SPORC: Group Collaboration using Untrusted Cloud Resources

Cloud-based services are an attractive deployment model for user-facing applications like word processing and calendaring. Unlike desktop applications, cloud services allow multiple users to edit shared state concurrently and in real-time, while being scalable, highly available, and globally accessible. Unfortunately, these benefits come at the cost of fully trusting cloud providers with potentially sensitive and important data. To overcome this strict tradeoff, we present SPORC, a generic framework for building a wide variety of collaborative applications with untrusted servers. In SPORC, a server observes only encrypted data and cannot deviate from correct execution without being detected. SPORC allows concurrent, low-latency editing of shared state, permits disconnected operation, and supports dynamic access control even in the presence of concurrency. We demonstrate SPORC's flexibility through two prototype applications: a causally-consistent key-value store and a browser-based collaborative text editor. Conceptually, SPORC illustrates the complementary benefits of operational transformation (OT) and fork* consistency. The former allows SPORC clients to execute concurrent operations without locking and to resolve any resulting conflicts automatically. The latter prevents a misbehaving server from equivocating about the order of operations unless it is willing to fork clients into disjoint sets. Notably, unlike previous systems, SPORC can automatically recover from such malicious forks by leveraging OT's conflict resolution mechanism.

[1]  Dennis Shasha,et al.  Secure Untrusted Data Repository (SUNDR) , 2004, OSDI.

[2]  Atul Prakash,et al.  A framework for undoing actions in collaborative systems , 1994, TCHI.

[3]  Alain Karsenty,et al.  An algorithm for distributed groupware applications , 1993, [1993] Proceedings. The 13th International Conference on Distributed Computing Systems.

[4]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[5]  Abhi Shelat,et al.  Efficient fork-linearizable access to untrusted shared memory , 2007, PODC '07.

[6]  Chengzheng Sun,et al.  Operational transformation for collaborative word processing , 2004, CSCW.

[7]  Mark Handley,et al.  Network text editor (NTE): A scalable shared text editor for the MBone , 1997, SIGCOMM '97.

[8]  David Mazières,et al.  Beyond One-Third Faulty Replicas in Byzantine Fault Tolerant Systems , 2007, NSDI.

[9]  Petr Kuznetsov,et al.  Zeno: Eventually Consistent Byzantine-Fault Tolerance , 2009, NSDI.

[10]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[11]  Jason Flinn,et al.  Tolerating Latency in Replicated State Machines Through Client Speculation , 2009, NSDI.

[12]  Ramakrishna Kotla,et al.  High throughput Byzantine fault tolerance , 2004, International Conference on Dependable Systems and Networks, 2004.

[13]  Dennis Shasha,et al.  Building secure file systems out of byzantine storage , 2002, PODC '02.

[14]  Michael K. Reiter,et al.  Fault-scalable Byzantine fault-tolerant services , 2005, SOSP '05.

[15]  Gene Tsudik,et al.  Secure spread: an integrated architecture for secure group communication , 2005, IEEE Transactions on Dependable and Secure Computing.

[16]  Idit Keidar,et al.  Fail-Aware Untrusted Storage , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[17]  André Schiper,et al.  Lightweight causal and atomic group multicast , 1991, TOCS.

[18]  Matthias Ressel,et al.  An integrating, transformation-oriented approach to concurrency control and undo in group editors , 1996, CSCW '96.

[19]  Michael K. Reiter,et al.  On Consistency of Encrypted Files , 2006, DISC.

[20]  Информатика Google Wave Federation Protocol , 2010 .

[21]  Leslie Lamport,et al.  Time, clocks, and the ordering of events in a distributed system , 1978, CACM.

[22]  Jacob R. Lorch,et al.  TrInc: Small Trusted Hardware for Large Distributed Systems , 2009, NSDI.

[23]  Idit Keidar,et al.  Venus: verification for untrusted cloud storage , 2010, CCSW '10.

[24]  Arun Venkataramani,et al.  Separating agreement from execution for byzantine fault tolerant services , 2003, SOSP '03.

[25]  Jean Ferrié,et al.  Serialization of concurrent operations in a distributed collaborative environment , 1997, GROUP.

[26]  Ben Adida,et al.  Helios: Web-based Open-Audit Voting , 2008, USENIX Security Symposium.

[27]  Yanchun Zhang,et al.  A generic operation transformation scheme for consistency maintenance in real-time cooperative editing systems , 1997, GROUP '97.

[28]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[29]  Michael Stonebraker,et al.  The Case for Shared Nothing , 1985, HPTS.

[30]  Michael Dixon,et al.  High-latency, low-bandwidth windowing in the Jupiter collaboration system , 1995, UIST '95.

[31]  Scott Shenker,et al.  Attested append-only memory: making adversaries stick to their word , 2007, SOSP.

[32]  Yanchun Zhang,et al.  Achieving convergence, causality preservation, and intention preservation in real-time cooperative editing systems , 1998, TCHI.

[33]  Clarence A. Ellis,et al.  Concurrency control in groupware systems , 1989, SIGMOD '89.

[34]  LamportLeslie Time, clocks, and the ordering of events in a distributed system , 1978 .

[35]  Chengzheng Sun,et al.  Operational transformation in real-time group editors: issues, algorithms, and achievements , 1998, CSCW '98.

[36]  Srinath T. V. Setty,et al.  Depot: Cloud Storage with Minimal Trust , 2010, TOCS.

[37]  Thomas D. Wu The Secure Remote Password Protocol , 1998, NDSS.

[38]  Marvin Theimer,et al.  Managing update conflicts in Bayou, a weakly connected replicated storage system , 1995, SOSP.

[39]  Michael K. Reiter,et al.  Byzantine quorum systems , 1997, STOC '97.