Presentation is loading. Please wait.

Presentation is loading. Please wait.

OceanStore: Data Security in an Insecure world

Published bySusanto Yohanes Pranoto Modified over 6 years ago

Similar presentations

Presentation on theme: "OceanStore: Data Security in an Insecure world"— Presentation transcript:

1 OceanStore: Data Security in an Insecure world
John Kubiatowicz

2 OceanStore Context: Ubiquitous Computing
Computing everywhere: Desktop, Laptop, Palmtop Cars, Cellphones Shoes? Clothing? Walls? Connectivity everywhere: Rapid growth of bandwidth in the interior of the net Broadband to the home and office Wireless technologies such as CMDA, Satelite, laser But: Where is persistent information? Must be the network! Utility Model

3 Utility-based Infrastructure
Pac Bell Sprint IBM AT&T Canadian OceanStore Utility-based Infrastructure How many files in the OceanStore? Assume 1010 people, 10,000 files/person (very conservative?) So 1014 files in OceanStore! If 1 gig files (ok, a stretch), get almost 1 mole of bytes!

4 Basic Structure: Untrusted, Peer-to-peer Model

5 But What About Security?
End-to-End and Everywhere Else! Protection at all levels Data Protected Globally Attacks recognized and squashed locally How is information protected? Encryption for privacy Secure Naming and Signatures for authenticity Byzantine commitment for integrity Is it Available/Durable? Redundancy with continuous repair Redistribution for long-term durability Is it hard to manage? Automatic optimization, diagnosis and repair

6 Secure Naming Unique, location independent identifiers:
Every version of every unique entity has a permanent, Globally Unique ID (GUID) GUIDs derived from secure hashes (e.g. SHA-1) All OceanStore operations operate on GUIDs Naming hierarchy: Users map from names to GUIDs via hierarchy of OceanStore objects (ala SDSI) Each link is either a GUID (RO) Or a GUID/public key combination Foo Bar Baz Myfile Out-of-Band “Root link”

7 GUIDs Secure Pointers
Name+Key Active GUID Archival GUID Signature Inactive Object Global Object Resolution Global Object Resolution Archival copy or snapshot Erasure Coded Global Object Resolutions Floating Replica (Active Object) Active Data Commit Logs CKPoint GUID Archival GUID Signature RP Keys ACLs MetaData

8 But What About the Red Arrows? Location-Independent Routing!

9 Start with: Tapestry Routing Mesh
4 2 3 1 NodeID 0x43FE NodeID 0x43FE 0x13FE 0xABFE 0x1290 0x239E 0x73FE 0x423E 0x79FE 0x23FE 0x73FF 0x555E 0x035E 0x44FE 0x9990 0xF990 0x993E 0x04FE

10 Then add: Location-Independent Routing

11 Secure Routing Node names are hash of public key
Requests can be signed Validate Responses in Request/response pairs Data validation built into network: Pointers signed Publication process verified Responses from servers verified by checking GUIDs Denial of Service resilence: locality/redundancy MACs along all links: local suppression of DoS Multiple roots to avoid single points of failure Multiple links for rapid recovery Pointers provide locality: Find closest version of object

12 What about Update Integrity? Byzantine Agreement!

13 The Path of an OceanStore Update

14 Consistency Mechanism applied directly to encrypted data!

15 Archival Dissemination Built into Update

16 Conclusion: End-to-End and Everywhere Else
Secure read-only data Secure the commitment protocols Secure the routing infrastructure Continuous adaptation and repair For more information:

Download ppt "OceanStore: Data Security in an Insecure world"

Similar presentations

Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.

Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.
Tapestry: Decentralized Routing and Location SPAM Summer 2001 Ben Y. Zhao CS Division, U. C. Berkeley.

Tapestry: Decentralized Routing and Location SPAM Summer 2001 Ben Y. Zhao CS Division, U. C. Berkeley.
What is OceanStore? - 10^10 users with 10.000 files each - Goals: Durability, Availability, Enc. & Auth, High performance - Worldwide infrastructure to.

What is OceanStore? - 10^10 users with files each - Goals: Durability, Availability, Enc. & Auth, High performance - Worldwide infrastructure to.
Storage management and caching in PAST Antony Rowstron and Peter Druschel Presented to cs294-4 by Owen Cooper.

Storage management and caching in PAST Antony Rowstron and Peter Druschel Presented to cs294-4 by Owen Cooper.
CTO Office Reliability & Security Distinctions and Interactions Hal Lockhart BEA Systems.

CTO Office Reliability & Security Distinctions and Interactions Hal Lockhart BEA Systems.
POND: the OceanStore Prototype Sean Rhea, Patrick Eaton, Dennis Geels, Hakim Weatherspoon, Ben Zhao and John Kubiatowicz UC, Berkeley File and Storage.

POND: the OceanStore Prototype Sean Rhea, Patrick Eaton, Dennis Geels, Hakim Weatherspoon, Ben Zhao and John Kubiatowicz UC, Berkeley File and Storage.
Pond: the OceanStore Prototype CS 6464 Cornell University Presented by Yeounoh Chung.

Pond: the OceanStore Prototype CS 6464 Cornell University Presented by Yeounoh Chung.
David Choffnes, Winter 2006 OceanStore Maintenance-Free Global Data StorageMaintenance-Free Global Data Storage, S. Rhea, C. Wells, P. Eaton, D. Geels,

David Choffnes, Winter 2006 OceanStore Maintenance-Free Global Data StorageMaintenance-Free Global Data Storage, S. Rhea, C. Wells, P. Eaton, D. Geels,
OceanStore: An Infrastructure for Global-Scale Persistent Storage John Kubiatowicz, David Bindel, Yan Chen, Steven Czerwinski, Patrick Eaton, Dennis Geels,

OceanStore: An Infrastructure for Global-Scale Persistent Storage John Kubiatowicz, David Bindel, Yan Chen, Steven Czerwinski, Patrick Eaton, Dennis Geels,
Option 2: The Oceanic Data Utility: Global-Scale Persistent Storage John Kubiatowicz.

Option 2: The Oceanic Data Utility: Global-Scale Persistent Storage John Kubiatowicz.
1 U.S. Department of the Interior U.S. Geological Survey A Cognitive Agent Based Geospatial Data Distribution System 12 May 2006.

1 U.S. Department of the Interior U.S. Geological Survey A Cognitive Agent Based Geospatial Data Distribution System 12 May 2006.
OceanStore Global-Scale Persistent Storage John Kubiatowicz University of California at Berkeley.

OceanStore Global-Scale Persistent Storage John Kubiatowicz University of California at Berkeley.
OceanStore Exploiting Peer-to-Peer for a Self-Repairing, Secure and Persistent Storage Utility John Kubiatowicz University of California at Berkeley.

OceanStore Exploiting Peer-to-Peer for a Self-Repairing, Secure and Persistent Storage Utility John Kubiatowicz University of California at Berkeley.
Option 2: The Oceanic Data Utility: Global-Scale Persistent Storage John Kubiatowicz.

Option 2: The Oceanic Data Utility: Global-Scale Persistent Storage John Kubiatowicz.
OceanStore Status and Directions ROC/OceanStore Retreat 1/16/01 John Kubiatowicz University of California at Berkeley.

OceanStore Status and Directions ROC/OceanStore Retreat 1/16/01 John Kubiatowicz University of California at Berkeley.
OceanStore Global-Scale Persistent Storage John Kubiatowicz.

OceanStore Global-Scale Persistent Storage John Kubiatowicz.
OceanStore: An Architecture for Global-Scale Persistent Storage John Kubiatowicz University of California at Berkeley.

OceanStore: An Architecture for Global-Scale Persistent Storage John Kubiatowicz University of California at Berkeley.
1 OceanStore Global-Scale Persistent Storage Ying Lu CSCE496/896 Spring 2011.

1 OceanStore Global-Scale Persistent Storage Ying Lu CSCE496/896 Spring 2011.
OceanStore Toward Global-Scale, Self-Repairing, Secure and Persistent Storage John Kubiatowicz University of California at Berkeley.

OceanStore Toward Global-Scale, Self-Repairing, Secure and Persistent Storage John Kubiatowicz University of California at Berkeley.
OceanStore Global-Scale Persistent Storage John Kubiatowicz University of California at Berkeley.

OceanStore Global-Scale Persistent Storage John Kubiatowicz University of California at Berkeley.

Similar presentations

Ads by Google