SPORC Group Collaboration using Untrusted Cloud Resources 1SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/10 Ariel J. Feldman,

Slides:



Advertisements
Similar presentations
Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Social Networking with Frientegrity Ariel J. Feldman Usenix Security.
Advertisements

Off-the-Record Communication, or, Why Not To Use PGP
Depot: Cloud Storage with Minimal Trust OSDI 2010 Prince Mahajan, Srinath Setty, Sangmin Lee, Allen Clement, Lorenzo Alvisi, Mike Dahlin, and Michael Walfish.
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
SUNDR: Secure Untrusted Data Repository
SPORC: Group Collaboration using Untrusted Cloud Resources Ariel J. Feldman, William P. Zeller, Michael J. Freedman, Edward W. Felten Published in OSDI’2010.
Offline Untrusted Storage with Immediate Detection of Forking and Replay Attacks Marten van Dijk, Jonathan Rhodes, Luis Sarmenta Srini Devadas MIT Computer.
Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.
1 Attested Append-Only Memory: Making Adversaries Stick to their Word Byung-Gon Chun (ICSI) October 15, 2007 Joint work with Petros Maniatis (Intel Research,
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
1 Venus: Verification for Untrusted Cloud Storage Christian Cachin Idit Keidar, Asaf Cidon, Yan Michalevsky, Dani Shaket IBM Research Zurch Technion, Israel.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
1 Detecting Logic Vulnerabilities in E- Commerce Applications Presenter: Liu Yin Slides Adapted from Fangqi Sun Computer Science Department College of.
Dynasis Secure Group Information Sharing System ADVISOR: DR. AWAIS SHIBLI CO-ADVISOR: DR. ABDUL GHAFOOR GROUP MEMBERS: MANSOOR AHMED SAIF ULLAH YASIR.
PORTIA Robert Grimm New York University Security Challenges for Rich-Media Educational Environments.
MetaSync File Synchronization Across Multiple Untrusted Storage Services Seungyeop Han Haichen Shen, Taesoo Kim*, Arvind Krishnamurthy,
Institut Mines-Télécom “Digital Safe Client via HTML5 ” Mayssa JEMEL Ahmed SERHROUCHNI Journée: Cloud Coffre Fort Numérique 26 Février 2015.
Sorting Out Digital Certificates Bill blog.codingoutloud.com ··· Boston Azure ··· 13·Dec·2012 ···
SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.
Chapter 31 Network Security
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
Cloud Computing & Security Issues Prepared by: Hamoud Al-Shammari CS 6910 Summer, 2011 University of Colorado at Colorado Springs Engineering & Applied.
Orbe: Scalable Causal Consistency Using Dependency Matrices & Physical Clocks Jiaqing Du, EPFL Sameh Elnikety, Microsoft Research Amitabha Roy, EPFL Willy.
Digital Object Architecture
Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Prateek Basavaraj April 9 th 2014.
Project Presentation Students: Yan Michalevsky Asaf Cidon Supervisors: Alexander Shraer Assoc. Prof. Idit Keidar.
 Fast Conflict Detection for Jae young Bang March 8 th, 2011 Remote Collaborative Software Modeling.
Cryptography, Authentication and Digital Signatures
COLLABORATIVE TEXT EDITOR Multiple users distributed geographically can access the same document simultaneously. CHARACTERISTICS – high concurrency –
Trusted Platform Modules for Encrypted File System Access Control Steven Houston & Thomas Kho CS 252 May 9, 2007 Steven Houston & Thomas Kho CS 252 May.
Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.
Presented by: Sanketh Beerabbi University of Central Florida.
Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.
Eiger: Stronger Semantics for Low-Latency Geo-Replicated Storage Wyatt Lloyd * Michael J. Freedman * Michael Kaminsky † David G. Andersen ‡ * Princeton,
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Module 7 Planning and Deploying Messaging Compliance.
Carnegie Mellon Increasing Intrusion Tolerance Via Scalable Redundancy Mike Reiter Natassa Ailamaki Greg Ganger Priya Narasimhan Chuck Cranor.
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz
Efficient Fork-Linearizable Access to Untrusted Shared Memory Presented by: Alex Shraer (Technion) IBM Zurich Research Laboratory Christian Cachin IBM.
A A E E D D C C B B # Symmetric Keys = n*(n-1)/2 F F
GIS in the cloud: implementing a Web Map Service on Google App Engine Jon Blower Reading e-Science Centre University of Reading United Kingdom
1 Secure Peer-to-Peer File Sharing Frans Kaashoek, David Karger, Robert Morris, Ion Stoica, Hari Balakrishnan MIT Laboratory.
Database security Diego Abella. Database security Global connection increase database security problems. Database security is the system, processes, and.
Copyright © 2006, GemStone Systems Inc. All Rights Reserved. Increasing computation throughput with Grid Data Caching Jags Ramnarayan Chief Architect GemStone.
The Hierarchical Trust Model. PGP Certificate Server details Fast, efficient key repository –LDAP, HTTP interfaces Secure remote administration –“Pending”
SELS: A Secure List Service Himanshu Khurana, Adam Slagell, Rafael Bonilla NCSA, University of Illinois Appeared in the ACM Symposium of Applied.
1 Thierry Titcheu Chekam 1,2, Ennan Zhai 3, Zhenhua Li 1, Yong Cui 4, Kui Ren 5 1 School of Software, TNLIST, and KLISS MoE, Tsinghua University 2 Interdisciplinary.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
CMSC 818J: Privacy enhancing technologies Lecture 2.
Key management issues in PGP
Conflict Resolution (OT), Crypto, and Untrusted Cloud Services
Unit 3 Section 6.4: Internet Security
Computer Communication & Networks
Letsignit, an Automated Signature Solution for Microsoft Office 365 and Microsoft Exchange, Provides Efficiency in Branding and Customization OFFICE.
COMP3220 Web Infrastructure COMP6218 Web Architecture
Security & .NET 12/1/2018.
A Redundant Global Storage Architecture
CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9
X-Road as a Platform to Exchange MyData
Scalable Causal Consistency
Letsignit, an Automated Signature Solution for Microsoft Office 365 and Microsoft Exchange, Provides Efficiency in Branding and Customization OFFICE.
CDK: Chapter 7 TvS: Chapter 9
Presentation transcript:

SPORC Group Collaboration using Untrusted Cloud Resources 1SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/10 Ariel J. Feldman, William P. Zeller, Michael J. Freedman, Edward W. Felten

Cloud deployment: pro & con Cloud deployment is attractive Scalable, highly available, globally accessible Real-time collaboration 2SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/10 For user-facing applications : (e.g. word processing, calendaring, , IM) But, there’s a price… Must trust the cloud provider for confidentiality and integrity …

SPORC goals SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/103 Untrusted servers Can’t read user data Can’t tamper with user data without risking detection Clients can recover from tampering Practical cloud apps Flexible framework Real-time collaboration Work offline

Server Making servers untrusted SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/104 Encrypted state Encrypted state App logic SPORC Server’s limited role: Storage Ordering msgs State Client 1 Copy of state App logic Client 2 Copy of state App logic Client App logic Server

Problem #1: SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/105 Client 1 Copy of state App logic Client 2 Copy of state App logic Client How do you keep clients’ local copies consistent? (esp. with offline access) Server Encrypted state Encrypted state

Problem #2: SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/106 Client 1 Copy of state App logic Client 2 Copy of state App logic Client How do you deal with a malicious server? Encrypted state Encrypted state

Keeping clients in sync SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/107 Operational transformation (OT) [EG89] (Used in Google Docs, EtherPad, etc.) AliceBob Server ins “ABC” ins “DE” del 4del 2 ins “ABC” ins “DE” Ops: State: ABCDE ACDE ABCE del 4del 2 del 4 del 2del 4 ACD ACE del 2del 3 T T ACE OT can sync arbitrarily divergent clients Ops: State:

Dealing with a malicious server Digital signatures aren’t enough Server can equivocate SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/108 AC fork* consistency [LM07] Honest server: linearizability Malicious server: Alice and Bob detect equivocation after exchanging 2 messages Embed history hash in every message Server can still fork the clients, but can’t unfork Client

System design SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/109 Client app Local state Local state SPORC lib

System design SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1010 Client app Local state Local state SPORC lib CommittedPending fork* consistent fork* consistent causally consistent causally consistent

System design SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1011 Client app Local state Local state SPORC lib CommittedPending Server Encrypted state Encrypt & sign

System design SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1012 Client app Local state Local state SPORC lib CommittedPending Server Encrypted state Client Verify & decrypt Compare history hashes

System design SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1013 Client app Local state Local state SPORC lib CommittedPending Server Encrypted state Client Decrypt & verify T

System design SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1014 Client app Local state Local state SPORC lib CommittedPending Server Encrypted state Client T

Access control SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1015 Challenges Server can’t do it — it’s untrusted! Preserving causality Concurrency makes it harder Solutions Ops encrypted with symmetric key shared by clients ACL changes are ops too Concurrent ACL changes handled with barriers Encrypted state Encrypted state

Adding a user SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1016 AliceBob Server Charlie Group members:

Removing a user SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1017 AliceBob Server Charlie Group members: ModifyUserOp Rm “Charlie” E alice_pk (k’) E bob_pk (k’) E k’ (k)

BARRIER Barriers: dealing with concurrency SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1018 AliceBob Server Group members: ModifyUserOp Rm “Eve” E k2 (k) 10 ModifyUserOp Rm “Charlie” E k1 (k) … Clients check on the server

Recovering from a fork SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1019 Alice’s history: Bob’s history: Can use OT to resolve malicious forks too Fork!

Implementation SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1020 Client lib + generic server App devs only need to define ops and provide a transformation function Demo apps: key value store, browser-based collaborative text editor Java CLI version + browser-based version (GWT)

Evaluation SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1021 Setup Tested Java CLI version 8-core 2.3 GHz AMD machines 1 for server 4 for clients (often >1 instance per machine) Gigabit LAN Microbenchmarks Latency Server throughput Time-to-join (in paper)

Latency SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1022 Low load (1 client writer) High load (all clients are writers) (Text editor app)

Latency SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1023 Low load (1 client writer) High load (all clients are writers) (Text editor app)

Server throughput SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1024

Conclusion SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1025 Practical cloud apps + untrusted servers Operational transformation + fork* consistency Dynamic access control and key distribution Recovery from malicious forks

Thank you SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1026 Questions? * *

Comparison with Depot SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1027 Future work: SPORC + Depot? ;-) SPORCDepot Consistency with malicious servers ✔✔ Consistency with malicious clients ✔ Fork recovery ✔✔ Work offline ✔✔ Dynamic access control ✔ Confidentiality and key distribution ✔ Depot exposes conflicts, but leaves it to the app to resolve them

Time-to-join SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1028

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.