DistOS 2015W Session 6
Midterm
The midterm from last year is now available.
FARSITE
Farsite is a secure, scalable file system that logically functions as a centralized file server but is physically distributed among a set of untrusted computers. Farsite provides file availability and reliability through randomized replicated storage; it ensures the secrecy of file contents with cryptographic techniques; it maintains the integrity of file and directory data with a Byzantine-fault-tolerant protocol; it is designed to be scalable by using a distributed hint mechanism and delegation certificates for pathname translations; and it achieves good performance by locally caching file data, lazily propagating file updates, and varying the duration and granularity of content leases. We report on the design of Farsite and the lessons we have learned by implementing much of that design.
OCEAN STORE
“OceanStore: An Architecture for Global-Scale Persistent Storage” proposes an architecture for a global, durable, and highly available persistent storage network composed of untrusted servers. Data can migrate and replicate to where it is most needed, thereby having similar benefits to caching. For security, all stored data in encrypted. A type of routing mechanism is needed on top of IP to locate OceanStore data, and this is achieved by two methods: an attenuated Bloom filter (i.e. a vector of Bloom filters per node, where each element locates objects at a given graph distance) and, if the previous method fails, a highly redundant version of the Plaxton scheme. Various error-correcting schemes are also used. The network supports a type of introspection, in which the network can automatically tune itself to network conditions. In addition to providing local access to global data, the system is a guard against natural disasters and denial-of-service (DOS) attacks.
Group 1
Team: Kirill, Jamie, Alexis, Veena, Khaled, Hassan
| FARSITE | OceanStore | |
|---|---|---|
| Fault Tolerance | Used Byzantine Fault Tolerance Algorithm - Did not manage well | Used Byzantine Fault Tolerance Algorithm - Did not manage well |
| Cryptography | Trusted Certificates | A strong cryptographic algorithm on read-only operations |
| Implementation | Did not mention what programming they used, but it was based on Windows. They did not implement the file system | Implemented in Java |
| Scalability | Scalable to a University or large corporations, maximum 105 | Worldwide scalability, maximum 1010 |
| File Usage | Was designed for general purpose files | Was designed for small file sizes |
| Scope | All clients sharing the available resources | Transient centralized service |
| Object Model | Didn't use the object model | Used the object model |
Group 2
Team: Apoorv, Ambalica, Ashley, Eric, Mert, Shivjot
Farsite |
OceanStore |
Implemented Content Leases |
Update Model handled data consistency, no Leases |
Single tier, peer to peer model |
Two tier, server client model |
Scope of ten to the five |
Global Scope (ten to the ten) |
Cryptographic public, private key security |
Read and write privileges |
Randomized data replication |
Nomadic Data concept |
Group 3
Team: DANY, MOE, DEEP, SAMEER, TROY
FARSITE
Security • Cascading certificates system through directory hierarchy • Keys • Three types of certificates • CFS required to authorized certificate • Because directory groups only modify their shared state via a Byzantine-fault-tolerant protocol, we trust the group not to make
an incorrect update to directory metadata. This metadata includes an access control list (ACL) of public keys of all users
who are authorized writers to that directory and to files in it
• Both file content and user-sensitive metadata (meaning file and directory names) are encrypted for privacy.
System Architecture • Client Monitor, directory group, file host • When space runs out in directory group, delegate’s ownership to sub tree to other delegate group.
OCEANSTORE
Security • GUID and ACLs used for write, encryption used for reads. • To prevent unauthorized reads, it encrypts
all data in the system that is not completely public and distributes the encryption key to those users with read permission