Presentation is loading. Please wait.

Presentation is loading. Please wait.

Towards Scalable and Robust Distributed Systems Christian Scheideler Institut für Informatik Technische Universität München.

Published byAvice Cooper Modified over 9 years ago

Similar presentations

Presentation on theme: "Towards Scalable and Robust Distributed Systems Christian Scheideler Institut für Informatik Technische Universität München."— Presentation transcript:

1 Towards Scalable and Robust Distributed Systems Christian Scheideler Institut für Informatik Technische Universität München

2 Basic Goals Correctness EfficiencyRobustness ??

3 Development of Computer Correctness, Efficiency, Robustness

4 Four Commandments of Distributed Systems 1.You shall not sleep. 2.You shall not lie. 3.You shall not steal. 4.You shall not kill. Not enforceable in open distributed systems! Countermeasures: 1.Algorithmic solution as long as majority awake. 2.Cryptography, error-correcting codes, verifiable secret sharing,... 3.Serious problem! (viruses, phishing, DRM,...) 4.Serious problem! (DoS attacks)

5 Fundamental Dilemma Efficiency: Minimize resources needed for operations Robustness: Maximize resources needed for attacks Scalable systems are easy to attack!!

6 Options 1.Restriction to „legal“ attacks –join-leave attacks –insert-lookup attacks 2.New paradigm

7 Join-Leave Attacks Peer-to-peer systems have attracted a lot of attention in recent years In open peer-to-peer systems peers may frequently join and leave

8 Join-Leave Model n honest peers  n adversarial peers,  <1 Operations: Join(v): peer v joins the system Leave(v): peer v leaves the system Goal: maintain scalability and robustness for any sequence of polynomially many adversarial rejoin (leave+join) requests

9 More specific goal n honest peers,  n adversarial peers every peer has point in [0,1) For any interval I ½ [0,1) of size (c log n)/n: Balancing condition:  (log n) peers in I Majority condition: honest peers in majority

10 How to satisfy conditions? Chord: uses cryptographic hash function to map peers to points in [0,1) randomly distributes honest peers does not randomly distribute adversarial peers

11 How to satisfy conditions? CAN: map peers to random points in [0,1)

12 How to satisfy conditions? Group spreading [AS04]: Map peers to random points in [0,1) Limit lifetime of peers Too expensive!

13 How to satisfy conditions? Rule that works: k-cuckoo rule [AS06a] evict k/n-region n honest  n adversarial   < 1-1/k Rejoin: leave and join via k-cuckoo rule

14 Limitation of k-cuckoo rule Only works for any sequence of rejoin requests of adversarial peers. Does not work for any sequence of rejoin requests.

15 k-flip&cuckoo rule [AS07] Join: as before (k-cuckoo rule) Leave: random k/n-region among c log n neighboring k/n-regions, empty & flip it with random k/n-region n honest  n adversarial flip

16 DoS-attacks??? Attacks oblivious to random bits: OK Attacks adaptive to random bits:

17 Insert-lookup attacks Mehlhorn & Vishkin 84: Any step of a CRCW PRAM can be simulated on a distributed memory system in O(log 2 n) time (n: # processors). Needs O(log n) hash functions with certain expansion properties. Uses combining and filtering.

18 DoS attacks??? Oblivious DoS attacks: Random peer distribution Adaptive DoS attacks: Past insider DoS attacks? Adversary knows everything till time t

19 Past insider DoS attack Dilemma: Explicit data structure can only make polylog updates to be scalable, so easy to attack Fixed hash function: insert and lookup cheap, but easy to attack Random placement: difficult to attack, but insert and lookup expensive Combine fixed hashing with random placement!!

20 What about arbitrary DoS attacks???

21 The problem is not openness. The problem is exposure.

22 Some Facts More than 90% of Emails is SPAM Thousands of software bugs per year ~3 days until virus developed for bug, but 31 days till patch available ~8000 denial-of-service attacks per day >150.000 phishing attacks per year

23 Can exposure be prevented without losing openness???

24 Laws of Robustness Owner consent and control Principle of least authority

25 Not just for computers [EU Recommendation on privacy of medical data1997, U.S. OCR HIPAA act] Owner consent and control: Patients should have full control over their medical data. Principle of least authority: Access should only be given to information necessary for the diagnosis and treatment.

26 Demands Principle of least authority: Not more knowledge than necessary. Not more rights than necessary. Owner consent and control: Universality: freedom of choice Simplicity: consequences transparent

27 New Paradigm Subjects Objects Relay points

28 Subjects and Objects Atomic, anonymous, active, static, only reachable via relay points Atomic, anonymous, passive, dynamic data, cannot be copied, info only accessible via keys Consent and control, least authority? Fixed identity, fixed outgoing connection, incoming connections controlled by owner

29 Descendents Resource control MotherChild Consent and control, least authority? communication Creation of new child:

30 First contact R Public identity (TAN) Subjects have no identity Relay points have fixed identities (that are not accessible by applications) Outgoing connections cannot be changed A B R Consent and control, least authority?

31 Introduction B>A AB C A>B Consent and control, least authority? R>B R

32 Realization Internet ISP Relay points

33 Current State Simulation environment available (see www14.in.tum.de/personen/scheideler) Used in lectures Talks to set up DFG project and realize paradigm as operating system kernel

34 Questions?

Download ppt "Towards Scalable and Robust Distributed Systems Christian Scheideler Institut für Informatik Technische Universität München."

Similar presentations

Operating System Security

Operating System Security
Stefan Schmid & Christian Scheideler Dept. of Computer Science

Stefan Schmid & Christian Scheideler Dept. of Computer Science
P2P data retrieval DHT (Distributed Hash Tables) Partially based on Hellerstein’s presentation at VLDB2004.

P2P data retrieval DHT (Distributed Hash Tables) Partially based on Hellerstein’s presentation at VLDB2004.
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
Replication Strategies in Unstructured Peer-to-Peer Networks Edith Cohen Scott Shenker This is a modified version of the original presentation by the authors.

Replication Strategies in Unstructured Peer-to-Peer Networks Edith Cohen Scott Shenker This is a modified version of the original presentation by the authors.
Peer-to-Peer (P2P) Distributed Storage 1Dennis Kafura – CS5204 – Operating Systems.

Peer-to-Peer (P2P) Distributed Storage 1Dennis Kafura – CS5204 – Operating Systems.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Technische Universität Yimei Liao Chemnitz Kurt Tutschku Vertretung - Professur Rechner- netze und verteilte Systeme Chord - A Distributed Hash Table Yimei.

Technische Universität Yimei Liao Chemnitz Kurt Tutschku Vertretung - Professur Rechner- netze und verteilte Systeme Chord - A Distributed Hash Table Yimei.
Technische Universität Chemnitz Kurt Tutschku Vertretung - Professur Rechner- netze und verteilte Systeme Chord - A Distributed Hash Table Yimei Liao.

Technische Universität Chemnitz Kurt Tutschku Vertretung - Professur Rechner- netze und verteilte Systeme Chord - A Distributed Hash Table Yimei Liao.
CHORD: A Peer-to-Peer Lookup Service CHORD: A Peer-to-Peer Lookup Service Ion StoicaRobert Morris David R. Karger M. Frans Kaashoek Hari Balakrishnan Presented.

CHORD: A Peer-to-Peer Lookup Service CHORD: A Peer-to-Peer Lookup Service Ion StoicaRobert Morris David R. Karger M. Frans Kaashoek Hari Balakrishnan Presented.
Chord: A scalable peer-to- peer lookup service for Internet applications Ion Stoica, Robert Morris, David Karger, M. Frans Kaashock, Hari Balakrishnan.

Chord: A scalable peer-to- peer lookup service for Internet applications Ion Stoica, Robert Morris, David Karger, M. Frans Kaashock, Hari Balakrishnan.
A Distributed and Oblivious Heap Christian Scheideler and Stefan Schmid Dept. of Computer Science University of Paderborn.

A Distributed and Oblivious Heap Christian Scheideler and Stefan Schmid Dept. of Computer Science University of Paderborn.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,

Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Peer to Peer File Sharing Huseyin Ozgur TAN. What is Peer-to-Peer?  Every node is designed to(but may not by user choice) provide some service that helps.

Peer to Peer File Sharing Huseyin Ozgur TAN. What is Peer-to-Peer?  Every node is designed to(but may not by user choice) provide some service that helps.
A DoS-Resilient Information System for Dynamic Data Management by Baumgart, M. and Scheideler, C. and Schmid, S. In SPAA 2009 Mahdi Asadpour

A DoS-Resilient Information System for Dynamic Data Management by Baumgart, M. and Scheideler, C. and Schmid, S. In SPAA 2009 Mahdi Asadpour
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Robust Mixing for Structured Overlay Networks Christian Scheideler Institut für Informatik Technische Universität München.

Robust Mixing for Structured Overlay Networks Christian Scheideler Institut für Informatik Technische Universität München.
Dynamic Hypercube Topology Stefan Schmid URAW 2005 Upper Rhine Algorithms Workshop University of Tübingen, Germany.

Dynamic Hypercube Topology Stefan Schmid URAW 2005 Upper Rhine Algorithms Workshop University of Tübingen, Germany.

Similar presentations

Ads by Google