generic raid reassembly using block level entropy
play

Generic RAID Reassembly using Block-Level Entropy Christian Zoubek, - PowerPoint PPT Presentation

May 03, 2023 •239 likes •547 views

Generic RAID Reassembly using Block-Level Entropy Generic RAID Reassembly using Block-Level Entropy Christian Zoubek, Sabine Seufert, Andreas Dewald 30.04.2016 Generic RAID Reassembly using Block-Level Entropy Outline Introduction 1

  1. Generic RAID Reassembly using Block-Level Entropy Generic RAID Reassembly using Block-Level Entropy Christian Zoubek, Sabine Seufert, Andreas Dewald 30.04.2016

  2. Generic RAID Reassembly using Block-Level Entropy Outline Introduction 1 Motivation Prerequisities Parameter detection using Entropy 2 RAID type Stripe size Stripe map Evaluation 3 Correctness Conclusion 4

  3. Generic RAID Reassembly using Block-Level Entropy Introduction Outline Introduction 1 Motivation Prerequisities Parameter detection using Entropy 2 RAID type Stripe size Stripe map Evaluation 3 Correctness Conclusion 4

  4. Generic RAID Reassembly using Block-Level Entropy Introduction Motivation What is RAID Redundant Array of Independent (originally ’Inexpensive’) Disks - Several physical disks combined Abstraction layer between hard disks and file system One logical unit - Depending on RAID it is able to recover Data lost by hardware failure speed up Data transfer heavily increase capacity

  5. Generic RAID Reassembly using Block-Level Entropy Introduction Motivation Why recovery Most server environments use RAID Seizure does not guarantee knowledge about RAID parameters - Undocumented RAID parameters - Administrator not willing to cooperate - Broken RAID controller ⇒ Some or all parameters missing Missing parameters may lead to data loss

  6. Generic RAID Reassembly using Block-Level Entropy Introduction Prerequisities RAID parameters RAID defined by several parameters - RAID type/level (RAID 0, RAID 1, etc.) - Stripe size Size of each contiguous block Common: 1KB - 1MB - Disk count - Stripemap Order of disks How data is distributed over disks

  7. Generic RAID Reassembly using Block-Level Entropy Introduction Prerequisities In detail RAID 1 - All disks save the exact same data - Redundancy by mirroring → Recovery straightforward RAID 0 - Data distributed over all disks - No redundancy → One broken disk equals to loss of all data

  8. Generic RAID Reassembly using Block-Level Entropy Introduction Prerequisities RAID 5 in detail RAID 5 - Redundancy through parity - Data and parity distribution over all disks → Mix of failure safety and better performance - Literature: Different Setups possible

  9. Generic RAID Reassembly using Block-Level Entropy Introduction Prerequisities RAID 5 Properties of common RAID 5 setups - Parity distribution (describes shift of parity block after each row) Left-sided (Parity block shifted from last disk to first) Right-sided (Parity block shifted from first disk to last) - Data distribution (describes location of first block of each row) symmetric (First data block right to parity block) asymmetric (First data block at first disk)

  10. Generic RAID Reassembly using Block-Level Entropy Introduction Prerequisities RAID 5 - examples RAID 5 using 4 disks 0 1 2 P 3 4 P 5 6 P 7 8 P 9 10 11 left asymmetric P 0 1 2 5 P 3 4 7 8 P 6 9 10 11 P right symmetric

  11. Generic RAID Reassembly using Block-Level Entropy Parameter detection using Entropy Outline Introduction 1 Motivation Prerequisities Parameter detection using Entropy 2 RAID type Stripe size Stripe map Evaluation 3 Correctness Conclusion 4

  12. Generic RAID Reassembly using Block-Level Entropy Parameter detection using Entropy RAID type Algorithm Distinguish between RAID 0/1/5 by utilizing their characteristics - RAID 1 only has mirrored blocks - RAID 5 uses parity block in each row Declare counters for occurences of - Mirrored blocks - Parity blocks - None of both Comparison of counters lead to knowledge of RAID level

  13. Generic RAID Reassembly using Block-Level Entropy Parameter detection using Entropy RAID type Interpretation Possibility to detect missing RAID 5 disk - Assumption: Some blocks on missing disk are empty - Mirrored or parity blocks may be found ( Y xor 0 = Y ) RAID-0 RAID-1 RAID-5c RAID-5i mirrored low high low mean parity low low high mean unassigned high low low high

  14. Generic RAID Reassembly using Block-Level Entropy Parameter detection using Entropy Stripe size Algorithm Find possible sizes using entropy - Calculate entropy of 512-byte blocks - Count encounters of each possible byte value - Probability distribution → H = − � i p i × log( p i ) - Find consecutive blocks with high entropy differences (Unusual within the same file) - Validate finding by checking surroundings - Mark edge as possible interesting address

  15. Generic RAID Reassembly using Block-Level Entropy Parameter detection using Entropy Stripe size Algorithm - continued After finding some addresses of interest - Calculate difference between two consecutive addresses - Find best fitting stripe size Start with greatest stripe size (we use 2MB) Difference modulo stripe size If zero, mark as possible stripe size

  16. Generic RAID Reassembly using Block-Level Entropy Parameter detection using Entropy Stripe size Example 1.75MB file over four disks, RAID 0 Address Disk 0 Disk 1 Disk 2 Disk 3 ... 888273920 0 0 0 0 888274432 0 0 0 0 888274944 0 7.50199 7.56131 7.57583 888275456 0 7.53411 7.54758 7.54145 ... 888306176 0 7.46816 7.43265 7.48876 888306688 0 7.43318 7.59278 7.60496 888307200 6.14066 7.48741 7.58424 7.49408 888307712 7.64113 7.53735 7.59764 7.46034 ... 888732672 7.43689 7.55090 7.52364 7.54029 888733184 7.52416 7.54816 7.57045 7.53455 888733696 7.44034 7.54581 7.46290 0 888734208 7.47576 7.51771 7.57273 0 ... Stripe: 888274944 - 888733696 (= 458752; Stripe: 64KB)

  17. Generic RAID Reassembly using Block-Level Entropy Parameter detection using Entropy Stripe map Disk order Striped data blocks are written consecutively over the disks - Empty blocks may indicate position within stripe - Stripe with empty blocks and used blocks interesting Algorithm - Find begin/end of a file within a disk Calculate entropy of blocks half the stripe size Rising entropy: begin of a file Falling entropy: end of a file

  18. Generic RAID Reassembly using Block-Level Entropy Parameter detection using Entropy Stripe map Disk order - Algorithm Check other disks at same address - All full with data: Discard - One or more empty If begin of a file; Empty blocks were written beforehand else; empty blocks written after end of file RAID 0 almost finished - Only disk order to recover - Rebuild order by resolving findings RAID 5 uses parity block - Disk order not that easy to tell (parity block) - Derive a disk order for each row in stripe map

  19. Generic RAID Reassembly using Block-Level Entropy Parameter detection using Entropy Stripe map RAID 5 - extension RAID 5 usually uses map with n rows (n = # disks) - Find distribution of parity across disks Fact: The more random data the higher the entropy Assumption: Parity most often the most random block each row → Derive parity map by comparing entropies of each row � a � - Find correct row to address: mod ( n ) s a = address on disk s = stripe size n = number of disks

  20. Generic RAID Reassembly using Block-Level Entropy Parameter detection using Entropy Stripe map RAID 5 - Stripe map Use parity map and row-wise disk order to set properties - Find parity block of each row - Check blocks written previous to parity block by the same disk Always first block → right symmetric Always last block → left symmetric Ascending order → right asymmetric Descending order → left asymmetric

  21. Generic RAID Reassembly using Block-Level Entropy Evaluation Outline Introduction 1 Motivation Prerequisities Parameter detection using Entropy 2 RAID type Stripe size Stripe map Evaluation 3 Correctness Conclusion 4

  22. Generic RAID Reassembly using Block-Level Entropy Evaluation Data set Different RAID setups for data storage - Low entropy data (text files) - High entropy data (picture files) - RAID 0 and RAID 5 - Varying stripe sizes: 16,64,256,1024 [KB] - File systems: Ext4 and NTFS Furthermore - Six Ubuntu installations (3 × RAID 0, 3 × RAID 5) - Several Software RAIDS (mdadm) ⇒ 38 RAIDs + Software RAIDs

  23. Generic RAID Reassembly using Block-Level Entropy Evaluation Stripesize Optimal threshold for entropy differences dependent on - File system - Types of file - Stripe size Observations - NTFS using picture files stable in almost every combination - Large stripe sizes prefer large entropy differences - Best fitting in all cases: 0.3 (lower bound) - 7.3 (upper bound)

  24. Generic RAID Reassembly using Block-Level Entropy Evaluation Correctness Stripesize Some results for different stripe sizes and data 100 Small ✁ les, ext 90 Small ✁ les, ntfs Picture ✁ les, ext 80 Picture ✁ les, ntfs Probability in Percent 70 60 50 40 30 20 10 0 1 4 16 64 256 1024 4096 Stripesize in KB

  25. Generic RAID Reassembly using Block-Level Entropy Evaluation Correctness Stripe map - Parity distribution Using picture files Disk 0 Disk 1 Disk 2 Disk 3 0 4958 0 0 0 0 5002 0 0 0 0 4911 4922 0 0 0 Different small files Disk 0 Disk 1 Disk 2 Disk 3 485 480 497 3805 469 512 3808 478 499 3785 490 498 3800 518 442 510

  26. Generic RAID Reassembly using Block-Level Entropy Evaluation Correctness Summary Stripe size calculation - fixed entropy threshold (0.3 and 7.3) - worked in every case Stripe map - Parity distribution worked in every RAID 5 case - Finding disk order worked in every case but one RAID 0, small files, great stripe size Only part of the disk order was recovered

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Block-level RAID is dead Raja Appuswamy, David C. van Moolenbroek, Andrew S. Tanenbaum Vrije

Block-level RAID is dead Raja Appuswamy, David C. van Moolenbroek, Andrew S. Tanenbaum Vrije

Block-level RAID is dead Raja Appuswamy, David C. van Moolenbroek, Andrew S. Tanenbaum Vrije Universiteit, Amsterdam June 22, 2010 Traditional storage stack File Originally one file system per disk system Later RAID layer was introduced

453 views • 19 slides
Entropy, Relative Entropy, Cross Entropy Entropy Entropy, H(x) is a measure of the uncertainty of

Entropy, Relative Entropy, Cross Entropy Entropy Entropy, H(x) is a measure of the uncertainty of

Entropy, Relative Entropy, Cross Entropy Entropy Entropy, H(x) is a measure of the uncertainty of a discrete random variable. Properties: H(x) >= 0 Entropy Entropy Lesser the probability for an event, larger the entropy.

471 views • 21 slides
Disk Management Disk Structure Disk Scheduling RAID Disk Block Management

Disk Management Disk Structure Disk Scheduling RAID Disk Block Management

CPSC 410 / 611 : Operating Systems Disk Management Disk Management Disk Structure Disk Scheduling RAID Disk Block Management Modern Secondary Storage Technologies Disk Management Disk Structure Disk Scheduling RAID

555 views • 18 slides
7 Network Layer Network Layer Network Layer Network Layer Subnets Classful Address

7 Network Layer Network Layer Network Layer Network Layer Subnets Classful Address

Network Layer Network Layer Network Layer Network Layer IP Fragmentation & Reassembly IP Fragmentation and Reassembly network links have MTU length ID fragflag offset (max.transfer size) - largest possible link-level frame.

948 views • 5 slides
at Technopark@Chai Chee 6 May 2015 Perspective Post AEI Block A conversion of level 1 Block

at Technopark@Chai Chee 6 May 2015 Perspective Post AEI Block A conversion of level 1 Block

Asset Enhancement Initiative (AEI) at Technopark@Chai Chee 6 May 2015 Perspective Post AEI Block A conversion of level 1 Block B conversion of level 1 carpark, existing and new & 2 into enrichment/ adjoining annexed block

563 views • 13 slides
Lecture 23: Multiprocessors Todays topics: RAID Multiprocessor taxonomy

Lecture 23: Multiprocessors Todays topics: RAID Multiprocessor taxonomy

Lecture 23: Multiprocessors Todays topics: RAID Multiprocessor taxonomy Snooping-based cache coherence protocol 1 RAID 0 and RAID 1 RAID 0 has no additional redundancy (misnomer) it uses an array of disks and stripes

193 views • 16 slides
Entropy and The Second Law of Thermodynamics Entropy (S)

Entropy and The Second Law of Thermodynamics Entropy (S)

Entropy and The Second Law of Thermodynamics Entropy (S) Entropy is o8en related to disorder but not strictly correct Entropy is a measure

351 views • 8 slides
Building Secure Block Ciphers on Generic Attacks Assumptions Jacques Patarin and Yannick Seurin

Building Secure Block Ciphers on Generic Attacks Assumptions Jacques Patarin and Yannick Seurin

Building Secure Block Ciphers on Generic Attacks Assumptions Jacques Patarin and Yannick Seurin University of Versailles and Orange Labs SAC 2008 August 14-15, 2008 intro the Russian Dolls construction generic attacks application to

539 views • 17 slides
Formal Modeling in Cognitive Science Lecture 25: Entropy, Joint Entropy, Conditional Entropy 1

Formal Modeling in Cognitive Science Lecture 25: Entropy, Joint Entropy, Conditional Entropy 1

Entropy Entropy Formal Modeling in Cognitive Science Lecture 25: Entropy, Joint Entropy, Conditional Entropy 1 Entropy Entropy and Information Joint Entropy Frank Keller Conditional Entropy School of Informatics University of Edinburgh

81 views • 4 slides
Orc David Schleef Entropy Wave Inc (c) 2009 Entropy Wave Inc What is Orc A system for

Orc David Schleef Entropy Wave Inc (c) 2009 Entropy Wave Inc What is Orc A system for

Orc David Schleef Entropy Wave Inc (c) 2009 Entropy Wave Inc What is Orc A system for describing low-level computation on modern CPUs (c) 2009 Entropy Wave Inc Motivation (c) 2009 Entropy Wave Inc Motivation Want maintainable assembly

611 views • 28 slides
Combining Compression Functions and Block Cipher-Based Hash Functions Asiacrypt 2006 Thomas

Combining Compression Functions and Block Cipher-Based Hash Functions Asiacrypt 2006 Thomas

Introduction The Framework Known Generic Attacks Against Multiple Block Length Hashing How to Avoid Known Generic Attacks ? Conclusions Combining Compression Functions and Block Cipher-Based Hash Functions Asiacrypt 2006 Thomas Peyrin 1 ,

655 views • 44 slides
CPSC 410/611: Disk Management Disk Structure Disk Scheduling RAID Disk Block

CPSC 410/611: Disk Management Disk Structure Disk Scheduling RAID Disk Block

CPSC 410 / 611 : Operating Systems Disk Management CPSC 410/611: Disk Management Disk Structure Disk Scheduling RAID Disk Block Management Reading: Doeppner 6.1, 6.4 (more to follow, on File Systems) Disk Structure sector

367 views • 13 slides
1 Definition of a simple generic class Why generic programming (cont.) class Pair <T> {

1 Definition of a simple generic class Why generic programming (cont.) class Pair <T> {

Topics background and goals of generic programming basics of generic classes = parameterized types generic methods for general algorithms inheritance rules for generic types Generic programming in Java bounded type parameters

261 views • 5 slides
Block-Based Adaptive Mesh Refinement scheme based on numerical density of entropy production for

Block-Based Adaptive Mesh Refinement scheme based on numerical density of entropy production for

Block-Based Adaptive Mesh Refinement scheme based on numerical density of entropy production for conservation laws and applications. Mehmet Ersoy 1 , Fr ed eric Golay, Lyudmyla Yushchenko, Universit e de Toulon, IMATH, and Damien Sous,

1.55k views • 102 slides
Outline CPSC 418/MATH 318 Introduction to Cryptography Entropy 1 Entropy, Product Ciphers,

Outline CPSC 418/MATH 318 Introduction to Cryptography Entropy 1 Entropy, Product Ciphers,

Outline CPSC 418/MATH 318 Introduction to Cryptography Entropy 1 Entropy, Product Ciphers, Block Ciphers Encodings Product Ciphers Renate Scheidler 2 Error Propagation Department of Mathematics & Statistics Department of Computer

663 views • 10 slides
Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the

Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the

Outline Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the Technion) Huffman coding Arithmetic coding Lempel-Ziv coding 2 Entropy Definitions Alphabet : A finite set containing at least

402 views • 10 slides
An Introduction to the Lustre Parallel File System Tom Edwards tedwards@cray.com C O M P U T E

An Introduction to the Lustre Parallel File System Tom Edwards tedwards@cray.com C O M P U T E

An Introduction to the Lustre Parallel File System Tom Edwards tedwards@cray.com C O M P U T E | S T O R E | A N A L Y Z E Agenda Introduction to storage hardware RAID Parallel Filesystems Lustre Mapping

639 views • 33 slides
parallel workloads Vikas Aggarwal Storage Developer Conference Bangalore 2017 Team Members

parallel workloads Vikas Aggarwal Storage Developer Conference Bangalore 2017 Team Members

Hardware Acceleration for RAID5/6, Deduplication & Security for parallel workloads Vikas Aggarwal Storage Developer Conference Bangalore 2017 Team Members Venkatesh Bolla Achyutha Krishna Anil Reddy Responsibilities: Storage

960 views • 27 slides
Mass Storage & IO - II Tevfik Ko ar University at Buffalo November 10 th , 2011 1 RAID

Mass Storage & IO - II Tevfik Ko ar University at Buffalo November 10 th , 2011 1 RAID

CSE 421/521 - Operating Systems Fall 2011 Lecture - XX Mass Storage & IO - II Tevfik Ko ar University at Buffalo November 10 th , 2011 1 RAID Structure As disks get cheaper, adding multiple disks to the same system provides

263 views • 12 slides
Manage your disk space... for free :) Julien Wallior Plug Central 11.1.2006 Agenda

Manage your disk space... for free :) Julien Wallior Plug Central 11.1.2006 Agenda

Manage your disk space... for free :) Julien Wallior Plug Central 11.1.2006 Agenda Background RAID Some basics Practice Booting on a raid device LVM What is that? How it works Hardware raid... if you really

766 views • 21 slides
Part IV I/O System Chapter 12: Mass Storage Structure Chapter 12: Mass Storage Structure 1

Part IV I/O System Chapter 12: Mass Storage Structure Chapter 12: Mass Storage Structure 1

Part IV I/O System Chapter 12: Mass Storage Structure Chapter 12: Mass Storage Structure 1 Fall 2010 Disk Disk Structure Disk Disk Structure Structure Structure Three elements: cylinder track and sector/block Three elements:

547 views • 28 slides
Algorithms and Methods for Distributed Storage Networks 4: Volume Manager and RAID Christian

Algorithms and Methods for Distributed Storage Networks 4: Volume Manager and RAID Christian

Algorithms and Methods for Distributed Storage Networks 4: Volume Manager and RAID Christian Schindelhauer Albert-Ludwigs-Universitt Freiburg Institut fr Informatik Rechnernetze und Telematik Wintersemester 2007/08 RAID Redundant

308 views • 15 slides
Data Storage and Disk Structure A Simple Implementation of DBMS One file per table

Data Storage and Disk Structure A Simple Implementation of DBMS One file per table

Data Storage and Disk Structure A Simple Implementation of DBMS One file per table Students(name, id, dept) in a file Students A meta symbol # to separate attributes Smith#123#CS Johnson#522#EE Database schema in a

517 views • 33 slides
Todays Objec1ves AWS/MR Review Exam Discussion Storage Systems RAID Nov 1, 2017

Todays Objec1ves AWS/MR Review Exam Discussion Storage Systems RAID Nov 1, 2017

11/1/17 Todays Objec1ves AWS/MR Review Exam Discussion Storage Systems RAID Nov 1, 2017 Sprenkle - CSCI325 1 Project 3 AWS Account Update? Can get a non-student account but requires credit card Thursday Set of

317 views • 15 slides

More recommend