Growing Secure Distributed Systems from a Spore
description
Transcript of Growing Secure Distributed Systems from a Spore
![Page 1: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/1.jpg)
Growing Secure Distributed Systems from a Spore
Yunus Basagalar, Vassilios Lekakis and Pete KeleherUniversity of Maryland, College Park
![Page 2: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/2.jpg)
Problem
• Outsourcing data is trendyo geographically replicatedo no downtime
• Inherently insecureo implicit trust
![Page 3: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/3.jpg)
Goal
• Remove implicit trusto Minimize server functionalityo Leverage wider range of resources as storage serviceo Less code Less bugs
o Use cryptographic techniques
![Page 4: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/4.jpg)
Spore overviewObject X
Symmetric key for Object X
List of public keys allowed to modify
Object X
![Page 5: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/5.jpg)
Assumptions
• No higher-level functionality in the server sideo put/get/list interface
• Immutable objects
• No trust assumptiono except Spore object
![Page 6: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/6.jpg)
Everything starts with a single spore...
Creates spore object
Users
Bob
/.v1
![Page 7: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/7.jpg)
Spore
Spore Objectroot GUID 5c90ba31
symmetric key U0T1BT13io
servers
S3 --> addr: spore_bucketAzure --> addr: spore_blobLocal --> addr: /home/user/sporeSFTP --> addr: trial.cs.umd.edu user: trial pass: trial...
trusted keys
EF6C847F4EAB62F34BAF2438669B4672C5386EEFC465AE4CC645938B8AD9A97E52329486DEF2E9E8CC1A3AC
...
... ...
![Page 8: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/8.jpg)
Object graph
Users
Bob
/.v1
Bob's operations
1. mkdir /dir2. create /dir/foo3. edit /dir/foo4. create /dir/bar
![Page 9: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/9.jpg)
mkdir /dir
GUID 5c90ba31
Filename /
Version 1
Entries -
... ...
![Page 10: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/10.jpg)
mkdir /dir
GUID 5c90ba31
Filename /
Version 1
Entries -
... ...
GUID 7b610f93
Filename dir
Version 1
Entries -
... ...
1. put (7b610f93, dir_obj)
![Page 11: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/11.jpg)
mkdir /dir
GUID 5c90ba31
Filename /
Version 1
Entries -
... ...
GUID 7b610f93
Filename dir
Version 1
Entries -
... ...
GUID 2ca142a9Computed using a deterministic, fast, collision resistant
function
![Page 12: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/12.jpg)
mkdir /dir
GUID 5c90ba31
Filename /
Version 1
Entries -
... ...
1. put (7b610f93, dir_obj)2. put (2ca142a9, root_obj)
GUID 7b610f93
Filename dir
Version 1
Entries -
... ...
GUID 2ca142a9
Filename /
Version 2
Entries dir -> 7b610f93
... ...
![Page 13: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/13.jpg)
Object graph
Users
Bob
/.v1 /.v2
dir.v1
Bob's operations
1. mkdir /dir2. create /dir/foo3. edit /dir/foo4. create /dir/bar
implicit edge: between versions of an object
explicit edge: between parent object and its children, directory entries
![Page 14: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/14.jpg)
Object graph
Users
Bob
/.v1 /.v2
dir.v1 dir.v2
foo.v1
Bob's operations
1. mkdir /dir2. create /dir/foo3. edit /dir/foo4. create /dir/bar
![Page 15: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/15.jpg)
Object graph
Users
Bob
/.v1 /.v2
dir.v1 dir.v2
foo.v1 foo.v2
Bob's operations
1. mkdir /dir2. create /dir/foo3. edit /dir/foo4. create /dir/bar
![Page 16: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/16.jpg)
Object graph
Users
Bob
/.v1 /.v2
dir.v1 dir.v2
foo.v1 foo.v2
dir.v3
bar.v1
Bob's operations
1. mkdir /dir2. create /dir/foo3. edit /dir/foo4. create /dir/bar
![Page 17: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/17.jpg)
Sharing the Spore
Users
Bob
Alice /.v1 /.v2
dir.v1 dir.v2
foo.v1 foo.v2
Alice's operations
1. read /dir/foo
dir.v3
bar.v1
Bob shares the spore with
Alice
![Page 18: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/18.jpg)
Traversing the object graph
Users
Bob
Alice /.v1 /.v2
dir.v1 dir.v2
foo.v1 foo.v2
Alice's operations
1. read /dir/foo
dir.v3
bar.v1
![Page 19: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/19.jpg)
Traversing the object graph
Users
Bob
Alice /.v1 /.v2
dir.v1 dir.v2
foo.v1 foo.v2
Alice's operations
1. read /dir/foo
dir.v3
bar.v1
![Page 20: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/20.jpg)
Traversing the object graph
Users
Bob
Alice /.v1 /.v2
dir.v1 dir.v2
foo.v1 foo.v2
Alice's operations
1. read /dir/foo
dir.v3
bar.v1
Alice's operations
1. read /dir/foo
![Page 21: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/21.jpg)
Spore overview
![Page 22: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/22.jpg)
Forming trust region by induction
• In trust regiono data confidentialityo authentication of updateso self-consistent objects
Trust Region
Trust Region
![Page 23: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/23.jpg)
Confidentiality
Users
Bob
Alice /.v1 /.v2
dir.v1 dir.v2
foo.v1 foo.v2
Alice's operations
1. read /dir/foo
dir.v3
bar.v1
![Page 24: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/24.jpg)
Grant read access to Alice
/.v1 /.v2 dir.v1 dir.v2 dir.v3 foo.v1 foo.v2
Symmetric key for foo.v2 Alice’s public key
• How: Include the key encrypted with Alice’s public key
![Page 25: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/25.jpg)
Authentication
Users
Bob
Alice /.v1 /.v2
dir.v1 dir.v2
foo.v1 foo.v2
Alice's operations
1. edit /dir/bar
dir.v3
bar.v1
Bob's operations
1. read /dir/bar
![Page 26: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/26.jpg)
Authentication
Users
Bob
Alice /.v1 /.v2
dir.v1 dir.v2
foo.v1 foo.v2
Alice's operations
1. edit /dir/bar
dir.v3
bar.v1
Bob's operations
1. read /dir/bar
bar.v2
![Page 27: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/27.jpg)
Authentication
Users
Bob
Alice /.v1 /.v2
dir.v1 dir.v2
foo.v1 foo.v2
Alice's operations
1. edit /dir/bar
dir.v3
bar.v1
Bob's operations
1. read /dir/bar
bar.v2
Bob realizes Alice has no rights to modify bar
![Page 28: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/28.jpg)
Grant write permission to Alice
/.v1 /.v2 dir.v1 dir.v2 dir.v3 bar.v1
bar.v2: Alice’s public key
• How: Include Alice’s public key as a writer for bar
![Page 29: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/29.jpg)
Self-consistent objects
Users
Bob
Alice
/.v1 /.v2
dir.v1 dir.v2
foo.v1 foo.v2
dir.v3
bar.v1 bar.v2.$HASH
bar.v2$HASH = H where H is a collision-resistant hash function
![Page 30: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/30.jpg)
Spore overviewObject X
Symmetric key for Object X
List of public keys allowed to modify
Object X
![Page 31: Growing Secure Distributed Systems from a Spore](https://reader036.fdocuments.us/reader036/viewer/2022062520/568162b9550346895dd34074/html5/thumbnails/31.jpg)
Conclusion
• Growing a secure distributed system from a Sporeo authenticated writeso confidentialityo self-consistent objectso minimal server-side functionality