SLIDE 1
Yun Tian and Xiao Qin
Computer Science and Software Engineering Department Auburn University Auburn, AL 36849
8/22/2011 2
Large-scale data processing Scalability, availability, performance, security
Yun Tian and Xiao Qin Computer Science and Software Engineering - - PowerPoint PPT Presentation
Yun Tian and Xiao Qin Computer Science and Software Engineering - - PowerPoint PPT Presentation
Yun Tian and Xiao Qin Computer Science and Software Engineering Department Auburn University Auburn, AL 36849 Large-scale data processing Scalability, availability, performance, security 2 8/22/2011 Security is achieved at the
SLIDE 2
SLIDE 3
8/22/2011 3
Security is achieved at the cost
- f
performance degradation
P S
Security Overheads
S P
SLIDE 4
(m, n) Secret sharing - e.g., (2, 3) File Fragmentation
8/22/2011 4
Motivation: Storage nodes in a distributed system have heterogeneous vulnerabilities.
SLIDE 5
A wide variety of:
- Hardware (e.g., SSDs, HDDs, Tapes)
- Software (e.g, HDFS, Lustre, PVFS)
Heterogeneities affect performance
8/22/2011 5
Can we leverage heterogeneity features to improve security for distributed systems?
SLIDE 6
8/22/2011 6
Fragment a
a
F
Fragment b Fragment c
File F has 3 fragments: a, b, c F(i)= j mod n
SLIDE 7
8/22/2011 7
Problem?
Fragment a Fragment b Fragment c
Reconstruct
File F
SLIDE 8
8/22/2011 8 8/22/2011 8
The Architecture of a Cluster
Client
Network switch Computing nodes
Storage subsystems (or Storage Area Network) Internet
Head Node
SLIDE 9
8/22/2011 9
SLIDE 10
8/22/2011 10
R
R1 Rk
f1 fk Reconstruct
File F
SLIDE 11
A file’s fragment-allocation decisions are guided by four policies
- Multiple server groups
- Store fragments of a file across as many
different server groups as possible
- Integrate the (m n) secret sharing scheme
- Allocate file fragments within a sub-system
to improve I/O performance
8/22/2011 11
SLIDE 12
Diversity make sense?
- A team with diversity make creativity;
- A system with diversity may improve security;
- We divide storage nodes of a system into
different “server type” based on their different security level or strategy caused by hardware or software;
8/22/2011 12
SLIDE 13
Store fragments of a file across as many different
server-type groups as possible
8/22/2011 13
SLIDE 14
Allocate file fragments to improve I/O
performance
- Allocating fragments of a file into different
storage clusters can degrade performance.
- Our S-FAS scheme attempts to allocate
fragments to storage nodes within a cluster.
8/22/2011 14
SLIDE 15
8/22/2011 15
Fragmentation technique Heterogeneous Natures Secret sharing scheme(m n)
To improve the assurance level
SLIDE 16
8/22/2011 16
SLIDE 17
8/22/2011 17
Static Dynamic
SLIDE 18
8/22/2011 18
SLIDE 19
8/22/2011 19
We gradually increase system size from 45 to 70 by increments of 5, keep k at 3,and also vary m from 4 to 8.
SLIDE 20
8/22/2011 20
SLIDE 21
8/22/2011 21
SLIDE 22
8/22/2011 22
SLIDE 23
8/22/2011 23
SLIDE 24
Heterogeneous vulnerability: storage nodes are
classified into different server groups based upon their vulnerabilities
S-FAS : a secure fragmentation allocation scheme Storage assurance and dynamic assurance models A prototype in which S-FAS was implemented
8/22/2011 24
SLIDE 25
8/22/2011 25
Consider data replications to enhance reliability and
performance
Authorization/Authentication mechanisms in the
prototype.
Encryption/Decryption Mechanisms in the
prototype.
SLIDE 26
Google: slideshare Xiao Qin
‹#›
SLIDE 27
Other Research Presentations and Projects
http://www.eng.auburn.edu/~xqin
SLIDE 28
My webpage
http://www.eng.auburn.edu/~xqin
SLIDE 29
Download Slides at slideshare
http://www.slideshare.net/xqin74
SLIDE 30
8/22/2011 30
Thank you!
SLIDE 31
8/22/2011 31