Costdriven Security and Reliability for Scalable Distributed Storage Systems

1
Cost-driven Security and Reliability for Scalable
Distributed Storage Systems
Giuseppe Ateniese Baruch Awerbuch, Gerald
Masson, Christian Scheideler, Jonathan Shapiro,
Jonathan Stanton
2
Motivation

• Scalable, Secure storage with online keys.
• Criminal Records
• Medical Records

3
Threat Model

• Both Internal and External attackers.
• Assumptions
• Attackers can compromise machines either
  partially or fully.
• Network is untrusted.
• Prevent
• Clients from accessing unauthorized information.
• Information from being destroyed or made
  unavailable.

4
Proactive Security

• Active vs Passive defenses
• Attackers only have limited window of time to
  gain information before it is refreshed.

5
Details on Proactive security
6
Proactive Secret Sharing
7
Proactive Secret Sharing (2)
8
Proactive RSA
9
Proactive Storage
(2, 4) Threshold
1
2
3
4
10
Challenges

• Systems
• Implementing practical proactive security.
• Security
• Dynamic algorithm for transforming (k,n) shares
  into (t,m) shares.
• Storage
• Reliable, fault-tolerant storage of encrypted
  data.

11
Components

• Cost-Driven security model.
• Secure host platform (EROS).
• Fault-tolerant mapping from hosts to shares.
• Dynamic threshold or secret sharing scheme.
• Data replication and redistribution protocol.

12
What is Cost-Driven Security?

• Assigns costs to each attack based on the type of
  attack and the characteristics of the host.
• Restores systems to secure state every T units of
  time.
• Benefits
• Models decreased cost to attack second server
  similar to the first.
• Takes into account partial compromise of a
  server.
• Considers the cost of attacks to the attacker.
• Accurately distributes trust to heterogeneous
  resources.

13
Sample Costs
Network
OS RedHat 5.2 Sendmail 8.2 SSH 2.3 QPopper
OS RedHat 7.2 Sendmail 8.9 SSH 2.3 QPopper
0.7
0.4
OS RedHat 7.2 Apache 1.3.20 SSH 2.9
OS Windows 98 File Sharing Internet Explorer 4
0.8
0.1
OS Windows 2000 IIS 4 SQLServer
0.2
0.95
OS OpenBSD 3.0 SSH 3.0
Attacker
14
Theory to Practice

• Secure host platform
• EROS Capability based OS
• Restricts services ability to access other system
  resources
• Secure kernel allows secure restart and refresh.
• Dynamic Adaptation
• Assigning hosts to key shares to replace failed
  hosts.
• Incremental recalculation of shares for each host
  as the number of available hosts changes.

15
Data distribution

• Replicate or move data to more secure and
  reliable hosts.
• Objectives
• Move minimal amount of data.
• Make dynamic,online decisions.
• Decentralized, local decisions.

16
Conclusion

• Proactive security can provide a powerful model
  of security in distributed storage systems.
• Models of attack cost can guide decisions about
  where to locate resources.
• Work is required to make proactive based storage
  systems practical.

17
Notes

• This work originated in a proposal to NIST.
  Currently, we continue to work on the various
  aspects of these ideas.

18
(No Transcript)
19
Goals

• Confidentiality -- Proactive security on keys
• Reliability -- Replication of files
• Performance -- replication and movement of files
• Cost model underlies all of thesedetermines when
  to act to refresh files or keys.