DistOS 2015W Session 6

From Soma-notes


Midterm

The midterm from last year is now available.

FARSITE

Farsite is a secure, scalable file system that logically functions as a centralized file server but is physically distributed among a set of untrusted computers. Farsite provides file availability and reliability through randomized replicated storage; it ensures the secrecy of file contents with cryptographic techniques; it maintains the integrity of file and directory data with a Byzantine-fault-tolerant protocol; it is designed to be scalable by using a distributed hint mechanism and delegation certificates for pathname translations; and it achieves good performance by locally caching file data, lazily propagating file updates, and varying the duration and granularity of content leases. We report on the design of Farsite and the lessons we have learned by implementing much of that design.

[1]

OCEAN STORE

  “OceanStore: An Architecture for Global-Scale Persistent Storage” proposes an architecture for a global, durable, and highly available persistent storage network composed of untrusted servers.  Data can migrate and replicate to where it is most needed, thereby having similar benefits to caching.  For security, all stored data in encrypted.  A type of routing mechanism is needed on top of IP to locate OceanStore data, and this is achieved by two methods: an attenuated Bloom filter (i.e. a vector of Bloom filters per node, where each element locates objects at a given graph distance) and, if the previous method fails, a highly redundant version of the Plaxton scheme. Various error-correcting schemes are also used.  The network supports a type of introspection, in which the network can automatically tune itself to network conditions.  In addition to providing local access to global data, the system is a guard against natural disasters and denial-of-service (DOS) attacks.

[2]

Group 1

Team: Kirill, Jamie, Alexis, Veena, Khaled, Hassan

FARSITE OceanStore
Fault Tolerance Used Byzantine Fault Tolerance Algorithm - Did not manage well Used Byzantine Fault Tolerance Algorithm - Did not manage well
Cryptography Trusted Certificates A strong cryptographic algorithm on read-only operations
Implementation Did not mention what programming they used, but it was based on Windows. They did not implement the file system Implemented in Java
Scalability Scalable to a University or large corporations, maximum 105 Worldwide scalability, maximum 1010
File Usage Was designed for general purpose files Was designed for small file sizes
Scope All clients sharing the available resources Transient centralized service
Object Model Didn't use the object model Used the object model

Group 2

Team: Apoorv, Ambalica, Ashley, Eric, Mert, Shivjot

Farsite

OceanStore

Implemented Content Leases

Update Model handled data consistency, no Leases

Single tier, peer to peer model

Two tier, server client model

Scope of ten to the five

Global Scope (ten to the ten)

Cryptographic public, private key security

Read and write privileges

Randomized data replication

Nomadic Data concept

Group 3

Team: DANY, MOE, DEEP, SAMEER, TROY



FARSITE

Security • Cascading certificates system through directory hierarchy • Keys • Three types of certificates • CFS required to authorized certificate • Because directory groups only modify their shared state via a Byzantine-fault-tolerant protocol, we trust the group not to make

       an incorrect update to directory metadata. This metadata includes an access control list (ACL) of public keys of all users
       who are authorized writers to that directory and to files in it

• Both file content and user-sensitive metadata (meaning file and directory names) are encrypted for privacy.

System Architecture • Client Monitor, directory group, file host • When space runs out in directory group, delegate’s ownership to sub tree to other delegate group.



OCEANSTORE

Security • GUID and ACLs used for write, encryption used for reads. • To prevent unauthorized reads, it encrypts

       all data in the system that is not completely public and distributes the encryption key to those users with read permission