practical protection for personal storage in the cloud
play

Practical Protection for Personal Storage in the Cloud Neal H. - PowerPoint PPT Presentation

Jun 12, 2023 •367 likes •685 views

Practical Protection for Personal Storage in the Cloud Neal H. Walfield , Paul T. Stanton, John Linwood Griffin and Randal Burns Johns Hopkins University EuroSec 10 April 13th, 2010 Outline Personal Storage Today Practial Protection

  1. Practical Protection for Personal Storage in the Cloud Neal H. Walfield , Paul T. Stanton, John Linwood Griffin and Randal Burns Johns Hopkins University EuroSec ’10 April 13th, 2010

  2. Outline ◮ Personal Storage Today ◮ Practial Protection Mechanisms

  3. Web 2.0: Today ◮ Each service provides the user with storage ◮ Limited support for sharing between services

  4. An Emerging Issue ◮ Data Management is Hard! ◮ Data Lock-In ◮ No standardized access interface (à la POSIX) ◮ Must use service’s interface; point solutions ◮ Data Spew ◮ Data is hard to find ◮ Version Drift ◮ Sharing across services = ⇒ divergent copies

  5. An Emerging Issue ◮ Data Management is Hard! ◮ Data Lock-In ◮ No standardized access interface (à la POSIX) ◮ Must use service’s interface; point solutions ◮ Data Spew ◮ Data is hard to find ◮ Version Drift ◮ Sharing across services = ⇒ divergent copies ◮ Underlying Architectural Problem: ◮ Many storage providers ⇒ No unified view of data ◮ =

  6. A Simple Solution: One Storage Provider ◮ User has direct access to data ◮ Single, authoritative copy ◮ Cross-service sharing

  7. A Simple Difficulty ◮ Access Control ◮ Facebook should not be able to access EMail

  8. A Simple Difficulty ◮ Access Control ◮ Facebook should not be able to access EMail ◮ Reputation!

  9. A Simple Difficulty ◮ Access Control ◮ Facebook should not be able to access EMail ◮ Reputation is not enough! ◮ Users less likely to experiment ◮ Raises barrier to entry

  10. Outline ◮ Personal Storage Today ◮ Practial Protection Mechanisms

  11. Per-User Storage: Major Design Goals ◮ Protection ◮ Least Privilege ◮ Not Unix ◮ Fine-grained, dynamic delegation and revocation ◮ Usability ◮ Minimal user interactions with security manager ◮ Opening, saving files ◮ Delegate access to not-yet-existing objects ◮ Flickr can access all JPEG files ◮ Consistent naming of objects ◮ /photos/paris/dsc_1076.jpg always has same name

  12. S4: Simple, Secure Storage Service ◮ Hierarchical Principals ◮ Filtered Views ◮ Powerbox ◮ Security manager implements open, save-as dialogs

  13. Principals Alice Alice.Hotmail Alice.Facebook ◮ Hierarchical ◮ Alice dominates Alice.Hotmail ◮ Principals identified using public key cryptography

  14. Creating a new Principal ◮ Credentials communicated using a Webkey ◮ Includes service’s public, private keys ◮ Includes storage server’s public key

  15. Filtered Views /addressbook /Maildir/. . . /photos/. . . /calendar/. . . . . . rw, /addressbook rw, /addressbook rw, /Maildir Alice Alice.Hotmail Alice.Facebook ◮ Filter parent’s name space ◮ Principal can access that which it can name ◮ e.g., Regular expressions ◮ Enables consitent naming, future delegations

  16. Filtered Views /addressbook /Maildir/. . . /photos/. . . /calendar/. . . . . . rw, /addressbook rw, /addressbook rw, /Maildir Alice Alice.Hotmail Alice.Facebook ◮ Filter parent’s name space ◮ Principal can access that which it can name ◮ e.g., Regular expressions ◮ Enables consitent naming, future delegations

  17. Powerbox Least Privilege View Powerbox View

  18. Powerbox ◮ Concept ◮ Replaces application’s open, save-as dialog box ◮ Service sends an RPC to security manager ◮ Security manager displays dialog box ◮ Essential for usable least privilege ◮ Dynamic delegation ◮ No (explicit) user interactions with security manager

  19. Integrating the Powerbox into Flickr ◮ Alice creates a Flickr account at flickr.com ◮ Alice creates a principal using security manager ◮ Alice gives credentials to Flickr ◮ Flickr starts an import photos wizard ◮ Invokes Powerbox ◮ What files would you like to import to Flickr? ◮ Alice selects one or more directories

  20. Integrating the Powerbox into Flickr ◮ Alice creates a Flickr account at flickr.com ◮ Alice creates a principal using security manager ◮ Alice gives credentials to Flickr ◮ Flickr starts an import photos wizard ◮ Invokes Powerbox ◮ What files would you like to import to Flickr? ◮ Alice selects one or more directories ◮ Differences: ◮ One additional step ◮ But, Alice can use her own tools to upload photos

  21. Powerbox Protocol in S4 4. delegate, pb_close 2. pb_invoke 5. pb_close 3. Open Dialog 1. File → Open

  22. Performance ◮ User’s storage is authoritative ◮ Services can (should) still cache ◮ Prompt propagation of updates

  23. Adoption ◮ User’s want it ◮ Improved usability, control ⇒ Current services lost control ◮ = ◮ Differentiator for new service providers

  24. Adoption ◮ User’s want it ◮ Improved usability, control ⇒ Current services lost control ◮ = ◮ Differentiator for new service providers ◮ Big services providers want it? ◮ Increase user traffic by becoming a storage provider

  25. Implementation ◮ 4000 lines of Python (SLOCCount) ◮ Single machine, Single threaded ◮ S3 compatible ◮ S3 and SQLite backends ◮ Principal and filter interfaces complete, some Powerbox

  26. Future Work ◮ Filters based on files’ tags ◮ Snapshots for recovery ◮ COW for experimentation ◮ Publish/subscribe for updates ◮ Throttling bandwidth intensive services ◮ Do not disclose content to server

  27. Summary The Bad (the status quo) ◮ Data lock-in ◮ Data spew ◮ Version drift The Good (what S4 tries to achieve) ◮ Single (perceived) file system ◮ Least privilege ◮ Minimal user interaction with security monitor ◮ Powerbox ◮ Protection mechanisms consistent with user’s intuitions ◮ All JPEG files ◮ Delegate access to not-yet-existing objects ◮ Consistent naming of objects

  28. Take Aways ◮ Filtering matches how users think about security policies ◮ Powerbox helps make security invisible

  29. Image Attributions ◮ User Images - User Experience Deliverables by Peter Morville and Jeffery Callender - http://www.flickr. com/photos/morville/3220961846/ - CC Attribution 2.0 ◮ File Images - http: //www.openclipart.org/user-cliparts/sarxos - Public Domain ◮ Key Image - http://www.openclipart.org/people/ johnny_automatic/ - Public Domain

  30. Summary The Bad (the status quo) ◮ Data lock-in ◮ Data spew ◮ Version drift The Good (what S4 tries to achieve) ◮ Single (perceived) file system ◮ Least privilege ◮ Minimal user interaction with security monitor ◮ Powerbox ◮ Protection mechanisms consistent with user’s intuitions ◮ All JPEG files ◮ Delegate access to not-yet-existing objects ◮ Consistent naming of objects

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Personal Cloud Storage Services: Measurement, Analysis and Challenges Zeqi Lai Tsinghua

Personal Cloud Storage Services: Measurement, Analysis and Challenges Zeqi Lai Tsinghua

Personal Cloud Storage Services: Measurement, Analysis and Challenges Zeqi Lai Tsinghua University Personal cloud storage: identifying sync inefficiency l Personal cloud storage services are gaining popularity l Sync inefficiency in current

459 views • 4 slides
Inside Dropbox: Understanding Personal Cloud Storage Services Idilio Drago Marco Mellia

Inside Dropbox: Understanding Personal Cloud Storage Services Idilio Drago Marco Mellia

Inside Dropbox: Understanding Personal Cloud Storage Services Idilio Drago Marco Mellia Maurizio M. Munaf` o Anna Sperotto Ramin Sadre Aiko Pras IRTF Vancouver Motivation and goals 1 Personal cloud storage

323 views • 31 slides
Cloud Storage Nabil Abdennadher nabil.abdennadher@hesge.ch 1 Cloud storage Objective

Cloud Storage Nabil Abdennadher nabil.abdennadher@hesge.ch 1 Cloud storage Objective

Cloud Storage Nabil Abdennadher nabil.abdennadher@hesge.ch 1 Cloud storage Objective Provide logical storage pools that abstract a more complex distributed infrastructure made of commodity hardware Separate storage service

627 views • 15 slides
Trusting Trusting the Cloud with the Cloud with Practical Interact Practical Interactive ive

Trusting Trusting the Cloud with the Cloud with Practical Interact Practical Interactive ive

Trusting Trusting the Cloud with the Cloud with Practical Interact Practical Interactive ive Proofs Proofs Graham Cormode G.Cormode@warwick.ac.uk Amit Chakrabarti (Dartmouth) Andrew McGregor (U Mass Amherst) Justin Thaler (Harvard/Yahoo!)

257 views • 14 slides
Compelling Economics: Traditional Storage vs. StorSimple Traditional Storage + Data Protection

Compelling Economics: Traditional Storage vs. StorSimple Traditional Storage + Data Protection

Compelling Economics: Traditional Storage vs. StorSimple Traditional Storage + Data Protection Architecture StorSimple Cloud-integrated Storage Servers Servers Primary Volume Disk Array Primary Volume ($100K; Double if Replicated) Snapshot

190 views • 15 slides
Cloud storage state of affairs Storage clusters contain thousands of storage nodes, with e.g. 500

Cloud storage state of affairs Storage clusters contain thousands of storage nodes, with e.g. 500

A mathematical theory of distributed storage Dagstuhl workshop (16321) Coding in the time of Big Data Michael Luby August 8, 2016 Research Cloud storage state of affairs Storage clusters contain thousands of storage nodes, with e.g. 500 TB

796 views • 37 slides
A Simulation-based Evaluation of a Hybrid Storage System combining P2P, F2F, and Cloud storage

A Simulation-based Evaluation of a Hybrid Storage System combining P2P, F2F, and Cloud storage

. . A Simulation-based Evaluation of a Hybrid Storage System combining P2P, F2F, and Cloud storage with a Distributed Reputation System Anders Skoglund andsk668@student.liu.se November 04, 2013 . Cloud storage P2P storage F2F storage

660 views • 36 slides
Large objects in the Cloud Thursday, 11 April 13 Riak Cloud Storage Cloud Storage software

Large objects in the Cloud Thursday, 11 April 13 Riak Cloud Storage Cloud Storage software

Large objects in the Cloud Thursday, 11 April 13 Riak Cloud Storage Cloud Storage software backed by Riak Simple API Multi-tenant, Per-tenant Reporting Pluggable Authentication Multi Data Center Replication (Enterprise)

369 views • 18 slides
Could Cloud Storage Be Disrupted in the Next Decade? Andromachi Chatzieleftheriou, Ioan

Could Cloud Storage Be Disrupted in the Next Decade? Andromachi Chatzieleftheriou, Ioan

Could Cloud Storage Be Disrupted in the Next Decade? Andromachi Chatzieleftheriou, Ioan Stefanovici , Dushyanth Narayanan Benn Thomsen, Antony Rowstron Microsoft Research Cloud Storage Landscape: Yesterday + Today Storage Technologies $$$$

147 views • 12 slides
Device-Transparent Personal Storage Based on the article Eyo: Device Transparent Personal

Device-Transparent Personal Storage Based on the article Eyo: Device Transparent Personal

Device-Transparent Personal Storage Based on the article Eyo: Device Transparent Personal Storage by Jacob Strauss, Justin Mazzola Paluska, Chris Lesniewski-Laas, Bryan Ford, Robert Morris, Frans Kaashoek Eyos assumptions and API

490 views • 30 slides
GLUSTER The storage for your Hybrid Cloud Amar Tumballi, Manager, Storage Engineering

GLUSTER The storage for your Hybrid Cloud Amar Tumballi, Manager, Storage Engineering

GLUSTER The storage for your Hybrid Cloud Amar Tumballi, Manager, Storage Engineering Maintainer, GlusterFS SDC India - 24th May, 2018 CONTENTS Define: Hybrid Cloud & Infrastructure Understand: What are the storage needs of hybrid

527 views • 16 slides
Update on NIIFI's storage and cloud related activities TF-Storage Meeting September 27, 2012

Update on NIIFI's storage and cloud related activities TF-Storage Meeting September 27, 2012

Update on NIIFI's storage and cloud related activities TF-Storage Meeting September 27, 2012 Dubrovnik, Croatia Szabolcs Szkelyi <szekelyi@niif.hu> Agenda Storage infrastructure update Archiving service Cloud GUI

877 views • 18 slides
Verifiability for Cloud Storage and Computation Melek nen July 5th, 2016 Lorient Joint

Verifiability for Cloud Storage and Computation Melek nen July 5th, 2016 Lorient Joint

Verifiability for Cloud Storage and Computation Melek nen July 5th, 2016 Lorient Joint work with Monir Azraoui, Kaoutar Elkhiyaoui, Refik Molva Cloud Outsourcing Storage and Computation Data storage Data processing [Cloud Security

393 views • 23 slides
: Taming the Cloud Object Storage Ali Anwar , Yue Cheng , Aayush Gupta , Ali R. Butt

: Taming the Cloud Object Storage Ali Anwar , Yue Cheng , Aayush Gupta , Ali R. Butt

: Taming the Cloud Object Storage Ali Anwar , Yue Cheng , Aayush Gupta , Ali R. Butt Virginia Tech & IBM Research Almaden Cloud object stores enable cost-efficient data storage Object storage 2 Cloud object

720 views • 46 slides
Update on cloud and storage development at NIIFI 8th TF-Storage Meeting February 4, 2011

Update on cloud and storage development at NIIFI 8th TF-Storage Meeting February 4, 2011

Update on cloud and storage development at NIIFI 8th TF-Storage Meeting February 4, 2011 Budapest, Hungary Szkelyi Szabolcs <szekelyi@niif.hu> Cloud Infrastructure as a Service Virtual machines, virtual networks, disk images,

115 views • 10 slides
Cloud Computing and Cloud Storage By: Maurice Kelly History of Internet and Cloud Computing

Cloud Computing and Cloud Storage By: Maurice Kelly History of Internet and Cloud Computing

Cloud Computing and Cloud Storage By: Maurice Kelly History of Internet and Cloud Computing Internet began in the 1950s Internet has been quite revolutoinary due to its lightning fast communication privelages and data sharing. Cloud

378 views • 6 slides
UIL Academics Bulldog Festival Leadership Team O c t o b e r 5 , 2 0 1 8 Be a

UIL Academics Bulldog Festival Leadership Team O c t o b e r 5 , 2 0 1 8 Be a

UIL Academics Bulldog Festival Leadership Team O c t o b e r 5 , 2 0 1 8 Be a leader among the group!!! Cake Walk. Take an application and turn it in by October 2nd to Mr. Wilder!! Things to Consider: 1. Team Bonding 2.

236 views • 9 slides
Mara Beln Power Associate Executive Director GreenRoots Sustainable Quarterly Climate

Mara Beln Power Associate Executive Director GreenRoots Sustainable Quarterly Climate

Energy Democracy and Environmental Justice Mara Beln Power Associate Executive Director GreenRoots Sustainable Quarterly Climate Adaptation Forum | November 30 , 2018 Solutions Lab Maria Belen Power & Sandra Nijar GreenRoots EFSB

215 views • 10 slides
Technology in the Anglophone Section 2015-2016 2nde-Terminale Digital Citizen Agreement t e

Technology in the Anglophone Section 2015-2016 2nde-Terminale Digital Citizen Agreement t e

Technology in the Anglophone Section 2015-2016 2nde-Terminale Digital Citizen Agreement t e c t o P r & c t e p s R e Respect & Protect Others l f s e r u o Y e d s t p o g e s m a d i a n

189 views • 5 slides
IEO & ICO The Exchange was launched on May 25 th ,2018. W H A T I S T H E Decentralized

IEO & ICO The Exchange was launched on May 25 th ,2018. W H A T I S T H E Decentralized

Omnichannel platform for digital crowdfunding IEO & ICO The Exchange was launched on May 25 th ,2018. W H A T I S T H E Decentralized ECOSYSTEM with its own digital token DEEX projects capitalization is more than More than 100 000

389 views • 13 slides
Global Warming in 30 Minutes Gerald R. North Department of Atmospheric Sciences Texas A&M

Global Warming in 30 Minutes Gerald R. North Department of Atmospheric Sciences Texas A&M

Global Warming in 30 Minutes Gerald R. North Department of Atmospheric Sciences Texas A&M University g-north@tamu.edu On the cover The uncertainty surrounding climate change argues for action, not inaction. America should lead

532 views • 25 slides
Young Workforce at Balerno October 2018 Aims: What is DYW and why is it a school priority.

Young Workforce at Balerno October 2018 Aims: What is DYW and why is it a school priority.

Developing the Young Workforce at Balerno October 2018 Aims: What is DYW and why is it a school priority. What does DYW looks like at Balerno. How can parents/carers and the wider Balerno community support the DYW agenda.

407 views • 25 slides
M&A Confidentiality Agreements: Strategies for Buyers and Sellers Negotiating Non-Disclosure

M&A Confidentiality Agreements: Strategies for Buyers and Sellers Negotiating Non-Disclosure

Presenting a live 90-minute webinar with interactive Q&A M&A Confidentiality Agreements: Strategies for Buyers and Sellers Negotiating Non-Disclosure Provisions THURSDAY, JULY 17, 2014 1pm Eastern | 12pm Central | 11am Mountain

593 views • 46 slides
WJC PRESIDENT RONALD S. LAUDER ADDRESS TO THE 15 TH WJC PLENARY ASSEMBLY NEW YORK, APRIL 24 2017

WJC PRESIDENT RONALD S. LAUDER ADDRESS TO THE 15 TH WJC PLENARY ASSEMBLY NEW YORK, APRIL 24 2017

WJC PRESIDENT RONALD S. LAUDER ADDRESS TO THE 15 TH WJC PLENARY ASSEMBLY NEW YORK, APRIL 24 2017 Thank you, and good morning. My friends, colleagues, my fellow Jews. I wish you could see what I see. I look across this room and I see such amazing

246 views • 6 slides

More recommend