Assessing data availability of Cassandra in the presence of non-accurate membership

Data Centers are evolving to adapt to emerging IT trends such as Big Data and Cloud Computing, which push for increased scalability and improved service availability. Among the side effects of this kind of evolution, the proliferation of new security breaches represents a major issue that usually does not get properly addressed since the focus tends to be kept on developing an innovative high-performance technology rather than making it secure. Consequently, new distributed applications deployed on Data Centers turn out to be vulnerable to malicious attacks. This paper analyzes the vulnerabilities of the gossip-based membership protocol used by Cassandra, a well-known distributed NoSQL Database. Cassandra is being widely employed as storage service in applications where very large data volumes have to be managed. An attack exploiting such weaknesses is presented, which impacts on Cassandra's availability by affecting both the latency and the successful outcome of requests. A lightweight solution is also proposed that prevents this threat from succeeding at the price of a negligible overhead.

[1]  Prashant Malik,et al.  Cassandra: structured storage system on a P2P network , 2009, PODC '09.

[2]  Roberto Baldoni,et al.  An Algorithm for Implementing BFT Registers in Distributed Systems with Bounded Churn , 2011, SSS.

[3]  Ehud Gudes,et al.  Security Issues in NoSQL Databases , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[4]  Miguel Correia,et al.  Highly Available Intrusion-Tolerant Services with Proactive-Reactive Recovery , 2010, IEEE Transactions on Parallel and Distributed Systems.

[5]  Gian Paolo Jesi,et al.  Secure peer sampling , 2010, Comput. Networks.

[6]  Idit Keidar,et al.  Brahms: byzantine resilient random membership sampling , 2008, PODC '08.

[7]  Roberto Baldoni,et al.  Practical Uniform Peer Sampling under Churn , 2010, 2010 Ninth International Symposium on Parallel and Distributed Computing.

[8]  Michael K. Reiter,et al.  Byzantine quorum systems , 1997, STOC '97.

[9]  Rida A. Bazzi Synchronous Byzantine quorum systems , 1997, PODC '97.

[10]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[11]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[12]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[13]  B SchneiderFred Implementing fault-tolerant services using the state machine approach: a tutorial , 1990 .