Growing Secure Distributed Systems from a Spore - PowerPoint PPT Presentation

bart
growing secure distributed systems from a spore n.
Skip this Video
Loading SlideShow in 5 Seconds..
Growing Secure Distributed Systems from a Spore PowerPoint Presentation
Download Presentation
Growing Secure Distributed Systems from a Spore

play fullscreen
1 / 31
Download Presentation
Growing Secure Distributed Systems from a Spore
131 Views
Download Presentation

Growing Secure Distributed Systems from a Spore

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Growing Secure Distributed Systems from a Spore Yunus Basagalar, Vassilios Lekakis and Pete Keleher University of Maryland, College Park

  2. Problem • Outsourcing data is trendy • geographically replicated • no downtime • Inherently insecure • implicit trust

  3. Goal • Remove implicit trust • Minimize server functionality • Leverage wider range of resources as storage service • Less code  Less bugs • Use cryptographic techniques

  4. Spore overview Object X List of public keys allowed to modify Object X Symmetric key for Object X

  5. Assumptions • No higher-level functionality in the server side • put/get/list interface • Immutable objects • No trust assumption • except Spore object

  6. Everything starts with a single spore... Creates spore object /.v1

  7. Spore

  8. Object graph Bob's operations • mkdir /dir • create /dir/foo • edit /dir/foo • create /dir/bar /.v1

  9. mkdir /dir

  10. mkdir /dir • put (7b610f93, dir_obj)

  11. mkdir /dir Computed using a deterministic, fast, collision resistant function

  12. mkdir /dir • put (7b610f93, dir_obj) • put (2ca142a9, root_obj)

  13. Object graph Bob's operations • mkdir /dir • create /dir/foo • edit /dir/foo • create /dir/bar /.v1 /.v2 implicit edge: between versions of an object dir.v1 explicit edge: between parent object and its children, directory entries

  14. Object graph Bob's operations • mkdir /dir • create /dir/foo • edit /dir/foo • create /dir/bar /.v1 /.v2 dir.v1 dir.v2 foo.v1

  15. Object graph Bob's operations • mkdir /dir • create /dir/foo • edit /dir/foo • create /dir/bar /.v1 /.v2 dir.v1 dir.v2 foo.v1 foo.v2

  16. Object graph Bob's operations • mkdir /dir • create /dir/foo • edit /dir/foo • create /dir/bar /.v1 /.v2 dir.v1 dir.v2 dir.v3 foo.v1 foo.v2 bar.v1

  17. Sharing the Spore Alice's operations • read /dir/foo Bob shares the spore with Alice /.v1 /.v2 dir.v1 dir.v2 dir.v3 foo.v1 foo.v2 bar.v1

  18. Traversing the object graph Alice's operations • read /dir/foo /.v1 /.v2 dir.v1 dir.v2 dir.v3 foo.v1 foo.v2 bar.v1

  19. Traversing the object graph Alice's operations • read /dir/foo /.v1 /.v2 dir.v1 dir.v2 dir.v3 foo.v1 foo.v2 bar.v1

  20. Traversing the object graph Alice's operations • read /dir/foo Alice's operations • read /dir/foo /.v1 /.v2 dir.v1 dir.v2 dir.v3 foo.v1 foo.v2 bar.v1

  21. Spore overview

  22. Forming trust region by induction • In trust region • data confidentiality • authentication of updates • self-consistent objects Trust Region Trust Region

  23. Confidentiality Alice's operations • read /dir/foo /.v1 /.v2 dir.v1 dir.v2 dir.v3 foo.v1 foo.v2 bar.v1

  24. Grant read access to Alice /.v1 /.v2 dir.v1 dir.v2 dir.v3 foo.v1 foo.v2 Symmetric key for foo.v2 Alice’s public key • How: Include the key encrypted with Alice’s public key

  25. Authentication Alice's operations • edit /dir/bar Bob's operations • read /dir/bar /.v1 /.v2 dir.v1 dir.v2 dir.v3 foo.v1 foo.v2 bar.v1

  26. Authentication Alice's operations • edit /dir/bar Bob's operations • read /dir/bar /.v1 /.v2 dir.v1 dir.v2 dir.v3 foo.v1 foo.v2 bar.v1 bar.v2

  27. Authentication Alice's operations • edit /dir/bar Bob's operations • read /dir/bar /.v1 /.v2 dir.v1 dir.v2 dir.v3 Bob realizes Alice has no rights to modify bar foo.v1 foo.v2 bar.v1 bar.v2

  28. Grant write permission to Alice /.v1 /.v2 dir.v1 dir.v2 dir.v3 bar.v1 bar.v2: Alice’s public key • How: Include Alice’s public key as a writer for bar

  29. Self-consistent objects /.v1 /.v2 dir.v1 dir.v2 dir.v3 foo.v1 foo.v2 bar.v1 bar.v2.$HASH $HASH = H where H is a collision-resistant hash function bar.v2

  30. Spore overview Object X List of public keys allowed to modify Object X Symmetric key for Object X

  31. Conclusion • Growing a secure distributed system from a Spore • authenticated writes • confidentiality • self-consistent objects • minimal server-side functionality