OceanStore: Data Security in an Insecure world John Kubiatowicz.

Slides:



Advertisements
Similar presentations
Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.
Advertisements

Tapestry: Decentralized Routing and Location SPAM Summer 2001 Ben Y. Zhao CS Division, U. C. Berkeley.
What is OceanStore? - 10^10 users with files each - Goals: Durability, Availability, Enc. & Auth, High performance - Worldwide infrastructure to.
Storage management and caching in PAST Antony Rowstron and Peter Druschel Presented to cs294-4 by Owen Cooper.
Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility Antony Rowstron, Peter Druschel Presented by: Cristian Borcea.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
CTO Office Reliability & Security Distinctions and Interactions Hal Lockhart BEA Systems.
POND: the OceanStore Prototype Sean Rhea, Patrick Eaton, Dennis Geels, Hakim Weatherspoon, Ben Zhao and John Kubiatowicz UC, Berkeley File and Storage.
Pond: the OceanStore Prototype CS 6464 Cornell University Presented by Yeounoh Chung.
David Choffnes, Winter 2006 OceanStore Maintenance-Free Global Data StorageMaintenance-Free Global Data Storage, S. Rhea, C. Wells, P. Eaton, D. Geels,
OceanStore: An Infrastructure for Global-Scale Persistent Storage John Kubiatowicz, David Bindel, Yan Chen, Steven Czerwinski, Patrick Eaton, Dennis Geels,
Option 2: The Oceanic Data Utility: Global-Scale Persistent Storage John Kubiatowicz.
1 U.S. Department of the Interior U.S. Geological Survey A Cognitive Agent Based Geospatial Data Distribution System 12 May 2006.
OceanStore Global-Scale Persistent Storage John Kubiatowicz University of California at Berkeley.
OceanStore Exploiting Peer-to-Peer for a Self-Repairing, Secure and Persistent Storage Utility John Kubiatowicz University of California at Berkeley.
Option 2: The Oceanic Data Utility: Global-Scale Persistent Storage John Kubiatowicz.
OceanStore Status and Directions ROC/OceanStore Retreat 1/16/01 John Kubiatowicz University of California at Berkeley.
OceanStore Global-Scale Persistent Storage John Kubiatowicz.
OceanStore: An Architecture for Global-Scale Persistent Storage John Kubiatowicz University of California at Berkeley.
1 OceanStore Global-Scale Persistent Storage Ying Lu CSCE496/896 Spring 2011.
OceanStore Toward Global-Scale, Self-Repairing, Secure and Persistent Storage John Kubiatowicz University of California at Berkeley.
An OceanStore Retrospective John Kubiatowicz University of California at Berkeley.
OceanStore Global-Scale Persistent Storage John Kubiatowicz University of California at Berkeley.
OceanStore An Architecture for Global-scale Persistent Storage By John Kubiatowicz, David Bindel, Yan Chen, Steven Czerwinski, Patrick Eaton, Dennis Geels,
Overview Distributed vs. decentralized Why distributed databases
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Naming and Integrity: Self-Verifying Data in Peer-to-Peer Systems Hakim Weatherspoon, Chris Wells, John Kubiatowicz University of California, Berkeley.
Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.
OceanStore Theoretical Issues and Open Problems John Kubiatowicz University of California at Berkeley.
Weaving a Tapestry Distributed Algorithms for Secure Node Integration, Routing and Fault Handling Ben Y. Zhao (John Kubiatowicz, Anthony Joseph) Fault-tolerant.
OceanStore: An Architecture for Global-Scale Persistent Storage Professor John Kubiatowicz, University of California at Berkeley
Opportunities for Continuous Tuning in a Global Scale File System John Kubiatowicz University of California at Berkeley.
OceanStore Toward Global-Scale, Self-Repairing, Secure and Persistent Storage John Kubiatowicz University of California at Berkeley.
CITRIS Poster Supporting Wide-area Applications Complexities of global deployment  Network unreliability.
Concurrency Control & Caching Consistency Issues and Survey Dingshan He November 18, 2002.
OceanStore/Tapestry Toward Global-Scale, Self-Repairing, Secure and Persistent Storage Anthony D. Joseph John Kubiatowicz Sahara Retreat, January 2003.
Or, Providing High Availability and Adaptability in a Decentralized System Tapestry: Fault-resilient Wide-area Location and Routing Issues Facing Wide-area.
Or, Providing Scalable, Decentralized Location and Routing Network Services Tapestry: Fault-tolerant Wide-area Application Infrastructure Motivation and.
OceanStore Global-Scale Persistent Storage John Kubiatowicz University of California at Berkeley.
OceanStore An Architecture for Global-Scale Persistent Storage Motivation Feature Application Specific Components - Secure Naming - Update - Access Control-
OceanStore: An Architecture for Global - Scale Persistent Storage John Kubiatowicz, David Bindel, Yan Chen, Steven Czerwinski, Patric Eaton, Dennis Geels,
Arnold N. Pears, CoRE Group Uppsala University 3 rd Swedish Networking Workshop Marholmen, September Why Tapestry is not Pastry Presenter.
Failure Resilience in the Peer-to-Peer-System OceanStore Speaker: Corinna Richter.
Pond: the OceanStore Prototype Sean Rhea, Patric Eaton, Dennis Gells, Hakim Weatherspoon, Ben Zhao, and John Kubiatowicz University of California, Berkeley.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
OceanStore: An Infrastructure for Global-Scale Persistent Storage John Kubiatowicz, David Bindel, Yan Chen, Steven Czerwinski, Patrick Eaton, Dennis Geels,
Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.
OceanStore: In Search of Global-Scale, Persistent Storage John Kubiatowicz UC Berkeley.
Distributed Architectures. Introduction r Computing everywhere: m Desktop, Laptop, Palmtop m Cars, Cellphones m Shoes? Clothing? Walls? r Connectivity.
1 More on Plaxton routing There are n nodes, and log B n digits in the id, where B = 2 b The neighbor table of each node consists of - primary neighbors.
OceanStore: An Architecture for Global- Scale Persistent Storage.
Freenet “…an adaptive peer-to-peer network application that permits the publication, replication, and retrieval of data while protecting the anonymity.
Toward Achieving Tapeless Backup at PB Scales Hakim Weatherspoon University of California, Berkeley Frontiers in Distributed Information Systems San Francisco.
POND: THE OCEANSTORE PROTOTYPE S. Rea, P. Eaton, D. Geels, H. Weatherspoon, J. Kubiatowicz U. C. Berkeley.
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
DHCP Vrushali sonar. Outline DHCP DHCPv6 Comparison Security issues Summary.
Large Scale Sharing Marco F. Duarte COMP 520: Distributed Systems September 19, 2004.
Rights Management for Shared Collections Storage Resource Broker Reagan W. Moore
 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.
CS791Aravind Elango Maintenance-Free Global Data Storage Sean Rhea, Chris Wells, Patrick Eaten, Dennis Geels, Ben Zhao, Hakim Weatherspoon and John Kubiatowicz.
OceanStore Global-Scale Persistent Storage John Kubiatowicz University of California at Berkeley.
OceanStore : An Architecture for Global-Scale Persistent Storage Jaewoo Kim, Youngho Yi, Minsik Cho.
Option 2: The Oceanic Data Utility: Global-Scale Persistent Storage
OceanStore: An Architecture for Global-Scale Persistent Storage
OceanStore August 25, 2003 John Kubiatowicz
OceanStore: Data Security in an Insecure world
John D. Kubiatowicz UC Berkeley
Content Distribution Network
Outline for today Oceanstore: An architecture for Global-Scale Persistent Storage – University of California, Berkeley. ASPLOS 2000 Feasibility of a Serverless.
Presentation transcript:

OceanStore: Data Security in an Insecure world John Kubiatowicz

OceanStore:2Networking Day©2001 John Kubiatowicz/UC Berkeley OceanStore Context: Ubiquitous Computing Computing everywhere: –Desktop, Laptop, Palmtop –Cars, Cellphones –Shoes? Clothing? Walls? Connectivity everywhere: –Rapid growth of bandwidth in the interior of the net –Broadband to the home and office –Wireless technologies such as CMDA, Satelite, laser But: Where is persistent information? –Must be the network! –Utility Model

OceanStore:3Networking Day©2001 John Kubiatowicz/UC Berkeley Utility-based Infrastructure Pac Bell Sprint IBM AT&T Canadian OceanStore IBM How many files in the OceanStore? –Assume people, 10,000 files/person (very conservative?) –So files in OceanStore! –If 1 gig files (ok, a stretch), get almost 1 mole of bytes!

OceanStore:4Networking Day©2001 John Kubiatowicz/UC Berkeley Basic Structure: Untrusted, Peer-to-peer Model

OceanStore:5Networking Day©2001 John Kubiatowicz/UC Berkeley But What About Security? End-to-End and Everywhere Else! –Protection at all levels –Data Protected Globally –Attacks recognized and squashed locally How is information protected? –Encryption for privacy –Secure Naming and Signatures for authenticity –Byzantine commitment for integrity Is it Available/Durable? –Redundancy with continuous repair –Redistribution for long-term durability Is it hard to manage? –Automatic optimization, diagnosis and repair

OceanStore:6Networking Day©2001 John Kubiatowicz/UC Berkeley Secure Naming Unique, location independent identifiers: –Every version of every unique entity has a permanent, Globally Unique ID (GUID) –GUIDs derived from secure hashes (e.g. SHA-1) –All OceanStore operations operate on GUIDs Naming hierarchy: –Users map from names to GUIDs via hierarchy of OceanStore objects (ala SDSI) Each link is either a GUID (RO) Or a GUID/public key combination Foo Bar Baz Myfile Out-of-Band “Root link”

OceanStore:7Networking Day©2001 John Kubiatowicz/UC Berkeley GUIDs  Secure Pointers Name+Key Active GUID Global Object Resolutions Floating Replica (Active Object) Active Data Commit Logs CKPoint GUID Archival GUID Signature RP Keys ACLs MetaData Global Object Resolution Archival copy or snapshot Archival copy or snapshot Archival copy or snapshot Erasure Coded Archival GUID Signature Inactive Object Global Object Resolution

OceanStore:8Networking Day©2001 John Kubiatowicz/UC Berkeley But What About the Red Arrows? Location-Independent Routing!

OceanStore:9Networking Day©2001 John Kubiatowicz/UC Berkeley Start with: Tapestry Routing Mesh NodeID 0x43FE NodeID 0x13FE NodeID 0xABFE NodeID 0x1290 NodeID 0x239E NodeID 0x73FE NodeID 0x423E NodeID 0x79FE NodeID 0x23FE NodeID 0x73FF NodeID 0x555E NodeID 0x035E NodeID 0x44FE NodeID 0x9990 NodeID 0xF990 NodeID 0x993E NodeID 0x04FE NodeID 0x43FE

OceanStore:10Networking Day©2001 John Kubiatowicz/UC Berkeley Then add: Location-Independent Routing

OceanStore:11Networking Day©2001 John Kubiatowicz/UC Berkeley Secure Routing Node names are hash of public key –Requests can be signed –Validate Responses in Request/response pairs Data validation built into network: –Pointers signed –Publication process verified –Responses from servers verified by checking GUIDs Denial of Service resilence: locality/redundancy –MACs along all links: local suppression of DoS –Multiple roots to avoid single points of failure –Multiple links for rapid recovery –Pointers provide locality: Find closest version of object

OceanStore:12Networking Day©2001 John Kubiatowicz/UC Berkeley What about Update Integrity? Byzantine Agreement!

OceanStore:13Networking Day©2001 John Kubiatowicz/UC Berkeley The Path of an OceanStore Update

OceanStore:14Networking Day©2001 John Kubiatowicz/UC Berkeley Consistency Mechanism applied directly to encrypted data!

OceanStore:15Networking Day©2001 John Kubiatowicz/UC Berkeley Archival Dissemination Built into Update

OceanStore:16Networking Day©2001 John Kubiatowicz/UC Berkeley Conclusion: End-to-End and Everywhere Else Secure read-only data Secure the commitment protocols Secure the routing infrastructure Continuous adaptation and repair For more information:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.