1 / 31

Growing Secure Distributed Systems from a Spore

Growing Secure Distributed Systems from a Spore. Yunus Basagalar, Vassilios Lekakis and Pete Keleher University of Maryland, College Park. P roblem. Outsourcing data is trendy geographically r eplicated no downtime Inherently insecure implicit trust. Goal. Remove implicit trust

bart
Download Presentation

Growing Secure Distributed Systems from a Spore

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Growing Secure Distributed Systems from a Spore Yunus Basagalar, Vassilios Lekakis and Pete Keleher University of Maryland, College Park

  2. Problem • Outsourcing data is trendy • geographically replicated • no downtime • Inherently insecure • implicit trust

  3. Goal • Remove implicit trust • Minimize server functionality • Leverage wider range of resources as storage service • Less code  Less bugs • Use cryptographic techniques

  4. Spore overview Object X List of public keys allowed to modify Object X Symmetric key for Object X

  5. Assumptions • No higher-level functionality in the server side • put/get/list interface • Immutable objects • No trust assumption • except Spore object

  6. Everything starts with a single spore... Creates spore object /.v1

  7. Spore

  8. Object graph Bob's operations • mkdir /dir • create /dir/foo • edit /dir/foo • create /dir/bar /.v1

  9. mkdir /dir

  10. mkdir /dir • put (7b610f93, dir_obj)

  11. mkdir /dir Computed using a deterministic, fast, collision resistant function

  12. mkdir /dir • put (7b610f93, dir_obj) • put (2ca142a9, root_obj)

  13. Object graph Bob's operations • mkdir /dir • create /dir/foo • edit /dir/foo • create /dir/bar /.v1 /.v2 implicit edge: between versions of an object dir.v1 explicit edge: between parent object and its children, directory entries

  14. Object graph Bob's operations • mkdir /dir • create /dir/foo • edit /dir/foo • create /dir/bar /.v1 /.v2 dir.v1 dir.v2 foo.v1

  15. Object graph Bob's operations • mkdir /dir • create /dir/foo • edit /dir/foo • create /dir/bar /.v1 /.v2 dir.v1 dir.v2 foo.v1 foo.v2

  16. Object graph Bob's operations • mkdir /dir • create /dir/foo • edit /dir/foo • create /dir/bar /.v1 /.v2 dir.v1 dir.v2 dir.v3 foo.v1 foo.v2 bar.v1

  17. Sharing the Spore Alice's operations • read /dir/foo Bob shares the spore with Alice /.v1 /.v2 dir.v1 dir.v2 dir.v3 foo.v1 foo.v2 bar.v1

  18. Traversing the object graph Alice's operations • read /dir/foo /.v1 /.v2 dir.v1 dir.v2 dir.v3 foo.v1 foo.v2 bar.v1

  19. Traversing the object graph Alice's operations • read /dir/foo /.v1 /.v2 dir.v1 dir.v2 dir.v3 foo.v1 foo.v2 bar.v1

  20. Traversing the object graph Alice's operations • read /dir/foo Alice's operations • read /dir/foo /.v1 /.v2 dir.v1 dir.v2 dir.v3 foo.v1 foo.v2 bar.v1

  21. Spore overview

  22. Forming trust region by induction • In trust region • data confidentiality • authentication of updates • self-consistent objects Trust Region Trust Region

  23. Confidentiality Alice's operations • read /dir/foo /.v1 /.v2 dir.v1 dir.v2 dir.v3 foo.v1 foo.v2 bar.v1

  24. Grant read access to Alice /.v1 /.v2 dir.v1 dir.v2 dir.v3 foo.v1 foo.v2 Symmetric key for foo.v2 Alice’s public key • How: Include the key encrypted with Alice’s public key

  25. Authentication Alice's operations • edit /dir/bar Bob's operations • read /dir/bar /.v1 /.v2 dir.v1 dir.v2 dir.v3 foo.v1 foo.v2 bar.v1

  26. Authentication Alice's operations • edit /dir/bar Bob's operations • read /dir/bar /.v1 /.v2 dir.v1 dir.v2 dir.v3 foo.v1 foo.v2 bar.v1 bar.v2

  27. Authentication Alice's operations • edit /dir/bar Bob's operations • read /dir/bar /.v1 /.v2 dir.v1 dir.v2 dir.v3 Bob realizes Alice has no rights to modify bar foo.v1 foo.v2 bar.v1 bar.v2

  28. Grant write permission to Alice /.v1 /.v2 dir.v1 dir.v2 dir.v3 bar.v1 bar.v2: Alice’s public key • How: Include Alice’s public key as a writer for bar

  29. Self-consistent objects /.v1 /.v2 dir.v1 dir.v2 dir.v3 foo.v1 foo.v2 bar.v1 bar.v2.$HASH $HASH = H where H is a collision-resistant hash function bar.v2

  30. Spore overview Object X List of public keys allowed to modify Object X Symmetric key for Object X

  31. Conclusion • Growing a secure distributed system from a Spore • authenticated writes • confidentiality • self-consistent objects • minimal server-side functionality

More Related