Secure File Allocation and Caching in Large-scale Distributed Systems

In this paper, we present a file allocation and caching scheme that guarantees high assurance, availability, and load balancing in a large-scale distributed file system that can support dynamic updates of authorization policies. The scheme uses fragmentation and replication to store files with high security requirements in a system composed of a majority of low-security servers. We develop mechanisms to fragment files, to allocate them into multiple servers, and to cache them as close as possible to their readers while preserving the security requirement of the files, providing load-balancing, and reducing delay of read operations. The system offers a trade-off between performance and security that is dynamically tunable according to the current level of threat. We validate our mechanisms with extensive simulations in an Internet-like network.

[1]  Jacob R. Lorch,et al.  Farsite: federated, available, and reliable storage for an incompletely trusted environment , 2002, OSDI '02.

[2]  David R. Karger,et al.  Wide-area cooperative storage with CFS , 2001, SOSP.

[3]  Ben Y. Zhao,et al.  OceanStore: an architecture for global-scale persistent storage , 2000, SIGP.

[4]  Michael Mitzenmacher,et al.  The Power of Two Choices in Randomized Load Balancing , 2001, IEEE Trans. Parallel Distributed Syst..

[5]  Bhavani M. Thuraisingham,et al.  Secure Data Objects Replication in Data Grid , 2010, IEEE Transactions on Dependable and Secure Computing.

[6]  Pradeep K. Khosla,et al.  Survivable Information Storage Systems , 2000, Computer.

[7]  Sushil Jajodia,et al.  Over-encryption: Management of Access Control Evolution on Outsourced Data , 2007, VLDB.

[8]  Ralf Steinmetz,et al.  Modelling the Internet Delay Space Based on Geographical Locations , 2009, 2009 17th Euromicro International Conference on Parallel, Distributed and Network-based Processing.

[9]  A. Glavieux,et al.  Near Shannon limit error-correcting coding and decoding: Turbo-codes. 1 , 1993, Proceedings of ICC '93 - IEEE International Conference on Communications.

[10]  Michael Luby,et al.  A digital fountain approach to reliable distribution of bulk data , 1998, SIGCOMM '98.

[11]  Farokh B. Bastani,et al.  Cloud Storage Design Based on Hybrid of Replication and Data Partitioning , 2010, 2010 IEEE 16th International Conference on Parallel and Distributed Systems.

[12]  Sugih Jamin,et al.  Inet: Internet Topology Generator , 2000 .

[13]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[14]  Sugih Jamin,et al.  Inet-3.0: Internet Topology Generator , 2002 .

[15]  H. Venkateswaran,et al.  Responsive Security for Stored Data , 2003, IEEE Trans. Parallel Distributed Syst..

[16]  Brian Warner,et al.  Tahoe: the least-authority filesystem , 2008, StorageSS '08.

[17]  Farokh B. Bastani,et al.  Evaluation and Comparisons of Dependable Distributed Storage Designs for Clouds , 2010, 2010 IEEE 12th International Symposium on High Assurance Systems Engineering.