SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.
-
Upload
byron-maxwell -
Category
Documents
-
view
230 -
download
0
Transcript of SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.
![Page 1: SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.](https://reader030.fdocuments.us/reader030/viewer/2022032601/56649dd05503460f94ac58d0/html5/thumbnails/1.jpg)
SPORC: Group Collaborationusing Untrusted Cloud Resources
OSDI 2010Presented by Yu Chen
![Page 2: SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.](https://reader030.fdocuments.us/reader030/viewer/2022032601/56649dd05503460f94ac58d0/html5/thumbnails/2.jpg)
Cloud-based Collaborative Services
Pros:
-Global accessibility, High availability,
-Fault tolerance,
-Elastic resource allocation and scaling Cons and Problem:
-Sacrifice in security and privacy What if the server is malicious?
![Page 3: SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.](https://reader030.fdocuments.us/reader030/viewer/2022032601/56649dd05503460f94ac58d0/html5/thumbnails/3.jpg)
Solution: SPORC
Agnostic and untrusted server
- provides a generic collaboration service
- assigns a global order
- stores updates in its encrypted history
- can be potentially MALICIOUS
![Page 4: SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.](https://reader030.fdocuments.us/reader030/viewer/2022032601/56649dd05503460f94ac58d0/html5/thumbnails/4.jpg)
Solution: SPORC
Smart Clients
-guarantee security by users' cryptographic keys
-provides operational transformation
-provides fork* consistency
-recover from malicious forks
-access the documents on behalf of authorized
users
![Page 5: SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.](https://reader030.fdocuments.us/reader030/viewer/2022032601/56649dd05503460f94ac58d0/html5/thumbnails/5.jpg)
Goals
Flexible framework for a broad class of collaborative services
Propagate modifications quickly Tolerate slow or discounted networks Keep data confidential Detect a misbehaving server Recover from malicious server behavior
![Page 6: SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.](https://reader030.fdocuments.us/reader030/viewer/2022032601/56649dd05503460f94ac58d0/html5/thumbnails/6.jpg)
Background: Operational Transformation
Problem: Operations might conflict with each other Example:
State: ABCDE
Alice: op1='del 4' Bob: op2='del 2'
naïve execution:
Alice: ACE Bob:ACD OT enables optimal local updates and eventual
consistency
![Page 7: SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.](https://reader030.fdocuments.us/reader030/viewer/2022032601/56649dd05503460f94ac58d0/html5/thumbnails/7.jpg)
Background:Operational Transformation
Example:
State: ABCDE
Alice: op1='del 4'; op2' Bob op2='del 2'; op1'
![Page 8: SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.](https://reader030.fdocuments.us/reader030/viewer/2022032601/56649dd05503460f94ac58d0/html5/thumbnails/8.jpg)
Background: Fork* Consistency
Problem:
Divergent views from misbehaving server Solution:
-Clients share information about the history
-
- Possible partitions into groups, but solvable
![Page 9: SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.](https://reader030.fdocuments.us/reader030/viewer/2022032601/56649dd05503460f94ac58d0/html5/thumbnails/9.jpg)
Deployment and Threat Model
Deployment
-Large number of users and documents
-Server: replicating functionality and partitioning state
-Client-driven failover and recovery Threat Model
- Server: potentially malicious; unable to corrupt the clients' states
- Client: trusts assigned according to the user; genuine code
![Page 10: SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.](https://reader030.fdocuments.us/reader030/viewer/2022032601/56649dd05503460f94ac58d0/html5/thumbnails/10.jpg)
System Overview
![Page 11: SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.](https://reader030.fdocuments.us/reader030/viewer/2022032601/56649dd05503460f94ac58d0/html5/thumbnails/11.jpg)
Invariance in SPORC
Local Coherence:
Starting from an empty state, applying the operations in commited history and pending queue will result in the current state
Fork* Consistency Client-Order Preservation
![Page 12: SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.](https://reader030.fdocuments.us/reader030/viewer/2022032601/56649dd05503460f94ac58d0/html5/thumbnails/12.jpg)
Operations
Labeled with the name of the user Digitally signed by the user's private key Includes the client ID Document Operations
- encrypted under a symmetric key Meta Operations Why 2 different operations? Solution later.
![Page 13: SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.](https://reader030.fdocuments.us/reader030/viewer/2022032601/56649dd05503460f94ac58d0/html5/thumbnails/13.jpg)
Sequence Numbers and Hash Chains
Client Sequence Number(clntSeqNo) Global Sequence Number(seqNo)
Last Commited Operation(opn)
Last Commited Operation Number(prevSeqNo) Verification:
- Client order preservation(Efficiency??)
- Fork* consistency
![Page 14: SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.](https://reader030.fdocuments.us/reader030/viewer/2022032601/56649dd05503460f94ac58d0/html5/thumbnails/14.jpg)
Resolving confliects with OT
Additional Operations from the Server
-seqNo>preSeqNo+1
-op'new ← T(opnew,
<opprevSeqNo+1,...,opseqNo-1>)
Uncommited Operations in the Client's Pending Queue
-
![Page 15: SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.](https://reader030.fdocuments.us/reader030/viewer/2022032601/56649dd05503460f94ac58d0/html5/thumbnails/15.jpg)
Membership Management
Access Control List
- reader, editor and administrator
- ModifyUserOp Payloads encrypted by AES + users' public keys User Removal: new random AES key Barrier Operation
-Continuous Chain of Keys(or Checkpoints)
![Page 16: SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.](https://reader030.fdocuments.us/reader030/viewer/2022032601/56649dd05503460f94ac58d0/html5/thumbnails/16.jpg)
Extension: Checkpoint
Supported by individual clients CheckpointOp
- Encryption with current document key
- contains the hash of encrypted checkpoint data Verification of CheckpointOp
- meta-history
![Page 17: SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.](https://reader030.fdocuments.us/reader030/viewer/2022032601/56649dd05503460f94ac58d0/html5/thumbnails/17.jpg)
Extension: Checking for ForksOut-of-Band
Fork partition created by the server:
-Clients of one fork might never know the history
of clients of another fork Check for Forks Out-of-Band
- Message exchanging between clients
- <c,d,s,hs>
- Request of missing operation from the server
![Page 18: SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.](https://reader030.fdocuments.us/reader030/viewer/2022032601/56649dd05503460f94ac58d0/html5/thumbnails/18.jpg)
Recovering from a Fork
Recovery via a new server
-Both clients will roll back their histories to their last common point before fork
-One of them upload the common history to the new server
-Both of them will resubmit the operations after the fork
![Page 19: SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.](https://reader030.fdocuments.us/reader030/viewer/2022032601/56649dd05503460f94ac58d0/html5/thumbnails/19.jpg)
Implementation
generic server client-libraries
-sending, receiving, encryption, OT and consistency checks
Applications:
-Key-value store
-collaborative text editor
![Page 20: SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.](https://reader030.fdocuments.us/reader030/viewer/2022032601/56649dd05503460f94ac58d0/html5/thumbnails/20.jpg)
Experimentatal Evaluation Hardware
-2.3GHz AMD Opteron
-8GB of RAM
-gigabit switched ethernet Metrics
-Latency
-Server throughput
-Client time-to-join
![Page 21: SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.](https://reader030.fdocuments.us/reader030/viewer/2022032601/56649dd05503460f94ac58d0/html5/thumbnails/21.jpg)
Latency
![Page 22: SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.](https://reader030.fdocuments.us/reader030/viewer/2022032601/56649dd05503460f94ac58d0/html5/thumbnails/22.jpg)
Latency
![Page 23: SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.](https://reader030.fdocuments.us/reader030/viewer/2022032601/56649dd05503460f94ac58d0/html5/thumbnails/23.jpg)
Server Throughput
![Page 24: SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.](https://reader030.fdocuments.us/reader030/viewer/2022032601/56649dd05503460f94ac58d0/html5/thumbnails/24.jpg)
Client time-to-join
![Page 25: SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.](https://reader030.fdocuments.us/reader030/viewer/2022032601/56649dd05503460f94ac58d0/html5/thumbnails/25.jpg)
Conclusion
OT enables optimistic updates and reconciles clients' conflicting states
OT and fork* consistency complement each other well
Membership mamangement architecture
![Page 26: SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.](https://reader030.fdocuments.us/reader030/viewer/2022032601/56649dd05503460f94ac58d0/html5/thumbnails/26.jpg)
Discussion
The extension are not evaluated in this paper Check for Forks Out-of-Band or Recovering from
a Fork:
-What if the client is also malicious?
-How should we prevent the client-server collusion?
What is the mean time to detect a malicious server with no partition of forks and clients?