effective and efficient compromise recovery for weakly
play

Effective and Efficient Compromise Recovery for Weakly Consistent - PowerPoint PPT Presentation

Dec 05, 2022 •472 likes •1.34k views

Effective and Efficient Compromise Recovery for Weakly Consistent Replication Prince Mahajan (UT Austin), Ramakrishna Kotla, Cathy Marshall, Venugopalan Rama Ramasubramanian, Tom Rodeheffer, Doug Terry, Ted Wobber (Microsoft Research

  1. Effective and Efficient Compromise Recovery for Weakly Consistent Replication Prince Mahajan (UT Austin), Ramakrishna Kotla, Cathy Marshall, Venugopalan “Rama” Ramasubramanian, Tom Rodeheffer, Doug Terry, Ted Wobber (Microsoft Research Silicon Valley)

  2. Scenario Sam

  3. Scenario Sam

  4. Scenario Alex

  5. Scenario Alex

  6. Scenario Alex Corrupted “contact”

  7. Scenario Alex Corrupted “contact”

  8. Scenario Alex Corrupted “contact” Workgroup

  9. Scenario Sam Corrupted “contact” Workgroup

  10. Scenario Corrupted “contact” Workgroup

  11. Scenario Corrupted “contact” Workgroup In replicated systems, even inappropriate updates propagate automatically.

  12. Another Scenario Chicago San Francisco customers customers L. A. customers

  13. Another Scenario Chicago San Francisco customers customers L. A. customers

  14. Another Scenario Chicago San Francisco customers customers L. A. customers

  15. Another Scenario Chicago San Francisco customers customers L. A. customers

  16. Our Contributions Polygraph: A framework that • Extends weakly consistent replication • Removes corrupted updates • Recovers uncorrupted updates • While being Effective: Retain most uncorrupted updates Efficient: Incur less bandwidth cost

  17. Outline • Motivation • System Model • Backup-based approach • Polygraph: Effective and Efficient Recovery • Results • Conclusion

  18. System Model

  19. System Model • Replicas can independently update items • Each update produces a new version of item • New versions propagate asynchronously

  20. System Model • Replicas can independently update items • Each update produces a new version of item • New versions propagate asynchronously • Replicas retain the most recent version • Archive replica logs all received versions

  21. Example System Replica A updates stored versions Archive Log updates updates Replica C Replica B

  22. Update Timeline wall clock time 1 2 3 4 5 6 7 8 l i k A A1 A2 A3 A4 j replica B B2 B1 B3 B4 B5 C C4 C1 C3 C2 A, B, C replicas i j k l items versions A1, A2,...,C4 influence

  23. Update Timeline wall clock time 1 2 3 4 5 6 7 8 l i k A A1 A2 A3 A4 j replica B B2 B1 B3 B4 B5 C C4 C1 C3 C2 A, B, C replicas i j k l items versions A1, A2,...,C4 influence

  24. Threat Model • Compromises can result from malice or misuse • Corrupted versions Versions injected by compromised replicas Versions influenced by corrupted versions • An external agent detects and reports compromises after the fact • Archive and replication layer is not compromised

  25. Update Timeline wall clock time 1 2 3 4 5 6 7 8 l i k A A1 A2 A3 A4 j replica B B2 B1 B3 B4 B5 C C4 C1 C3 C2 A, B, C replicas i j k l items versions A1, A2,...,C4 influence

  26. Update Timeline (with compromise) wall clock time 1 2 3 4 5 6 7 8 l i k A A1 A2 A3 A4 j replica B B2 B1 B3 B4 B5 C C4 C1 C3 C2 innocent version i j k l items corrupt version A, B, C replicas versions compromise A1, A2,...,C4 compromise notification influence

  27. Update Timeline (after recovery) wall clock time 1 2 3 4 5 6 7 8 l i k A A1 A2 A3 A4 j replica B B2 B1 B3 C C1 C3 C2 innocent version i j k l items corrupt version A, B, C replicas versions compromise A1, A2,...,C4 compromise notification influence

  28. Backup-based Approach Backup Replica A updates stored versions Checkpoints updates updates Replica C Replica B Innocent version Corrupt version Checkpoint

  29. Backup-based Approach Backup Replica A updates stored versions Checkpoints updates updates Replica C Replica B Innocent version Corrupt version Checkpoint

  30. Backup-based Approach Backup Replica A updates stored versions Checkpoints updates updates Replica C Replica B Innocent version Corrupt version Checkpoint

  31. Backup-based Approach Backup Replica A Compromise updates notification: stored versions B compromised at time t Checkpoints updates updates Replica C Replica B Innocent version Corrupt version Checkpoint

  32. Backup-based Approach Backup Replica A Compromise updates notification: stored versions B compromised at time t Checkpoints updates updates Replica C Replica B Innocent version Corrupt version Checkpoint

  33. Backup-based Approach Backup Replica A Compromise updates notification: stored versions B compromised at time t Checkpoints updates updates Replica C Replica B Innocent version Corrupt version Checkpoint

  34. Backup-based Approach Backup Replica A Compromise updates notification: stored versions B compromised at time t Checkpoints updates updates Replica C Replica B Innocent version Corrupt version Checkpoint

  35. Backup-based Approach Backup Replica A Compromise updates notification: stored versions B compromised at time t Checkpoints updates updates Replica C Replica B Innocent version Corrupt version Checkpoint

  36. Backup-based Approach Backup Replica A Compromise updates notification: stored versions B compromised at time t Checkpoints updates updates Replica C Replica B Innocent version Corrupt version Checkpoint

  37. Drawbacks of Backup-based Approach • Inefficient: Re-propagation from backup to replicas • Ineffective: Updates subsequent to checkpoint are lost compromise notification 1 2 3 4 5 6 7 8 l i k A A1 A2 A3 A4 j replica B B2 B1 B3 B4 B5 C C1 C4 C3 C2

  38. Polygraph: Key Ideas

  39. Polygraph: Key Ideas • Innocent version identification Effectiveness: innocent versions created post- compromise are recovered

  40. Polygraph: Key Ideas • Innocent version identification Effectiveness: innocent versions created post- compromise are recovered • Replica-local retention

  41. Polygraph: Key Ideas • Innocent version identification Effectiveness: innocent versions created post- compromise are recovered • Replica-local retention Replicas retain innocent versions

  42. Polygraph: Key Ideas • Innocent version identification Effectiveness: innocent versions created post- compromise are recovered • Replica-local retention Replicas retain innocent versions Effectiveness: newer versions recovered

  43. Polygraph: Key Ideas • Innocent version identification Effectiveness: innocent versions created post- compromise are recovered • Replica-local retention Replicas retain innocent versions Effectiveness: newer versions recovered Efficiency: retained versions save bandwidth

  44. Innocent Versions Version is innocent if it is Generated before compromise, or Not influenced by any corrupt version from the compromised replica

  45. Is a version generated before compromise? Update A1 B1 A2 B2 B3 A4 C3 B4 C1 Archive Log

  46. Is a version generated before compromise? wall clock time 1 2 3 4 5 6 7 8 Update A1 B1 A2 B2 B3 A4 C3 B4 C1 A3 Archive Log

  47. Is a version generated before compromise? compromise notification wall clock time 1 2 3 4 5 6 7 8 Update A1 B1 A2 B2 B3 A4 C3 B4 C1 A3 Archive Log

  48. Is a version generated before compromise? compromise notification wall clock time 1 2 3 4 5 6 7 8 Update A1 B1 A2 B2 B3 A4 C3 B4 C1 A3 Archive Log versions generated prior to compromise

  49. Is a version generated before compromise? compromise notification wall clock time 1 2 3 4 5 6 7 8 Update A1 B1 A2 B2 B3 A4 C3 B4 C1 A3 Archive Log versions generated prior to compromise precompromise cut Precompromise cut summarizes versions archived prior to compromise

  50. Is a version v influenced by any corrupt version from the compromised replica?

  51. Is a version v influenced by any corrupt version from the compromised replica? • Sufficient to check: is the most recent version from the compromised replica that influenced v is corrupt?

  52. Is a version v influenced by any corrupt version from the compromised replica? • Sufficient to check: is the most recent version from the compromised replica that influenced v is corrupt? • Each version has a taint vector • Taint vector of a version v tracks the most recent version from each replica that has influenced v

  53. Is a version v influenced by any corrupt version from the compromised replica? • Sufficient to check: is the most recent version from the compromised replica that influenced v is corrupt? • Each version has a taint vector • Taint vector of a version v tracks the most recent version from each replica that has influenced v B2 A1 C2 C3 Taint vector A1 A1 A1 A1 B2 B2 B2 C3 C2

  54. Is a version v influenced by any corrupt version from the compromised replica? • Sufficient to check: is the most recent version from the compromised replica that influenced v is corrupt? • Each version has a taint vector • Taint vector of a version v tracks the most recent version from each replica that has influenced v B2 A1 C2 C3 Taint vector A1 A1 A1 A1 B2 B2 B2 C3 C2 A version v is innocent if the influencing version from the compromised replica in v ’s taint vector is innocent

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Ejector Technology for Efficient and Cost Effective Flare Gas Recovery GPA-GCC 24th Annual

Ejector Technology for Efficient and Cost Effective Flare Gas Recovery GPA-GCC 24th Annual

Ejector Technology for Efficient and Cost Effective Flare Gas Recovery GPA-GCC 24th Annual Technical Conference, Kuwait City, Kuwait, May 10-11, 2016 Trevor Leagas Flare Gas Recovery Manager Europe and Middle East Region Zeeco, Inc 2009

941 views • 67 slides
Analysis of low-energy scattering and weakly-bound states through effective-range functions.

Analysis of low-energy scattering and weakly-bound states through effective-range functions.

Analysis of low-energy scattering and weakly-bound states through effective-range functions. Application to 12 C+ . arez 1 Jean-Marc Sparenberg, Oscar Leonardo Ram rez Su Nuclear Physics and Quantum Physics, Universit e libre de

727 views • 29 slides
KEYS TO EFFECTIVE GRANT ADMINISTRATION CDBG Disaster Recovery 4 Keys to Effective Grant

KEYS TO EFFECTIVE GRANT ADMINISTRATION CDBG Disaster Recovery 4 Keys to Effective Grant

CDBG Disaster Recovery KEYS TO EFFECTIVE GRANT ADMINISTRATION CDBG Disaster Recovery 4 Keys to Effective Grant Administration Assessing Capacity (including your partners capacity) Procurement Monitoring Financial Controls

405 views • 19 slides
Intrusion Recovery using Selective Re-execution Taesoo Kim, Xi Wang, Nickolai Zeldovich , M.

Intrusion Recovery using Selective Re-execution Taesoo Kim, Xi Wang, Nickolai Zeldovich , M.

Intrusion Recovery using Selective Re-execution Taesoo Kim, Xi Wang, Nickolai Zeldovich , M. Frans Kaashoek MIT CSAIL Attackers routinely compromise system integrity Attackers routinely compromise system integrity Attackers routinely

1.23k views • 74 slides
efficient and cost effective utilization of electrical power in accelerator based research

efficient and cost effective utilization of electrical power in accelerator based research

EnEfficient sustainable and energy efficient technologies M.Seidel, PSI network related to: efficient and cost effective utilization of electrical power in accelerator based research facilities EuCARD-2 is co-funded by the partners and the

338 views • 15 slides
Tripwire Inferring Internet Site Compromise Joe DeBlasio Stefan Savage UC San Diego Geoffrey

Tripwire Inferring Internet Site Compromise Joe DeBlasio Stefan Savage UC San Diego Geoffrey

Tripwire Inferring Internet Site Compromise Joe DeBlasio Stefan Savage UC San Diego Geoffrey M. Voelker Alex C. Snoeren On account compromise Compromise of email/social network/etc is devastating Personal/professional reputational, financial

798 views • 49 slides
First of a kind commercial Compact system for the efficient Recovery Of CObalt Designed with

First of a kind commercial Compact system for the efficient Recovery Of CObalt Designed with

First of a kind commercial Compact system for the efficient Recovery Of CObalt Designed with novel Integrated LEading technologies This project has received funding from the European General presentation Union's EU Framework Programme for

594 views • 17 slides
First of a kind commercial Compact system for the efficient Recovery Of CObalt Designed with

First of a kind commercial Compact system for the efficient Recovery Of CObalt Designed with

First of a kind commercial Compact system for the efficient Recovery Of CObalt Designed with novel Integrated LEading technologies The CROCODILE project has received funding from the European Union's EU Framework Programme for Research and

469 views • 18 slides
First of a kind commercial Compact system for the efficient Recovery Of CObalt Designed with

First of a kind commercial Compact system for the efficient Recovery Of CObalt Designed with

First of a kind commercial Compact system for the efficient Recovery Of CObalt Designed with novel Integrated LEading technologies This project has received funding from the European General presentation Union's EU Framework Programme for

264 views • 10 slides
Digital Media is it.. ..Economic? ..Efficient? 1 1 Is it Efficient? Can it deliver large

Digital Media is it.. ..Economic? ..Efficient? 1 1 Is it Efficient? Can it deliver large

..Effective? Digital Media is it.. ..Economic? ..Efficient? 1 1 Is it Efficient? Can it deliver large audiences? Does it make the investment work hard? 2 Huge number of intermediaries makes programmatic expensive or inefficient 3

680 views • 40 slides
Towards a more effective and efficient use of psychotropic drugs in nursing homes: a quality

Towards a more effective and efficient use of psychotropic drugs in nursing homes: a quality

Towards a more effective and efficient use of psychotropic drugs in nursing homes: a quality improving project in Belgium Mir irko Petr trovic Department of Geriatrics Ghent University CONFLICT OF IN INTEREST DIS ISCLOSURE I have no

584 views • 34 slides
The need for effective, efficient and robust communications is critical. Data is at the essence

The need for effective, efficient and robust communications is critical. Data is at the essence

The need for effective, efficient and robust communications is critical. Data is at the essence of what we do collection, evaluation, sharing these are all core to decision making whether it is part of the bridge team, the ashore side

352 views • 14 slides
IRS & FTB Offers in Compromise December 12, 2012 Thank you for attending this seminar. Your

IRS & FTB Offers in Compromise December 12, 2012 Thank you for attending this seminar. Your

IRS & FTB Offers in Compromise December 12, 2012 Thank you for attending this seminar. Your work on behalf of ALRP clients can reduce, or eliminate, the financial burdens that result from having tax problems. FEDERAL OFFERS IN COMPROMISE

403 views • 8 slides
Weakly Supervised Classification Weakly Supervised Classification and Robust Learning and Robust

Weakly Supervised Classification Weakly Supervised Classification and Robust Learning and Robust

IIT-H and RIKEN-AIP Joint Workshop on March 15, 2019 Machine Learning and Applications, Hyderabad, India Weakly Supervised Classification Weakly Supervised Classification and Robust Learning and Robust Learning --- Overview of Our Recent

1.06k views • 25 slides
REFERENCES [1] D. Campolo, M. Sitti, R. S. Fearing, Efficient charge recovery method for

REFERENCES [1] D. Campolo, M. Sitti, R. S. Fearing, Efficient charge recovery method for

S. Ben-Yaakov, Power electronics of piezoelectric elements, Gordon Seminar, Tel_Aviv, 2006 1 REFERENCES [1] D. Campolo, M. Sitti, R. S. Fearing, Efficient charge recovery method for driving piezoelectric actuators with quasi-square waves,

85 views • 5 slides
Is Co-Regulation more Efficient and Effective in Supplying Safer Food? Insights from the UK

Is Co-Regulation more Efficient and Effective in Supplying Safer Food? Insights from the UK

Is Co-Regulation more Efficient and Effective in Supplying Safer Food? Insights from the UK Marian GARCIA Andrew FEARNE American Agricultural Economics Association - 2006 Pre-Conference Workshop: New Food Safety Incentives and Regulatory,

634 views • 24 slides
Lightweight Symmetric Crypto on a Full Circle: From Industry to Academia and Back Christian

Lightweight Symmetric Crypto on a Full Circle: From Industry to Academia and Back Christian

Lightweight Symmetric Crypto on a Full Circle: From Industry to Academia and Back Christian Rechberger TU Graz and DTU Security of modern IT Systems User Secure System Communication Protocol Cryptographic Primitive Security of modern IT

523 views • 51 slides
Reawakening a Classic Prince of Persia Case Study Plan Anatomy of a 15 y.o. success

Reawakening a Classic Prince of Persia Case Study Plan Anatomy of a 15 y.o. success

Reawakening a Classic Prince of Persia Case Study Plan Anatomy of a 15 y.o. success brand attributes identification Challenges Keeping up the brand attributes Production challenges Backbone methodology

114 views • 8 slides
A CP Scheduler for High-Performance Computers Thomas Bridi, Michele Lombardi, Andrea Bartolini,

A CP Scheduler for High-Performance Computers Thomas Bridi, Michele Lombardi, Andrea Bartolini,

A CP Scheduler for High-Performance Computers Thomas Bridi, Michele Lombardi, Andrea Bartolini, Luca Benini, and Michela Milano Context Todays HPC machines have a cost that varies between 3M $ (Eurora HPC) and 390M $ (Tianhe-2 HPC)

1.08k views • 22 slides
Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures 2020-03-03 1 Outline Why assumptions? Efficient one-time signatures Digital Signatures 2020-03-03 2 Recap: Lamport EUF-1-CMA secure

1.14k views • 37 slides
Applications of Rule Mining in Knowledge Bases Luis Galrraga November 3 rd , 2014 PIKM,

Applications of Rule Mining in Knowledge Bases Luis Galrraga November 3 rd , 2014 PIKM,

Applications of Rule Mining in Knowledge Bases Luis Galrraga November 3 rd , 2014 PIKM, Shanghai 1 Knowledge Bases (KBs) Barack Obama hasChild born On hasChild Malia Aug 4, 1961 hasChild marriedTo hasChild Michelle Sasha 2 KBs in

652 views • 49 slides
Logic Programming Prolog as Language Temur Kutsia Research Institute for Symbolic Computation

Logic Programming Prolog as Language Temur Kutsia Research Institute for Symbolic Computation

Logic Programming Prolog as Language Temur Kutsia Research Institute for Symbolic Computation Johannes Kepler University Linz, Austria kutsia@risc.jku.at 1 / 30 Prolog as Language Syntax Operators Equality Arithmetic

402 views • 15 slides
A new window on primordial non-Gaussianity based on 1201.5375 with M. Zaldarriaga Enrico Pajer

A new window on primordial non-Gaussianity based on 1201.5375 with M. Zaldarriaga Enrico Pajer

A new window on primordial non-Gaussianity based on 1201.5375 with M. Zaldarriaga Enrico Pajer Princeton University 2.0 R k 2 10 9 1.5 CMB LSS 1.0 10 4 0.01 1 100 10 4 k Mpc Summary We know little about

187 views • 14 slides
Principal Component Analysis in a Linear Algebraic View by Anna Orosz under the mentorship of

Principal Component Analysis in a Linear Algebraic View by Anna Orosz under the mentorship of

Principal Component Analysis in a Linear Algebraic View by Anna Orosz under the mentorship of Jakob Hansen Directed Reading Program at the University of Pennsylvania April 30th, 2020 Principal Component Analysis as a Transformation invented

455 views • 9 slides

More recommend