学位论文详细信息
Efficient Proactive Security for Sensitive Data Storage
Proactive security;Secret sharing;Grid sharing;Mobile adversary;Byzantine fault tolerance;Quorum systems
Subbiah, Arun ; Electrical and Computer Engineering
University:Georgia Institute of Technology
Department:Electrical and Computer Engineering
关键词: Proactive security;    Secret sharing;    Grid sharing;    Mobile adversary;    Byzantine fault tolerance;    Quorum systems;   
Others  :  https://smartech.gatech.edu/bitstream/1853/19719/1/subbiah_arun_200712_phd.pdf
美国|英语
来源: SMARTech Repository
PDF
【 摘 要 】

Fault tolerant and secure distributed data storage systems typically require that only up to a threshold of storage nodes can ever be compromised or fail. In proactively-secure systems, thisrequirement is modified to hold only in a time interval (also called epoch), resulting in increased security. An attacker or adversarycould compromise distinct sets of nodes in any two time intervals. This attack model is also called the mobile adversary model. Proactively-secure systems require all nodes to "refresh" themselves periodically to a clean state to maintain the availability, integrity, and confidentiality properties of the data storage service.This dissertation investigates the design of a proactively-secure distributed data storage system. Data can be stored at storage servers using encoding schemes called secret sharing, or encryption-with-replication. The primary challenge is that the protocols that the servers run periodically to maintain integrity and confidentiality must scale with large amounts of stored data. Determining how much data can be proactively-secured in practical settings is an important objective of this dissertation.The protocol for maintain the confidentiality of stored data is developed in the context of data storage using secret sharing. We propose a new technique called the GridSharing framework that uses a combination of XOR secret sharing and replication for storing data efficiently. We experimentally show that the algorithm can secure several hundred GBs of data. We give distributed protocols run periodically by the servers for maintaining the integrity of replicated data under the mobile adversary model. This protocol is integrated into a document repository to make it proactively-secure. The proactively-secure document repository is implemented and evaluated on the Emulab cluster (http://www.emulab.net). The experimental evaluation shows that several 100 GBs of datacan be proactively-secured.This dissertation also includes work on fault and intrusion detection - a necessary component in any secure system. We give a novel Byzantine-fault detection algorithm for quorum systems, and experimentally evaluate its performance using simulations and by deploying it in the AgileFS distributed file system.

【 预 览 】
附件列表
Files Size Format View
Efficient Proactive Security for Sensitive Data Storage 849KB PDF download
  文献评价指标  
  下载次数:10次 浏览次数:8次