Strong accountability for network storage

This article presents the design, implementation, and evaluation of CATS, a network storage service with strong accountability properties. CATS offers a simple web services interface that allows clients to read and write opaque objects of variable size. This interface is similar to the one offered by existing commercial Internet storage services. CATS extends the functionality of commercial Internet storage services by offering support for strong accountability. A CATS server annotates read and write responses with evidence of correct execution, and offers audit and challenge interfaces that enable clients to verify that the server is faithful. A faulty server cannot conceal its misbehavior, and evidence of misbehavior is independently verifiable by any participant. CATS clients are also accountable for their actions on the service. A client cannot deny its actions, and the server can prove the impact of those actions on the state views it presented to other clients. Experiments with a CATS prototype evaluate the cost of accountability under a range of conditions and expose the primary factors influencing the level of assurance and the performance of a strongly accountable storage server. The results show that strong accountability is practical for network storage systems in settings with strong identity and modest degrees of write-sharing. We discuss how the accountability concepts and techniques used in CATS generalize to other classes of network services.

[1]  Jeffrey S. Chase,et al.  Trust but verify: accountability for network services , 2004, EW 11.

[2]  David Mazières,et al.  Fast and secure distributed read-only file system , 2000, TOCS.

[3]  Roberto Tamassia,et al.  On the Cost of Authenticated Data Structures , 2005 .

[4]  Robert E. Tarjan,et al.  Making Data Structures Persistent , 1989, J. Comput. Syst. Sci..

[5]  Michael Dahlin,et al.  BAR fault tolerance for cooperative services , 2005, SOSP '05.

[6]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[7]  Amin Vahdat,et al.  SHARP: an architecture for secure resource peering , 2003, SOSP '03.

[8]  David E. Culler,et al.  SEDA: An Architecture for Scalable, Well-Conditioned Internet Services , 2001 .

[9]  R. Bayer,et al.  Organization and maintenance of large ordered indices , 1970, SIGFIDET '70.

[10]  Josh Benaloh,et al.  One-Way Accumulators: A Decentralized Alternative to Digital Sinatures (Extended Abstract) , 1994, EUROCRYPT.

[11]  D. Richard Kuhn,et al.  Role-Based Access Controls , 2009, ArXiv.

[12]  Michael T. Goodrich,et al.  Persistent Authenticated Dictionaries and Their Applications , 2001, ISC.

[13]  Butler W. Lampson,et al.  31. Paper: Computer Security in the Real World Computer Security in the Real World , 2022 .

[14]  Moni Naor,et al.  Certificate revocation and certificate update , 1998, IEEE Journal on Selected Areas in Communications.

[15]  Dennis Shasha,et al.  Building secure file systems out of byzantine storage , 2002, PODC '02.

[16]  Bruce Schneier,et al.  Cryptographic Support for Secure Logs on Untrusted Machines , 1998, USENIX Security Symposium.

[17]  Marc Najork,et al.  Boxwood: Abstractions as the Foundation for Storage Infrastructure , 2004, OSDI.

[18]  Michael T. Goodrich,et al.  Implementation of an authenticated dictionary with skip lists and commutative hashing , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[19]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[20]  Sean W. Smith,et al.  Using a High-Performance, Programmable Secure Coprocessor , 1998, Financial Cryptography.

[21]  Miguel Castro,et al.  A Correctness Proof for a Practical Byzantine-Fault-Tolerant Replication Algorithm , 1999 .

[22]  Rudolf Bayer,et al.  Organization and maintenance of large ordered indexes , 1972, Acta Informatica.

[23]  Ross J. Anderson Why cryptosystems fail , 1993, CCS '93.

[24]  Mary Baker,et al.  Historic integrity in distributed systems , 2003 .

[25]  Paul Laskowski,et al.  Network monitors and contracting systems: competition and innovation , 2006, SIGCOMM 2006.

[26]  Peeter Laud,et al.  Accountable certificate management using undeniable attestations , 2000, CCS.

[27]  Ian T. Foster,et al.  A community authorization service for group collaboration , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[28]  S. B. Yao,et al.  Efficient locking for concurrent operations on B-trees , 1981, TODS.

[29]  Sean Quinlan,et al.  Venti: A New Approach to Archival Storage , 2002, FAST.

[30]  Mendel Rosenblum,et al.  The design and implementation of a log-structured file system , 1991, SOSP '91.

[31]  Jan Willemson,et al.  Time-Stamping with Binary Linking Schemes , 1998, CRYPTO.

[32]  Mary Baker,et al.  Enabling the Archival Storage of Signed Documents , 2002, FAST.

[33]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[34]  Mary Baker,et al.  Secure History Preservation Through Timeline Entanglement , 2002, USENIX Security Symposium.

[35]  Radek Vingralek,et al.  How to build a trusted database system on untrusted storage , 2000, OSDI.

[36]  Bruce Schneier,et al.  Secure audit logs to support computer forensics , 1999, TSEC.

[37]  Dennis Shasha,et al.  Secure Untrusted Data Repository (SUNDR) , 2004, OSDI.