PCs geographically distributed
- (survivability)
- Their storage capacity and CPU
- time are not fully used
- Context Medium/Large Enterprise
- Dynamic (in the medium/long term)
- PCs
- employees/people
- Collaborative but unreliable
- not necessary trusted
10Research Issues
Challenge cope with a dynamic and unreliable
environment
PC obsolescence timeframe 3-4 years
Medium-Large enterprise 15000 people PCs
10000
Percentage of PCs involved in the service
10 Number of PCs
1000 Average
obsolescence of involved PCs (per year) 250
(1/4 1000)
This without considering faults, loss of data,
PCs owner accidental and intentional data
deletion, time zones, etc. .
11Research Space Choices
Resources distributed
- Control variable
- not fully centralized
- (take advantage of
- distributed resources)
- not fully distributed
- (likely anarchic, need
- for a trusted access point
- for DERMS Services)
- Trust variable
- resources behaviour is very dynamic
Trust belief that someone/something is going
to act and behave as expected
12Hybrid P2P Model
A
A
DERMS Services
A
Trusted
Not trusted
A
Controller
Peers
- Trusted controller, acting as Gateway with DERMS
services
- Agents installed on distributed PCs
- (not necessarily trusted, at least initially)
13Agent Installation (on Peers)
A
A
A
Trusted
Not trusted
A
Agents installed on requests (by PCs users)
14Storage, Retrieval, Deletion of E-Records
A
A
DERMS Services
A
Trusted
Not trusted
A
- - Replication of stored E-Records
- Integrity Check during E-Record retrieval
15Tasks Delegation
A
A
DERMS Services
A
Trusted
Not trusted
A
- Delegation of Tasks to Peers (if Authorised)
16Peer-to-Peer Interaction
A
A
DERMS Services
A
Trusted
Not trusted
A
- Peer-to-Peer interaction triggered by an Agent
- (if Authorised)
17Is this Sufficient?
- Are distribution and replication sufficient to
achieve long-term storage? - It depends
- In case of dynamic environment, peers may
- not be available
- lose data (or data may get corrupted)
- not be able to complete tasks
- ? Blind delegation of tasks to Peers
18Need for an Adaptive System
- Monitor Distributed Peers
- Learn from Peers behaviour
- Adopt dynamic working criteria
- delegation of tasks to peers depending on
peers reliability -
- Select contextual policies depending on peers
behaviour and - environment dynamics
19Monitoring Learning
- Monitoring Objectives
- control replicas status (survivability)
- observe peers behaviour
- gather information about peers
- trigger reactions
- Learn about
- Peers availability
- Peers reliability
- Correctness of document replicas
- Peers ability to complete tasks with success
- Peers response time
-
20Adaptation driven by Trust Rating
- Aggregation of measures of reliability/
trustworthiness - in Trust Rating Information
- Usage of Trust Rating Information to dynamically
adapt service - by making decision on allocation of storage
and delegation tasks - Delegation and Storage Policies driven by
measures of trust - Usage of Trust and Reliability Functions to
define Trust Metrics - based on measured indicators (parameters)
Trust belief that a Peer/Resource is going to
act and behave as expected
21High Level Architecture
Intelligent components (Task Mgr, Monitoring,
Rating)
Engines (store, delete, retrieve, etc )
Communication Manager
- Agents are a cut-down version of the centralized
controller - Architecture is modular
22High Level Architecture
DERMS Services
Central Control
Agent
Component
Communication Manager
Secure
Communication Manager
Connections
Task
Monitoring
Rating
Manager
Module
Module
Monitoring
Rating
Module
Module
Task
Agents
Storage Module
Registration
Manager
Secure
Local
Storage Module
Repository
Storage
Scheduler
Secure
Index and
Connections
Registration
Secure Repository
UNTRUSTED
TRUSTED
Enterprise
23Basic Mechanisms
- Communication authentication based
- on
secure link (SSL) - Delegation authorization
token - (SPKI
based) - Integrity management hash value, digital
signature - Confidentiality encryption
- Survivability documents
replication
24Conclusions
- Usage of distributed cheap resources and agents
to underpin - survivability of data over long time
- P2P architecture viable to decongest central
control - Hybrid control as a balance between full
centralization - and completely distributed control (anarchism)
-
- Trust Assessment to underpin adaptability in
- dynamic distributed environment
- Our approach
- reduces risks in very dynamic environments
(Best Effort) - introduces overhead need for a real-life
trial - requires a sustained number of participants
25Future Trends on Distributed Systems
- Growing importance of Distributed Web Services
- - within Enterprises and across Enterprises
(on the Internet)
- Growing importance of Peer-to-Peer based
environments - - mobile systems/services, collaborative
environments, - dynamic business interactions, resource
sharing, etc.
- Importance of Adaptability of Systems and
Services - to the behaviour of (the involved) resources
- (Reliability and Trustworthiness are crucial
aspects to be considered)
- Key role for Trust Services to reduce Risks and
increase - Accountability
26Backup Slides
27Use Cases
- Agents (on PCs) join or leave the Storage
Service - DERMS Service initiative store, retrieve,
delete - Peers initiative
28Use Case Join
29Use Case Store
30Use Case Retrieve
DERMS Services
5. Return the
1. Request to
document
retrieve a document
Central
3. Retrieve a
Control
Replica
Component
2. Retrieve from the Index a
Peers
list of location where the
document has been stored
4. Decrypt and verify the integrity of the
replica. If the replica is compromised,
repeat step 3.
Collaborative
Enterprise
Environment
31Use Case Delete
32Use Case Peer-to-Peer
33Use Case Monitoring
34Use Case Delegation of Monitoring Tasks
35High Level Architecture
- Information base basic information module and
rating information module - Monitoring module
- Rating module
- Engines for testing, storage, deletion, and
retrieval - Registration module
- keys and identities manager
- Communication manager
36High Level Architecture
May update
May influence
Policy-based and planning components
Engines
Interaction with peers (via communication manager)
Monitoring
37Monitoring Module
List of tasks
Tasks manager
From/to engines
requests
Generator
Delegation manager
From/to information base
Scheduler
38Rating Module
Rating information db
Trust function
Information on peers behaviour
queries
events generator
notifications