Secure File Allocation and Caching in Large-scale Distributed Systems

Alessio Di Mauro, Alessandro Mei, Sushil Jajodia

2012

Abstract

In this paper, we present a file allocation and caching scheme that guarantees high assurance, availability, and load balancing in a large-scale distributed file system that can support dynamic updates of authorization policies. The scheme uses fragmentation and replication to store files with high security requirements in a system composed of a majority of low-security servers. We develop mechanisms to fragment files, to allocate them into multiple servers, and to cache them as close as possible to their readers while preserving the security requirement of the files, providing load-balancing, and reducing delay of read operations. The system offers a trade-off between performance and security that is dynamically tunable according to the current level of threat. We validate our mechanisms with extensive simulations in an Internet-like network.

References

  1. Adya, A., Bolosky, W. J., Castro, M., Cermak, G., Chaiken, R., Douceur, J. R., Howell, J., Lorch, J. R., Theimer, M., and Wattenhofer, R. P. (2002). Farsite: federated, available, and reliable storage for an incompletely trusted environment. SIGOPS Oper. Syst. Rev., 36.
  2. Berrou, C., Glavieux, A., and Thitimajshima, P. (1993). Near shannon limit error-correcting coding and decoding: Turbo-codes. In ICC 93 IEEE international conference on Communications, volume 2. IEEE.
  3. Byers, J. W., Luby, M., Mitzenmacher, M., and Rege, A. (1998). A digital fountain approach to reliable distribution of bulk data. In SIGCOMM 7898.
  4. Dabek, F., Kaashoek, M. F., Karger, D., Morris, R., and Stoica, I. (2001). Wide-area cooperative storage with cfs. In SOSP 7801.
  5. di Vimercati, S. D. C., Foresti, S., Jajodia, S., Paraboschi, S., and Samarati, P. (2007). Over-encryption: management of access control evolution on outsourced data. In VLDB 7807.
  6. Jin, C., Chen, Q., and Jamin, S. (2000). Inet: Internet topology generator. Technical Report UM-CSE-TR-433- 00, EECS, U. of Michigan.
  7. Kaune, S., Pussep, K., Leng, C., Kovacevic, A., Tyson, G., and Steinmetz, R. (2009). Modelling the internet delay space based on geographical locations. PDP.
  8. Kubiatowicz, J., Bindel, D., Chen, Y., Czerwinski, S., Eaton, P., Geels, D., Gummadi, R., Rhea, S., Weatherspoon, H., Weimer, W., Wells, C., and Zhao, B. (2000). Oceanstore: an architecture for global-scale persistent storage. SIGPLAN Not., 35(11).
  9. Lakshmanan, S., Ahamad, M., and Venkateswaran, H. (2003). Responsive security for stored data. IEEE Transactions on Parallel and Distributed Systems, 14.
  10. Mitzenmacher, M. (2001). The power of two choices in randomized load balancing. IEEE Trans. PDS, 12.
  11. Reed, I. S. and Solomon, G. (1960). Polynomial codes over certain finite fields. Journal of the Society for Industrial and Applied Mathematics, 8(2).
  12. Shamir, A. (1979). How to share a secret. Communications of the ACM, 22(11).
  13. Tu, M., Li, P., Yen, I.-L., Thuraisingham, B. M., and Khan, L. (2010). Secure data objects replication in data grid. IEEE Trans. Dependable Secur. Comput., 7(1).
  14. Wilcox-O'Hearn, Z. and Warner, B. (2008). Tahoe: the least-authority filesystem. In Proc. of the 4th ACM international workshop on Storage security and survivability, StorageSS 7808.
  15. Winick, J. and Jamin, S. (2002). Inet-3.0: Internet topology generator. Technical Report UM-CSE-TR-456- 02, EECS, U. of Michigan.
  16. Wylie, J. J., Bigrigg, M. W., Strunk, J. D., Ganger, G. R., Kilic¸c¸ öte, H., and Khosla, P. K. (2000). Survivable information storage systems. Computer, 33.
  17. Xiao, L., Ye, Y., Yen, I.-L., and Bastani, F. (2010). Evaluation and comparisons of dependable distributed storage designs for clouds. High-Assurance Systems Engineering, IEEE International Symposium on, 0.
  18. Ye, Y., Xiao, L., Yen, I.-L., and Bastani, F. (2010). Cloud storage design based on hybrid of replication and data partitionnig. ICPADS.
Download


Paper Citation


in Harvard Style

Di Mauro A., Mei A. and Jajodia S. (2012). Secure File Allocation and Caching in Large-scale Distributed Systems . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012) ISBN 978-989-8565-24-2, pages 182-191. DOI: 10.5220/0004074201820191


in Bibtex Style

@conference{secrypt12,
author={Alessio Di Mauro and Alessandro Mei and Sushil Jajodia},
title={Secure File Allocation and Caching in Large-scale Distributed Systems},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)},
year={2012},
pages={182-191},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004074201820191},
isbn={978-989-8565-24-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)
TI - Secure File Allocation and Caching in Large-scale Distributed Systems
SN - 978-989-8565-24-2
AU - Di Mauro A.
AU - Mei A.
AU - Jajodia S.
PY - 2012
SP - 182
EP - 191
DO - 10.5220/0004074201820191