Security vs performance: tradeoffs using a trust framework

We present an architecture of a trust framework that can be used to intelligently tradeoff between security and performance in a SAN file system. The primary idea is to differentiate between various clients in the system based on their trustworthiness and provide them with differing levels of security and performance. Client trustworthiness reflects its expected behavior and is evaluated in an online fashion using a customizable trust model. We also describe the interface of the trust framework with an example block level security solution for an out-of-band virtualization based SAN file system (SAN FS). The proposed framework can be easily extended to provide differential treatment based on data sensitivity, using a configurable parameter of the trust model. This allows associating stringent security requirements for more sensitive data, while trading off security for better performance for less critical data, a situation regularly desired in an enterprise.

[1]  Stephen Hailes,et al.  Supporting trust in virtual communities , 2000, Proceedings of the 33rd Annual Hawaii International Conference on System Sciences.

[2]  Ling Liu,et al.  TrustMe: anonymous management of trust relationships in decentralized P2P systems , 2003, Proceedings Third International Conference on Peer-to-Peer Computing (P2P2003).

[3]  Robert M. Rees,et al.  IBM Storage Tank - A heterogeneous scalable SAN file system , 2003, IBM Syst. J..

[4]  Noam Rinetzky,et al.  Towards an object store , 2003, 20th IEEE/11th NASA Goddard Conference on Mass Storage Systems and Technologies, 2003. (MSST 2003). Proceedings..

[5]  Howard Gobioff,et al.  Security for Network Attached Storage Devices , 1997 .

[6]  Hector Garcia-Molina,et al.  The Eigentrust algorithm for reputation management in P2P networks , 2003, WWW '03.

[7]  Shanyu Zhao,et al.  Result Verification and Trust-based Scheduling in Open Peer-to-Peer Cycle Sharing Systems , 2004 .

[8]  Jim Zelenka,et al.  A cost-effective, high-bandwidth storage architecture , 1998, ASPLOS VIII.

[9]  Randal C. Burns,et al.  Authenticating Network-Attached Storage , 2000, IEEE Micro.

[10]  Ling Liu,et al.  A reputation-based trust model for peer-to-peer e-commerce communities , 2003, EEE International Conference on E-Commerce, 2003. CEC 2003..

[11]  Michael Burrows,et al.  Proceedings of Fast '03: 2nd Usenix Conference on File and Storage Technologies 2nd Usenix Conference on File and Storage Technologies Block-level Security for Network-attached Disks , 2022 .

[12]  Karl Aberer,et al.  Managing trust in a peer-2-peer information system , 2001, CIKM '01.

[13]  Darrell D. E. Long,et al.  Strong Security for Network-Attached Storage , 2002, FAST.

[14]  Ling Liu,et al.  A reputation-based trust model for peer-to-peer ecommerce communities , 2003, EC.

[15]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.