skip to main content
article

Strong accountability for network storage

Published:01 October 2007Publication History
Skip Abstract Section

Abstract

This article presents the design, implementation, and evaluation of CATS, a network storage service with strong accountability properties. CATS offers a simple web services interface that allows clients to read and write opaque objects of variable size. This interface is similar to the one offered by existing commercial Internet storage services. CATS extends the functionality of commercial Internet storage services by offering support for strong accountability.

A CATS server annotates read and write responses with evidence of correct execution, and offers audit and challenge interfaces that enable clients to verify that the server is faithful. A faulty server cannot conceal its misbehavior, and evidence of misbehavior is independently verifiable by any participant. CATS clients are also accountable for their actions on the service. A client cannot deny its actions, and the server can prove the impact of those actions on the state views it presented to other clients.

Experiments with a CATS prototype evaluate the cost of accountability under a range of conditions and expose the primary factors influencing the level of assurance and the performance of a strongly accountable storage server. The results show that strong accountability is practical for network storage systems in settings with strong identity and modest degrees of write-sharing. We discuss how the accountability concepts and techniques used in CATS generalize to other classes of network services.

References

  1. Aiyer, A. S., Alvisi, L., Clement, A., Dahlin, M., Martin, J.-P., and Porth, C. 2005. BAR fault tolerance for cooperative services. In Proceedings of the 20th ACM Symposium on Operating Systems Principles (SOSP). Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Amazon.com, Inc. 2007. Amazon simple storage service (Amazon S3). http://www.amazon.com/gp/browse.html?node=16427261.Google ScholarGoogle Scholar
  3. Anagnostopoulos, A., Goodrich, M. T., and Tamassia, R. 2001. Persistent authenticated dictionaries and their applications. In 4th International Conference on Information Security. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Anderson, R. J. 1994. Why cryptosystems fail. Commun. ACM 37, 11 (Nov.), 32--40. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Bayer, R. and McCreight, E. M. 1972. Organization and maintenance of large ordered indices. Acta Informatica 1, 173--189.Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Benaloh, J. and de Mare, M. 1997. One-Way accumulators: A decentralized alternative to digital signatures (extended abstract). In Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques on Advances on Cryptology, 480--494. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Buldas, A., Laud, P., and Lipmaa, H. 2000. Accountable certificate management using undeniable attestations. In Proceedings of the 7th ACM Conference of Computer and Communications Security, 9--17. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Buldas, A., Laud, P., Lipmaa, H., and Villemson, J. 1998. Time-Stamping with binary linking schemes. In Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques on Advances on Cryptology. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Castro, M. and Liskov, B. 1999. Practical Byzantine fault tolerance. In Proceedings of the 3rd USENIX Symposium on Operating Systems Design and Implementation. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Driscoll, J., Sarnak, N., Sleator, D. D., and Tarjan, R. 1989. Making data structures persistent. J. Comput. Syst. Sci. 38, 86--124. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Ferraiolo, D. and Kuhn, R. 1992. Role-Based access controls. In 15th National Computer Security Conference.Google ScholarGoogle Scholar
  12. Fu, K., Kaashoek, M. F., and Maziéres, D. 2000. Fast and secure distributed read-only file system. In Proceedings of the 4th USENIX Symposium on Operating Systems Design and Implementation, 181--196. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Fu, Y., Chase, J., Chun, B., Schwab, S., and Vahdat, A. 2003. SHARP: An architecture for secure resource peering. In Proceedings of the 19th ACM Symposium on Operating System Principles (SOSP), 133--148. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Goodrich, M., Tamassia, R., and Schwerin, A. 2001. Implementation of an authenticated dictionary with skip lists and commutative hashing. In Proceedings of the DARPA Information Survivability Conference and Exposition, 68--82.Google ScholarGoogle Scholar
  15. Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., and Fu, K. 2003. Plutus: scalable secure file sharing on untrusted storage. In Proceedings of the 2nd USENIX Conference on File and Storage Technologies. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Lampson, B. W. 2000. Computer security in the real world. In Proceedings of the Annual Computer Security Applications Conference.Google ScholarGoogle Scholar
  17. Laskowski, P. and Chuang, J. 2006. Network monitors and contracting systems: Competition and innovation. In Proceedings of the ACM SIGCOMM Data Communications Festival. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Lehman, P. L. and Yao, S. B. 1981. Efficient locking for concurrent operations on B-trees. ACM Trans. Database Syst. 6, 650--670. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Li, J., Krohn, M. N., Mazières, D., and Shasha, D. 2004. Secure untrusted data repository (SUNDR). In Proceedings of the 6th USENIX Symposium on Operating Systems Design and Implementation, 91--106. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. MacCormick, J., Murphy, N., Najork, M., Thekkath, C. A., and Zhou, L. 2004. Boxwood: Abstractions as the foundation for storage infrastructure. In Proceedings of the 6th USENIX Symposium on Operating Systems Design and Implementation, 105--120. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Maheshwari, U., Vingralek, R., and Shapiro, W. 2000. How to build a trusted database system on untrusted storage. In Proceedings of the 4th USENIX Symposium on Operating System Design and Implementation. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Maniatis, P. 2003. Historic integrity in distributed systems. Ph.D. thesis, Stanford University. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Maniatis, P. and Baker, M. 2002a. Enabling the archival storage of signed documents. In Proceedings of the 1st USENIX Conference on File and Storage Technologies, 31--45. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Maniatis, P. and Baker, M. 2002b. Secure history preservation through timeline entanglement. In Proceedings of the 11th USENIX Security Sysmposium. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Mazières, D. and Shasha, D. 2002. Building secure file systems out of Byzantine storage. In Proceedings of the 21st Annual ACM Symposium on Principles of Distributed Computing, 108-- 117. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Merkle, R. C. 1980. Protocols for public key cryptosystems. In Proceedings of the Sysmposium on Security and Privacy, 122--133.Google ScholarGoogle ScholarCross RefCross Ref
  27. Naor, M. and Nissim, K. 2000. Certificate revocation and certificate update. IEEE J. Select. Areas Commun. 18, 4, 561--570. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Pearlman, L., Welch, V., Foster, I., Kesselman, C., and Tuecke, S. 2002. A community authorization service for group collaboration. In Proceedings of the 3rd IEEE International Workshop on Policies for Distributed Systems and Networks. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Quinlan, S. and Dorward, S. 2002. Venti: A new approach to archival storage. In the 1st USENIX Conference on File and Storage Technologies. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Rosenblum, M. and Ousterhout, J. K. 1991. The design and implementation of a log-structured file system. In Proceedings of the 13th ACM Symposium on Operating Systems Principles (SOSP). Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Schneider, F. B. 1990. Implementing fault-tolerant services using the state machine approach: A tutorial. ACM Comput. Surv. 22, 4 (Dec.), 299--319. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Schneier, B. and Kelsey, J. 1998. Cryptographic support for secure logs on untrusted machines. In Proceedings of the 7th USENIX Security Symposium, 53--62. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Schneier, B. and Kelsey, J. 1999. Secure audit logs to support computer forensics. ACM Trans. Inf. Syst. Secur. 2, 2 (May), 159--176. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Smith, S. W., Palmer, E. R., and Weingart, S. 1998. Using a high-performance, programmable secure coprocessor. In Financial Cryptography, Springer, 73--89. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Tamassia, R. and Triandopoulos, N. 2003. On the cost of authenticated data structures. Tech. Rep., Brown University.Google ScholarGoogle Scholar
  36. Trusted Computing Group. 2007. Trusted platform module specification. https://www. trustedcomputinggroup.org/groups/tpm/.Google ScholarGoogle Scholar
  37. Welsh, M., Culler, D. E., and Brewer, E. A. 2001. SEDA: An architecture for well-conditioned, scalable internet services. In Proceedings of the 18th ACM Symposium on Operating Systems Principles (SOSP). Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Yumerefendi, A. and Chase, J. S. 2004. Trust but verify: Accountability for network services. In Proceedings of the 11th ACM SIGOPS European Workshop. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Strong accountability for network storage

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!