Title: Costdriven Security and Reliability for Scalable Distributed Storage Systems
1Cost-driven Security and Reliability for Scalable
Distributed Storage Systems
Giuseppe Ateniese Baruch Awerbuch, Gerald
Masson, Christian Scheideler, Jonathan Shapiro,
Jonathan Stanton
2Motivation
- Scalable, Secure storage with online keys.
- Criminal Records
- Medical Records
3Threat Model
- Both Internal and External attackers.
- Assumptions
- Attackers can compromise machines either
partially or fully. - Network is untrusted.
- Prevent
- Clients from accessing unauthorized information.
- Information from being destroyed or made
unavailable.
4Proactive Security
- Active vs Passive defenses
- Attackers only have limited window of time to
gain information before it is refreshed.
5Details on Proactive security
6Proactive Secret Sharing
7Proactive Secret Sharing (2)
8Proactive RSA
9Proactive Storage
(2, 4) Threshold
1
2
3
4
10Challenges
- Systems
- Implementing practical proactive security.
- Security
- Dynamic algorithm for transforming (k,n) shares
into (t,m) shares. - Storage
- Reliable, fault-tolerant storage of encrypted
data.
11Components
- Cost-Driven security model.
- Secure host platform (EROS).
- Fault-tolerant mapping from hosts to shares.
- Dynamic threshold or secret sharing scheme.
- Data replication and redistribution protocol.
12What is Cost-Driven Security?
- Assigns costs to each attack based on the type of
attack and the characteristics of the host. - Restores systems to secure state every T units of
time. - Benefits
- Models decreased cost to attack second server
similar to the first. - Takes into account partial compromise of a
server. - Considers the cost of attacks to the attacker.
- Accurately distributes trust to heterogeneous
resources.
13Sample Costs
Network
OS RedHat 5.2 Sendmail 8.2 SSH 2.3 QPopper
OS RedHat 7.2 Sendmail 8.9 SSH 2.3 QPopper
0.7
0.4
OS RedHat 7.2 Apache 1.3.20 SSH 2.9
OS Windows 98 File Sharing Internet Explorer 4
0.8
0.1
OS Windows 2000 IIS 4 SQLServer
0.2
0.95
OS OpenBSD 3.0 SSH 3.0
Attacker
14Theory to Practice
- Secure host platform
- EROS Capability based OS
- Restricts services ability to access other system
resources - Secure kernel allows secure restart and refresh.
- Dynamic Adaptation
- Assigning hosts to key shares to replace failed
hosts. - Incremental recalculation of shares for each host
as the number of available hosts changes.
15Data distribution
- Replicate or move data to more secure and
reliable hosts. - Objectives
- Move minimal amount of data.
- Make dynamic,online decisions.
- Decentralized, local decisions.
16Conclusion
- Proactive security can provide a powerful model
of security in distributed storage systems. - Models of attack cost can guide decisions about
where to locate resources. - Work is required to make proactive based storage
systems practical.
17Notes
- This work originated in a proposal to NIST.
Currently, we continue to work on the various
aspects of these ideas.
18(No Transcript)
19Goals
- Confidentiality -- Proactive security on keys
- Reliability -- Replication of files
- Performance -- replication and movement of files
- Cost model underlies all of thesedetermines when
to act to refresh files or keys.