kurma secure geo distributed multi cloud storage gateways
play

Kurma: Secure Geo-distributed Multi-cloud Storage Gateways Ming - PowerPoint PPT Presentation

Mar 06, 2024 •134 likes •650 views

Kurma: Secure Geo-distributed Multi-cloud Storage Gateways Ming Chen and Erez Zadok Stony Brook University File Systems and Storage Lab (FSL) Cloud Storage Gateways l Benefits of cloud gateways Public NAS u Combine advantages of both Cloud

  1. Kurma: Secure Geo-distributed Multi-cloud Storage Gateways Ming Chen and Erez Zadok Stony Brook University File Systems and Storage Lab (FSL)

  2. Cloud Storage Gateways l Benefits of cloud gateways Public NAS u Combine advantages of both Cloud (NFS) clouds and traditional NAS u High security without relying on trusted third parties Accessibility Security u Allow clients to use public clouds using network-attached Availability Performance storage (NAS) protocols but still share across regions Economy Rich Semantics Scalability Consistency SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 31

  3. Kurma Design Goals 1. Strong Security u Use clouds to store only encrypted blocks u Share metadata directly among gateways 2. High availability u Use multiple public clouds u Each gateway is highly available (ZooKeeper) 3. High performance u Extensive caching for data and metadata u Asynchronous replication of metadata 4. High flexibility u Replication, erasure coding, and secret sharing SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 32

  4. Kurma Architecture Clients Kurma Region Gateway 1 storage metadata metadata S3 Azure Region Region Google 2 3 Rackspace Untrusted Public Clouds metadata SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 33

  5. Kurma Architecture Clients Kurma Region Gateway 1 storage Multiple clouds metadata metadata S3 Azure Region Region Google 2 3 Rackspace Untrusted Public Clouds metadata SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 34

  6. Kurma Architecture Clients Replicate Kurma Region Gateway metadata 1 storage Multiple (versions) clouds metadata metadata S3 Azure Region Region Google 2 3 Rackspace Untrusted Public Clouds metadata SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 35

  7. Kurma Architecture Clients Replicate Kurma Region Gateway metadata 1 storage Multiple (versions) clouds Distributed metadata metadata gateways S3 Azure Region Region Google 2 3 Rackspace Untrusted Public Clouds metadata SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 36

  8. Background l ZooKeeper: A distributed coordination service u Coordinate Kurma servers a u Store Kurma FS metadata znode b u Execute transactions of metadata changes zpath:/a/b l Hedwig: A publish-subscribe system u Provide guaranteed delivery u Replicate Kurma metadata l Thrift: A RPC framework u Define FS metadata format u RPC among Kurma servers SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 37

  9. Components Public Google Azure S3 Rackspace Clouds 1 2 3 Other Kurma Gateway Gateways Clients SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 38

  10. Components Public Google Azure S3 Rackspace Clouds 1 2 3 Other Kurma Gateway Gateways Clients SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 39

  11. Components Public Google Azure S3 Rackspace Clouds 1 2 3 Other Kurma Gateway Gateways Clients SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 40

  12. Components Public Google Azure S3 Rackspace Clouds 1 2 3 Other Kurma Gateway Gateways Clients SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 41

  13. Components Public Google Azure S3 Rackspace Clouds 1 2 3 Other Kurma Gateway Gateways Clients SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 42

  14. Metadata Management l Defined using Thrift l Stored in ZooKeeper l Replicated cross-regions using Hedwig SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 43

  15. Metadata Management l Defined using Thrift l Stored in ZooKeeper l Replicated cross-regions using Hedwig SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 44

  16. Metadata Management l Defined using Thrift l Stored in ZooKeeper l Replicated cross-regions using Hedwig SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 45

  17. Metadata Management l Defined using Thrift l Stored in ZooKeeper l Replicated cross-regions using Hedwig SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 46

  18. Metadata Management l Defined using Thrift l Stored in ZooKeeper l Replicated cross-regions using Hedwig SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 47

  19. Metadata Management l Defined using Thrift l Stored in ZooKeeper l Replicated cross-regions using Hedwig SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 48

  20. Metadata Management l Defined using Thrift l Stored in ZooKeeper l Replicated cross-regions using Hedwig SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 49

  21. Metadata Management l Defined using Thrift l Stored in ZooKeeper l Replicated cross-regions using Hedwig SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 50

  22. Kurma Security l Only file data blocks are saved in clouds l Blocks are authenticated and encrypted l Per-file secret key protected by gateway master keys l Detect swap and replay attacks SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 51

  23. Multi-Cloud Redundancy Replication Erasure Coding Secret Sharing Parameters (e.g., 4 n=4 k=3, m=1 n=4, k=3, r=2 clouds) n identical 1MB k+m non-identical n non-identical Apply to a block blocks 1/k MB block 1/k MB block n × 1MB (k+m) × 1/ k MB (k+m) × 1/ k MB Write a block Read a block any 1 cloud any k clouds any k clouds Tolerate failure of n=f+1 m=f n-k=f clouds f+1 (f+1 ) /k (f+1 ) /k Write amplifications 2 × 1MB blocks 4 × 340KB blocks 4 × 340KB blocks Example SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 52

  24. Hybrid Consistency Model l FIFO consistency across gateways u Updates made by a single gateway are seen by other gateways in the order they occur, but updates from different gateways may be seen in any interleaved order u FS metadata is asynchronously replicated among all regions using Hedwig which does not order message across gateways u Resolves inter-gateway conflicts as needed l Region-level NFS consistency u Same as traditional NFS u Data freshness in the same region SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 53

  25. Implementation l NFS Servers built on top of NFS-Ganesha u FSAL_PCACHE u FSAL_KURMA l Gateway Servers u File-System Module uses Thrift u Metadata Module uses Apache Curator (ZooKeeper) u Security Module uses Java 8 standard cryptographic library u Cloud Module uses cloud Java drivers u Redundancy uses Jerasure and CAONS-RS secret sharing Components Language LoC Kurma NFS Server C/C++ 15,802 Kurma Gateway Server Java 27,976 Secret Sharing JNI C/C++ 2,480 RPC & Metadata Definition Thrift 668 SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 54

  26. Optimizations 1. Avoid high-latency of ZooKeeper u Batch metadata changes using transactions u Use in-memory cache for hot znodes 2. Avoid performance variations of clouds u Sort clouds online every N seconds 3. Reduce metadata size u Compress file-system metadata u Use large block sizes SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 55

  27. Evaluation l Experimental setup u Two regions with a network RTT of 100ms u Each region contains VMs for § 3 Metadata Servers running ZooKeeper and Hedwig § 1 Gateway Server § 1 NFS Server with persistent cache on an Intel SSD § 1 NFS client § Each VM has two cores and 4GB of RAM running Fedora 25 with Linux 4.8.10 kernel u Baseline: traditional NFS server § Runs NFS-Ganesha FSAL_VFS § Uses an Intel SSD formatted with Ext4 l Security tests u Availability test u Integrity tests: swapping and replay attacks SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 56

  28. Cloud Read Latency 8192 AWS Google 4096 Azure Rackspace Latency (ms, log 2 ) 2048 1024 512 256 128 64 32 16KB 64KB 256KB 1MB 4MB Cloud Object Size SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 57

  29. Cloud Read Latency 8192 AWS Google 4096 Azure Rackspace Latency (ms, log 2 ) 2048 1.1 ✕ 1024 512 256 128 64 32 16KB 64KB 256KB 1MB 4MB Cloud Object Size SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 58

  30. Cloud Read Latency 8192 AWS Google 4096 Azure Rackspace Latency (ms, log 2 ) 2048 3.1 ✕ 1024 512 256 128 1.3 ✕ 64 32 16KB 64KB 256KB 1MB 4MB Cloud Object Size SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 59

  31. Cloud Read Latency 43 ✕ 8192 AWS Google 4096 Azure Rackspace Latency (ms, log 2 ) 2048 1024 512 256 128 64 32 16KB 64KB 256KB 1MB 4MB Cloud Object Size SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 60

  32. Cloud Read Latency 8192 AWS Google 4096 Azure Rackspace Latency (ms, log 2 ) 2048 1024 512 256 128 64 32 16KB 64KB 256KB 1MB 4MB Cloud Object Size SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 61

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Wiera : Towards Flexible Multi-Tiered Geo-Distributed Cloud Storage Instances Kwangsung Oh ,

Wiera : Towards Flexible Multi-Tiered Geo-Distributed Cloud Storage Instances Kwangsung Oh ,

Wiera : Towards Flexible Multi-Tiered Geo-Distributed Cloud Storage Instances Kwangsung Oh , Abhishek Chandra, and Jon Weissman Department of Computer Science and Engineering University of Minnesota Twin Cities HPDC 2016 Cloud Providers

419 views • 41 slides
Large objects in the Cloud Thursday, 11 April 13 Riak Cloud Storage Cloud Storage software

Large objects in the Cloud Thursday, 11 April 13 Riak Cloud Storage Cloud Storage software

Large objects in the Cloud Thursday, 11 April 13 Riak Cloud Storage Cloud Storage software backed by Riak Simple API Multi-tenant, Per-tenant Reporting Pluggable Authentication Multi Data Center Replication (Enterprise)

369 views • 18 slides
Cloud Storage Nabil Abdennadher nabil.abdennadher@hesge.ch 1 Cloud storage Objective

Cloud Storage Nabil Abdennadher nabil.abdennadher@hesge.ch 1 Cloud storage Objective

Cloud Storage Nabil Abdennadher nabil.abdennadher@hesge.ch 1 Cloud storage Objective Provide logical storage pools that abstract a more complex distributed infrastructure made of commodity hardware Separate storage service

627 views • 15 slides
Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation Computation How to Run Sublinear Algorithms in a Distributed Algorithms in a Distributed Setting Elette Boyle Shafi Goldwasser Stefano Tessaro

1.01k views • 36 slides
Cloud storage state of affairs Storage clusters contain thousands of storage nodes, with e.g. 500

Cloud storage state of affairs Storage clusters contain thousands of storage nodes, with e.g. 500

A mathematical theory of distributed storage Dagstuhl workshop (16321) Coding in the time of Big Data Michael Luby August 8, 2016 Research Cloud storage state of affairs Storage clusters contain thousands of storage nodes, with e.g. 500 TB

796 views • 37 slides
Distributed Storage Systems part 1 Marko Vukoli Distributed Systems and Cloud Computing This

Distributed Storage Systems part 1 Marko Vukoli Distributed Systems and Cloud Computing This

Distributed Storage Systems part 1 Marko Vukoli Distributed Systems and Cloud Computing This part of the course (5 slots) Distributed Storage Systems CAP theorem and Amazon Dynamo Apache Cassandra Distributed Systems

767 views • 52 slides
YFS 1.0 is the next generation distributed file system for secure private, public and hybrid

YFS 1.0 is the next generation distributed file system for secure private, public and hybrid

YFS 1.0 is the next generation distributed file system for secure private, public and hybrid cloud storage deployments. YFS 1.0 is not a hardware appliance. Backward compatible with IBM AFS 3.6 and OpenAFS. No flag day required

359 views • 16 slides
A Simulation-based Evaluation of a Hybrid Storage System combining P2P, F2F, and Cloud storage

A Simulation-based Evaluation of a Hybrid Storage System combining P2P, F2F, and Cloud storage

. . A Simulation-based Evaluation of a Hybrid Storage System combining P2P, F2F, and Cloud storage with a Distributed Reputation System Anders Skoglund andsk668@student.liu.se November 04, 2013 . Cloud storage P2P storage F2F storage

660 views • 36 slides
Distributed and Cloud Storage Systems Corso di Sistemi Distribuiti e Cloud Computing A.A. 2017/18

Distributed and Cloud Storage Systems Corso di Sistemi Distribuiti e Cloud Computing A.A. 2017/18

Universit degli Studi di Roma Tor Vergata Dipartimento di Ingegneria Civile e Ingegneria Informatica Distributed and Cloud Storage Systems Corso di Sistemi Distribuiti e Cloud Computing A.A. 2017/18 Valeria Cardellini Why to scale

1.15k views • 82 slides
Distributed and Cloud Storage Systems Corso di Sistemi Distribuiti e Cloud Computing A.A. 2018/19

Distributed and Cloud Storage Systems Corso di Sistemi Distribuiti e Cloud Computing A.A. 2018/19

Universit degli Studi di Roma Tor Vergata Dipartimento di Ingegneria Civile e Ingegneria Informatica Distributed and Cloud Storage Systems Corso di Sistemi Distribuiti e Cloud Computing A.A. 2018/19 Valeria Cardellini Why to scale

396 views • 37 slides
Cloud Gateways Suli Yang, Kiran Srinivasan, Kishore Udayashankar, Swetha Krishnan, Jingxin Feng,

Cloud Gateways Suli Yang, Kiran Srinivasan, Kishore Udayashankar, Swetha Krishnan, Jingxin Feng,

Tombolo: Performance Enhancements for Cloud Gateways Suli Yang, Kiran Srinivasan, Kishore Udayashankar, Swetha Krishnan, Jingxin Feng, Yupu Zhang, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau 1 Storage is Moving to the Cloud Clients

618 views • 47 slides
Secure Distributed Computation and Storage Jed Liu Michael D. George K. Vikram Xin Qi Lucas

Secure Distributed Computation and Storage Jed Liu Michael D. George K. Vikram Xin Qi Lucas

A Platform for Secure Distributed Computation and Storage Jed Liu Michael D. George K. Vikram Xin Qi Lucas Waye Andrew C. Myers Department of Computer Science Cornell University 22 nd ACM SIGOPS Symposium on Operating Systems Principles 14

650 views • 38 slides
Distributed Storage Systems part 2 Marko Vukoli Distributed Systems and Cloud Computing

Distributed Storage Systems part 2 Marko Vukoli Distributed Systems and Cloud Computing

Distributed Storage Systems part 2 Marko Vukoli Distributed Systems and Cloud Computing Distributed storage systems Part I CAP Theorem Amazon Dynamo Part II Cassandra 2 Cassandra in a nutshell Distributed key-value

1.46k views • 59 slides
Secure storage in the cloud using property preserving encryption Kenny Paterson Information

Secure storage in the cloud using property preserving encryption Kenny Paterson Information

Secure storage in the cloud using property preserving encryption Kenny Paterson Information Security Group Overview 1. Application scenarios. 2. Deterministic encryption and search. 3. OPE/ORE and range queries. 4. Analysing access pattern

877 views • 48 slides
Distributed Data Service for Secure Cloud Simulations Sonia R. von der Lippe, M&S Systems

Distributed Data Service for Secure Cloud Simulations Sonia R. von der Lippe, M&S Systems

Distributed Data Service for Secure Cloud Simulations Sonia R. von der Lippe, M&S Systems Engineer, HII-TSD, Orlando, FL Andre Odermatt, Technical Marketing Manager, Real-Time Innovations, Sunnyvale, USA Operation Training In Infrastructure

346 views • 22 slides
Security on cloud storage and IaaS at Taiwan-Japan Workshop 2012/Nov/27

Security on cloud storage and IaaS at Taiwan-Japan Workshop 2012/Nov/27

Resea earch I Institut ute e for or Se Secure Sy Systems Security on cloud storage and IaaS at Taiwan-Japan Workshop 2012/Nov/27 http://www.jst.go.jp/sicp/ws2012_nsc.html Kuniyasu Suzaki Research Institute for Secure Systems (RISEC)

350 views • 22 slides
U Un ni iv ve er rs sa al l S Se er ri ia al l B Bu us s Na am me e: :S

U Un ni iv ve er rs sa al l S Se er ri ia al l B Bu us s Na am me e: :S

U Un ni iv ve er rs sa al l S Se er ri ia al l B Bu us s Na am me e: :S Sr re ee en nu u V Ve em mu u N IS SN NM M 2 20 00 03 3/ /0 04 4 I Su S ub bj je ec ct t: : M Me ed di ia a T

415 views • 12 slides
Introduction Introduction to storage and to storage and filesystems filesystems Introduction

Introduction Introduction to storage and to storage and filesystems filesystems Introduction

Moreno Baricevic Gilberto Daz Axel Kohlmeyer Stefano Cozzini ULA ICTP CNR-IOM DEMOCRITOS Merida, VENEZUELA Trieste, ITALY Trieste, ITALY Introduction Introduction to storage and to storage and filesystems filesystems Introduction

1.19k views • 51 slides
Concepts of programming languages Lecture 10 Wouter Swierstra Faculty of Science Information

Concepts of programming languages Lecture 10 Wouter Swierstra Faculty of Science Information

Concepts of programming languages Lecture 10 Wouter Swierstra Faculty of Science Information and Computing Sciences 1 Project progress Please send me a brief progress no later than Friday! Each time will be given a 15 minute slot to present

1.03k views • 63 slides
Transmission of Quantitative Easing: The Role of Central Bank Reserves Jens H. E. Christensen

Transmission of Quantitative Easing: The Role of Central Bank Reserves Jens H. E. Christensen

Transmission of Quantitative Easing: The Role of Central Bank Reserves Jens H. E. Christensen & Signe Krogstrup 5th Conference on Fixed Income Markets Bank of Canada and Federal Reserve Bank of San Francisco November 5-6, 2015 The views

712 views • 24 slides
This Lecture Physical Database Design RAID Arrays Efficiency and Storage Parity

This Lecture Physical Database Design RAID Arrays Efficiency and Storage Parity

This Lecture Physical Database Design RAID Arrays Efficiency and Storage Parity Database File Structures Indexes Database Systems Further reading Michael Pound The Manga Guide to Databases, Chapter 5 Database

271 views • 7 slides
Toward Full Specialization of the HPC System Software Stack: Reconciling Application Containers

Toward Full Specialization of the HPC System Software Stack: Reconciling Application Containers

Toward Full Specialization of the HPC System Software Stack: Reconciling Application Containers and Lightweight Multi-kernels Balazs Gerofi , Yutaka Ishikawa , Rolf Riesen , Robert W. Wisniewski bgerofi@riken.jp RIKEN Advanced

485 views • 29 slides
Hourglass Alternative and constructivity of spectral of matrix products V ICTOR K OZYAKIN

Hourglass Alternative and constructivity of spectral of matrix products V ICTOR K OZYAKIN

Hourglass Alternative and constructivity of spectral characteristics Hourglass Alternative and constructivity of spectral of matrix products V ICTOR K OZYAKIN characteristics of matrix products Introduction Joint and Lower Spectral

1.07k views • 49 slides
Effect of interferometer observation on

Effect of interferometer observation on

WS 2017 12/20-22 Effect of interferometer observation on observed polarization map Kazuya Saigo (NAOJ Chile Observatory) Intro. Orion

308 views • 29 slides

More recommend