Presentation is loading. Please wait.

Presentation is loading. Please wait.

SPORC Group Collaboration using Untrusted Cloud Resources 1SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/10 Ariel J. Feldman,

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "SPORC Group Collaboration using Untrusted Cloud Resources 1SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/10 Ariel J. Feldman,"— Presentation transcript:

1 SPORC Group Collaboration using Untrusted Cloud Resources 1SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/10 Ariel J. Feldman, William P. Zeller, Michael J. Freedman, Edward W. Felten

2 Cloud deployment: pro & con Cloud deployment is attractive Scalable, highly available, globally accessible Real-time collaboration 2SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/10 For user-facing applications : (e.g. word processing, calendaring, e-mail, IM) But, there’s a price… Must trust the cloud provider for confidentiality and integrity …

3 SPORC goals SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/103 Untrusted servers Can’t read user data Can’t tamper with user data without risking detection Clients can recover from tampering Practical cloud apps Flexible framework Real-time collaboration Work offline

4 Server Making servers untrusted SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/104 Encrypted state Encrypted state App logic SPORC Server’s limited role: Storage Ordering msgs State Client 1 Copy of state App logic Client 2 Copy of state App logic Client App logic Server

5 Problem #1: SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/105 Client 1 Copy of state App logic Client 2 Copy of state App logic Client How do you keep clients’ local copies consistent? (esp. with offline access) Server Encrypted state Encrypted state

6 Problem #2: SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/106 Client 1 Copy of state App logic Client 2 Copy of state App logic Client How do you deal with a malicious server? Encrypted state Encrypted state

7 Keeping clients in sync SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/107 Operational transformation (OT) [EG89] (Used in Google Docs, EtherPad, etc.) AliceBob Server ins “ABC” ins “DE” del 4del 2 ins “ABC” ins “DE” Ops: State: ABCDE ACDE ABCE del 4del 2 del 4 del 2del 4 ACD ACE del 2del 3 T T ACE OT can sync arbitrarily divergent clients Ops: State:

8 Dealing with a malicious server Digital signatures aren’t enough Server can equivocate SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/108 AC fork* consistency [LM07] Honest server: linearizability Malicious server: Alice and Bob detect equivocation after exchanging 2 messages Embed history hash in every message Server can still fork the clients, but can’t unfork Client

9 System design SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/109 Client app Local state Local state SPORC lib

10 System design SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1010 Client app Local state Local state SPORC lib CommittedPending fork* consistent fork* consistent causally consistent causally consistent

11 System design SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1011 Client app Local state Local state SPORC lib CommittedPending Server Encrypted state Encrypt & sign

12 System design SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1012 Client app Local state Local state SPORC lib CommittedPending Server Encrypted state Client Verify & decrypt Compare history hashes

13 System design SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1013 Client app Local state Local state SPORC lib CommittedPending Server Encrypted state Client Decrypt & verify T

14 System design SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1014 Client app Local state Local state SPORC lib CommittedPending Server Encrypted state Client T

15 Access control SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1015 Challenges Server can’t do it — it’s untrusted! Preserving causality Concurrency makes it harder Solutions Ops encrypted with symmetric key shared by clients ACL changes are ops too Concurrent ACL changes handled with barriers Encrypted state Encrypted state

16 Adding a user SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1016 AliceBob Server Charlie Group members:

17 Removing a user SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1017 AliceBob Server Charlie Group members: ModifyUserOp Rm “Charlie” E alice_pk (k’) E bob_pk (k’) E k’ (k)

18 BARRIER Barriers: dealing with concurrency SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1018 AliceBob Server Group members: ModifyUserOp Rm “Eve” E k2 (k) 10 ModifyUserOp Rm “Charlie” E k1 (k) 9 9 8 8 … Clients check on the server

19 Recovering from a fork SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1019 Alice’s history: Bob’s history: Can use OT to resolve malicious forks too Fork!

20 Implementation SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1020 Client lib + generic server App devs only need to define ops and provide a transformation function Demo apps: key value store, browser-based collaborative text editor Java CLI version + browser-based version (GWT)

21 Evaluation SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1021 Setup Tested Java CLI version 8-core 2.3 GHz AMD machines 1 for server 4 for clients (often >1 instance per machine) Gigabit LAN Microbenchmarks Latency Server throughput Time-to-join (in paper)

22 Latency SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1022 Low load (1 client writer) High load (all clients are writers) (Text editor app)

23 Latency SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1023 Low load (1 client writer) High load (all clients are writers) (Text editor app)

24 Server throughput SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1024

25 Conclusion SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1025 Practical cloud apps + untrusted servers Operational transformation + fork* consistency Dynamic access control and key distribution Recovery from malicious forks

26 Thank you SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1026 Questions? ajfeldma@cs.princeton.edu * *http://www.snowpeak.com/tableware/cutlery/titanium-original-spork-sct-004.html

27 Comparison with Depot SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1027 Future work: SPORC + Depot? ;-) SPORCDepot Consistency with malicious servers ✔✔ Consistency with malicious clients ✔ Fork recovery ✔✔ Work offline ✔✔ Dynamic access control ✔ Confidentiality and key distribution ✔ Depot exposes conflicts, but leaves it to the app to resolve them

28 Time-to-join SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/1028

Download ppt "SPORC Group Collaboration using Untrusted Cloud Resources 1SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/10 Ariel J. Feldman,"

Similar presentations

Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Social Networking with Frientegrity Ariel J. Feldman Usenix Security.

Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Social Networking with Frientegrity Ariel J. Feldman Usenix Security.
Off-the-Record Communication, or, Why Not To Use PGP

Off-the-Record Communication, or, Why Not To Use PGP
Depot: Cloud Storage with Minimal Trust OSDI 2010 Prince Mahajan, Srinath Setty, Sangmin Lee, Allen Clement, Lorenzo Alvisi, Mike Dahlin, and Michael Walfish.

Depot: Cloud Storage with Minimal Trust OSDI 2010 Prince Mahajan, Srinath Setty, Sangmin Lee, Allen Clement, Lorenzo Alvisi, Mike Dahlin, and Michael Walfish.
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
SUNDR: Secure Untrusted Data Repository

SUNDR: Secure Untrusted Data Repository
SPORC: Group Collaboration using Untrusted Cloud Resources Ariel J. Feldman, William P. Zeller, Michael J. Freedman, Edward W. Felten Published in OSDI’2010.

SPORC: Group Collaboration using Untrusted Cloud Resources Ariel J. Feldman, William P. Zeller, Michael J. Freedman, Edward W. Felten Published in OSDI’2010.
Offline Untrusted Storage with Immediate Detection of Forking and Replay Attacks Marten van Dijk, Jonathan Rhodes, Luis Sarmenta Srini Devadas MIT Computer.

Offline Untrusted Storage with Immediate Detection of Forking and Replay Attacks Marten van Dijk, Jonathan Rhodes, Luis Sarmenta Srini Devadas MIT Computer.
Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.

Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.
1 Attested Append-Only Memory: Making Adversaries Stick to their Word Byung-Gon Chun (ICSI) October 15, 2007 Joint work with Petros Maniatis (Intel Research,

1 Attested Append-Only Memory: Making Adversaries Stick to their Word Byung-Gon Chun (ICSI) October 15, 2007 Joint work with Petros Maniatis (Intel Research,
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.

Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
1 Venus: Verification for Untrusted Cloud Storage Christian Cachin Idit Keidar, Asaf Cidon, Yan Michalevsky, Dani Shaket IBM Research Zurch Technion, Israel.

1 Venus: Verification for Untrusted Cloud Storage Christian Cachin Idit Keidar, Asaf Cidon, Yan Michalevsky, Dani Shaket IBM Research Zurch Technion, Israel.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
1 Detecting Logic Vulnerabilities in E- Commerce Applications Presenter: Liu Yin Slides Adapted from Fangqi Sun Computer Science Department College of.

1 Detecting Logic Vulnerabilities in E- Commerce Applications Presenter: Liu Yin Slides Adapted from Fangqi Sun Computer Science Department College of.
Dynasis Secure Group Information Sharing System ADVISOR: DR. AWAIS SHIBLI CO-ADVISOR: DR. ABDUL GHAFOOR GROUP MEMBERS: MANSOOR AHMED SAIF ULLAH YASIR.

Dynasis Secure Group Information Sharing System ADVISOR: DR. AWAIS SHIBLI CO-ADVISOR: DR. ABDUL GHAFOOR GROUP MEMBERS: MANSOOR AHMED SAIF ULLAH YASIR.
PORTIA Robert Grimm New York University Security Challenges for Rich-Media Educational Environments.

PORTIA Robert Grimm New York University Security Challenges for Rich-Media Educational Environments.
MetaSync File Synchronization Across Multiple Untrusted Storage Services Seungyeop Han Haichen Shen, Taesoo Kim*, Arvind Krishnamurthy,

MetaSync File Synchronization Across Multiple Untrusted Storage Services Seungyeop Han Haichen Shen, Taesoo Kim*, Arvind Krishnamurthy,
Institut Mines-Télécom “Digital Safe Client via HTML5 ” Mayssa JEMEL Ahmed SERHROUCHNI Journée: Cloud Coffre Fort Numérique 26 Février 2015.

Institut Mines-Télécom “Digital Safe Client via HTML5 ” Mayssa JEMEL Ahmed SERHROUCHNI Journée: Cloud Coffre Fort Numérique 26 Février 2015.

Similar presentations

Ads by Google