Mohamad-Jaafar Nehme, Nicolas Palix, Kamal Beydoun, Vivien Quéma
The recent Total-Order Broadcast protocols that have been designed to sustain high throughput and low latency target fully switched environments, such as small datacenters and clusters. These protocols fail to achieve good performance in multi-datacenter environments, that are characterized by non-uniform network connectivity among a set of remote datacenters. More precisely, machines within a datacenter are connected using a fully switched network, whereas machines across datacenters use shared inter-datacenter network cables. This paper presents a novel Total-Order Broadcast protocol, called MDC-cast that specifically targets multi-datacenter environments.
{"title":"MDC-Cast: A Total-Order Broadcast Protocol for Multi-Datacenter Environments","authors":"Mohamad-Jaafar Nehme, Nicolas Palix, Kamal Beydoun, Vivien Quéma","doi":"10.1109/SRDS.2018.00035","DOIUrl":"https://doi.org/10.1109/SRDS.2018.00035","url":null,"abstract":"The recent Total-Order Broadcast protocols that have been designed to sustain high throughput and low latency target fully switched environments, such as small datacenters and clusters. These protocols fail to achieve good performance in multi-datacenter environments, that are characterized by non-uniform network connectivity among a set of remote datacenters. More precisely, machines within a datacenter are connected using a fully switched network, whereas machines across datacenters use shared inter-datacenter network cables. This paper presents a novel Total-Order Broadcast protocol, called MDC-cast that specifically targets multi-datacenter environments.","PeriodicalId":219374,"journal":{"name":"2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129341962","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Embedded devices are increasingly permeating our environment to collect data and act on the insight derived. Examples of such devices include smart environments and autonomous systems. The increasing ability to connect, communicate with, and remotely control such devices via the legacy internet has raised considerable security and privacy concerns. One key mechanism to protect the software integrity of these devices is attestation. In this dissertation, we devise attestation schemes that are scalable and applicable for large networks of embedded devices. In particular, we present attestation schemes that are capable of detecting remote malware infestation, physical, and run-time attacks in different settings including smart environments and autonomous systems.
{"title":"Collective Attestation: for a Stronger Security in Embedded Networks","authors":"Ahmad Ibrahim","doi":"10.1109/SRDS.2018.00039","DOIUrl":"https://doi.org/10.1109/SRDS.2018.00039","url":null,"abstract":"Embedded devices are increasingly permeating our environment to collect data and act on the insight derived. Examples of such devices include smart environments and autonomous systems. The increasing ability to connect, communicate with, and remotely control such devices via the legacy internet has raised considerable security and privacy concerns. One key mechanism to protect the software integrity of these devices is attestation. In this dissertation, we devise attestation schemes that are scalable and applicable for large networks of embedded devices. In particular, we present attestation schemes that are capable of detecting remote malware infestation, physical, and run-time attacks in different settings including smart environments and autonomous systems.","PeriodicalId":219374,"journal":{"name":"2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS)","volume":"450 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115858413","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In distributed systems and in particular in industrial SCADA environments, alert correlation systems are necessary to identify complex multi-step attacks within the huge amount of alerts and events. In this paper we describe an automata-based correlation engine developed in the context of a European project where the main stakeholder was an energy distribution company. The behavior of the engine is extended to fit new requirements. In the proposed solution, a fully automated process generates thousands of correlation rules. Despite this major scalability challenge, the designed correlation engine exhibits good performances. Expected rates of incoming low level alerts approaching several hundreds of elements per second are tolerated. Moreover, the used data structures allow to quickly handle dynamic changes of the set of correlation rules. As some attack steps are not observed, the correlation engine can be tuned to raise an alert when all the attack steps except k of them have been detected. To be able to react to an ongoing attack by taking countermeasures, alerts must also be raised as soon as a significant prefix of an attack scenario is recognized. Fulfilling these additional requirements leads to increase the memory consumption. Therefore purge mechanisms are also proposed and analyzed. An evaluation of the tool is conducted in the context of a SCADA environment.
{"title":"A Scalable and Efficient Correlation Engine to Detect Multi-Step Attacks in Distributed Systems","authors":"David Lanoë, M. Hurfin, Eric Totel","doi":"10.1109/SRDS.2018.00014","DOIUrl":"https://doi.org/10.1109/SRDS.2018.00014","url":null,"abstract":"In distributed systems and in particular in industrial SCADA environments, alert correlation systems are necessary to identify complex multi-step attacks within the huge amount of alerts and events. In this paper we describe an automata-based correlation engine developed in the context of a European project where the main stakeholder was an energy distribution company. The behavior of the engine is extended to fit new requirements. In the proposed solution, a fully automated process generates thousands of correlation rules. Despite this major scalability challenge, the designed correlation engine exhibits good performances. Expected rates of incoming low level alerts approaching several hundreds of elements per second are tolerated. Moreover, the used data structures allow to quickly handle dynamic changes of the set of correlation rules. As some attack steps are not observed, the correlation engine can be tuned to raise an alert when all the attack steps except k of them have been detected. To be able to react to an ongoing attack by taking countermeasures, alerts must also be raised as soon as a significant prefix of an attack scenario is recognized. Fulfilling these additional requirements leads to increase the memory consumption. Therefore purge mechanisms are also proposed and analyzed. An evaluation of the tool is conducted in the context of a SCADA environment.","PeriodicalId":219374,"journal":{"name":"2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130291211","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Suzhen Wu, Huagao Luan, Bo Mao, Hong Jiang, Gen Niu, Hui Rao, Fang Yu, Jindong Zhou
The reliability issue in deduplication-based storage systems has not received adequate attention. Existing approaches introduce data redundancy after files have been deduplicated, either by replication on critical data chunks, i.e., chunks with high reference count, or RAID schemes on unique data chunks, which means that these schemes are based on individual unique data chunks rather than individual files. This can leave individual files vulnerable to losses, particularly in the presence of transient and unrecoverable data chunk errors such as latent sector errors. To address this file reliability issue, this paper proposes a Per-File Parity (short for PFP) scheme to improve the reliability of deduplication-based storage systems. PFP computes the XOR parity within parity groups of data chunks of each file after the chunking process but before the data chunks are deduplicated. Therefore, PFP can provide parity redundancy protection for all files by intra-file recovery and a higher-level protection for data chunks with high reference counts by inter-file recovery. Our reliability analysis and extensive data-driven, failure-injection based experiments conducted on a prototype implementation of PFP show that PFP significantly outperforms the existing redundancy solutions, DTR and RCR, in system reliability, tolerating multiple data chunk failures and guaranteeing file availability upon multiple data chunk failures. Moreover, a performance evaluation shows that PFP only incurs an average of 5.7% performance degradation to the deduplication-based storage system.
{"title":"Improving Reliability of Deduplication-Based Storage Systems with Per-File Parity","authors":"Suzhen Wu, Huagao Luan, Bo Mao, Hong Jiang, Gen Niu, Hui Rao, Fang Yu, Jindong Zhou","doi":"10.1109/SRDS.2018.00028","DOIUrl":"https://doi.org/10.1109/SRDS.2018.00028","url":null,"abstract":"The reliability issue in deduplication-based storage systems has not received adequate attention. Existing approaches introduce data redundancy after files have been deduplicated, either by replication on critical data chunks, i.e., chunks with high reference count, or RAID schemes on unique data chunks, which means that these schemes are based on individual unique data chunks rather than individual files. This can leave individual files vulnerable to losses, particularly in the presence of transient and unrecoverable data chunk errors such as latent sector errors. To address this file reliability issue, this paper proposes a Per-File Parity (short for PFP) scheme to improve the reliability of deduplication-based storage systems. PFP computes the XOR parity within parity groups of data chunks of each file after the chunking process but before the data chunks are deduplicated. Therefore, PFP can provide parity redundancy protection for all files by intra-file recovery and a higher-level protection for data chunks with high reference counts by inter-file recovery. Our reliability analysis and extensive data-driven, failure-injection based experiments conducted on a prototype implementation of PFP show that PFP significantly outperforms the existing redundancy solutions, DTR and RCR, in system reliability, tolerating multiple data chunk failures and guaranteeing file availability upon multiple data chunk failures. Moreover, a performance evaluation shows that PFP only incurs an average of 5.7% performance degradation to the deduplication-based storage system.","PeriodicalId":219374,"journal":{"name":"2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133184688","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Recent theoretical attacks conjectured the vulnerabilities of mainstream blockchains through simulations or assumption violations. Unfortunately, previous results typically omit both the nature of the network under which the blockchain code runs and whether blockchains are private, consortium or public. In this paper, we study the public Ethereum blockchain as well as a consortium and private blockchains and quantify the feasibility of man-in-the-middle and double spending attacks against them. To this end, we list important properties of the Ethereum public blockchain topology, we deploy VMs with constrained CPU quantum to mimic the top-10 mining pools of Ethereum and we attack them, by first partitioning the network through BGP hijacking or ARP spoofing before issuing a Balance Attack to steal coins. Our results demonstrate that attacking Ethereum is remarkably devastating in a consortium or private context as the adversary can multiply her digital assets by 200,000 × in 10 hours through BGP hijacking whereas it would be almost impossible in a public context.
{"title":"Impact of Man-In-The-Middle Attacks on Ethereum","authors":"Parinya Ekparinya, V. Gramoli, Guillaume Jourjon","doi":"10.1109/SRDS.2018.00012","DOIUrl":"https://doi.org/10.1109/SRDS.2018.00012","url":null,"abstract":"Recent theoretical attacks conjectured the vulnerabilities of mainstream blockchains through simulations or assumption violations. Unfortunately, previous results typically omit both the nature of the network under which the blockchain code runs and whether blockchains are private, consortium or public. In this paper, we study the public Ethereum blockchain as well as a consortium and private blockchains and quantify the feasibility of man-in-the-middle and double spending attacks against them. To this end, we list important properties of the Ethereum public blockchain topology, we deploy VMs with constrained CPU quantum to mimic the top-10 mining pools of Ethereum and we attack them, by first partitioning the network through BGP hijacking or ARP spoofing before issuing a Balance Attack to steal coins. Our results demonstrate that attacking Ethereum is remarkably devastating in a consortium or private context as the adversary can multiply her digital assets by 200,000 × in 10 hours through BGP hijacking whereas it would be almost impossible in a public context.","PeriodicalId":219374,"journal":{"name":"2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS)","volume":"378 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116000605","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The edge computing paradigm brings the promise of overcoming the practical scalability limitations of cloud computing, that are a result of the high volume of data produced by Internet of Things (IoT) and other large-scale applications. The principle of edge computing is to move computations beyond the data center, closer to end-user devices where data is generated and consumed. This new paradigm creates the opportunity for edge-enabled systems and applications, that have components executing directly and cooperatively on edge devices. Having systems' components, actively and directly, collaborating in the edge, requires some form of distributed monitoring as to adapt to variable operational conditions. Monitoring requires efficient ways to aggregate information collected from multiple devices. In particular, and considering some IoT applications, monitoring will happen among devices that communicate primarily via wireless channels. In this paper we study the practical performance of several distributed continuous aggregation protocols in the wireless ad hoc setting, and propose a novel protocol that is more precise and robust than competing alternative.
{"title":"Practical Continuous Aggregation in Wireless Edge Environments","authors":"P. Costa, J. Leitao","doi":"10.1109/SRDS.2018.00015","DOIUrl":"https://doi.org/10.1109/SRDS.2018.00015","url":null,"abstract":"The edge computing paradigm brings the promise of overcoming the practical scalability limitations of cloud computing, that are a result of the high volume of data produced by Internet of Things (IoT) and other large-scale applications. The principle of edge computing is to move computations beyond the data center, closer to end-user devices where data is generated and consumed. This new paradigm creates the opportunity for edge-enabled systems and applications, that have components executing directly and cooperatively on edge devices. Having systems' components, actively and directly, collaborating in the edge, requires some form of distributed monitoring as to adapt to variable operational conditions. Monitoring requires efficient ways to aggregate information collected from multiple devices. In particular, and considering some IoT applications, monitoring will happen among devices that communicate primarily via wireless channels. In this paper we study the practical performance of several distributed continuous aggregation protocols in the wireless ad hoc setting, and propose a novel protocol that is more precise and robust than competing alternative.","PeriodicalId":219374,"journal":{"name":"2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125919845","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Many current online services need to serve clients distributed across geographic areas. These systems are subject to stringent availability and performance requirements. In order to meet these requirements, replication is used to tolerate the crash of servers and improve performance by deploying replicas near the clients. Coordinating geographically distributed replicas, however, is challenging. This paper presents GeoPaxos, a protocol that addresses this challenge by combining three insights. It decouples order from execution in state machine replication, it induces a partial order on the execution of operations, instead of a total order, and it exploits geographic locality, typical of geo-distributed online services. GeoPaxos outperforms state-of-the-art approaches by more than an order of magnitude in some cases. We describe GeoPaxos design and implementation in detail, and present an extensive performance evaluation.
{"title":"Geographic State Machine Replication","authors":"Paulo R. Coelho, F. Pedone","doi":"10.1109/SRDS.2018.00034","DOIUrl":"https://doi.org/10.1109/SRDS.2018.00034","url":null,"abstract":"Many current online services need to serve clients distributed across geographic areas. These systems are subject to stringent availability and performance requirements. In order to meet these requirements, replication is used to tolerate the crash of servers and improve performance by deploying replicas near the clients. Coordinating geographically distributed replicas, however, is challenging. This paper presents GeoPaxos, a protocol that addresses this challenge by combining three insights. It decouples order from execution in state machine replication, it induces a partial order on the execution of operations, instead of a total order, and it exploits geographic locality, typical of geo-distributed online services. GeoPaxos outperforms state-of-the-art approaches by more than an order of magnitude in some cases. We describe GeoPaxos design and implementation in detail, and present an extensive performance evaluation.","PeriodicalId":219374,"journal":{"name":"2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130142254","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Major efforts have been spent in recent years to improve the performance, scalability and reliability of distributed systems. In order to hide the complexity of designing distributed applications, many proposals provide efficient high-level communication abstractions (e.g., atomic multicast). These abstractions, however, are often unfamiliar to average application designers and, as a result, implementing distributed applications that tolerate failures and scale performance without sacrificing consistency remains a challenging task. In this paper, we introduce DMap, a reliable and scalable distributed ordered map. DMap fully implements the generic Java SortedMap interface and can be easily used to scale existing Java applications. To substantiate our claim, we have used DMap to turn H2, a centralized database, into a scalable and reliable data management system.
{"title":"DMap: A Fault-Tolerant and Scalable Distributed Data Structure","authors":"S. Benz, F. Pedone","doi":"10.1109/SRDS.2018.00026","DOIUrl":"https://doi.org/10.1109/SRDS.2018.00026","url":null,"abstract":"Major efforts have been spent in recent years to improve the performance, scalability and reliability of distributed systems. In order to hide the complexity of designing distributed applications, many proposals provide efficient high-level communication abstractions (e.g., atomic multicast). These abstractions, however, are often unfamiliar to average application designers and, as a result, implementing distributed applications that tolerate failures and scale performance without sacrificing consistency remains a challenging task. In this paper, we introduce DMap, a reliable and scalable distributed ordered map. DMap fully implements the generic Java SortedMap interface and can be easily used to scale existing Java applications. To substantiate our claim, we have used DMap to turn H2, a centralized database, into a scalable and reliable data management system.","PeriodicalId":219374,"journal":{"name":"2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133920119","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Cloud-of-clouds storage is a viable means to ensure security and reliability of distributed data storage, where data are encrypted, encoded, and stored in multiple clouds. However, it is a great challenge to adopt such a paradigm in mobile devices (e.g., smartphone). Mobile devices are generally incapable to perform the heavy-weight operations (i.e., data encryption, encoding, and transmission) required in such a paradigm, given the limited resources in such devices. This paper focuses on addressing this challenge, i.e., improving data storage performance in mobile cloud-of-clouds storage systems. The key of our proposal is to allow the low-capability mobile devices to offload the computational and transmission overhead to the clouds. In other words, we propose a Network Coding based Cloud-of-clouds Storage (NCCS) scheme, where the clouds can encode and exchange data collaboratively. We consider two state-of-the-art cloud-of-clouds storage approaches, i.e., AONT-RS and CAONT-RS, as example cases to deploy our scheme. Accordingly, we propose their network coding-based enhancements, namely NAONT-RS and NCAONT-RS. We implement a prototype cloud-of-clouds system to verify the efficiency of our proposal. We deploy the prototype on Microsoft Azure and conduct extensive experiments with real-world traces. The experimental results show that NAONT-RS and NCAONT-RS can reduce the time of data storage process by up to 50% and improve the throughput by up to 110% compared with their original versions, i.e., AONT-RS and CAONT-RS.
{"title":"Mobile Cloud-of-Clouds Storage Made Efficient: A Network Coding Based Approach","authors":"Jiajie Shen, Yi Li, Yangfan Zhou, Xin Wang","doi":"10.1109/SRDS.2018.00018","DOIUrl":"https://doi.org/10.1109/SRDS.2018.00018","url":null,"abstract":"Cloud-of-clouds storage is a viable means to ensure security and reliability of distributed data storage, where data are encrypted, encoded, and stored in multiple clouds. However, it is a great challenge to adopt such a paradigm in mobile devices (e.g., smartphone). Mobile devices are generally incapable to perform the heavy-weight operations (i.e., data encryption, encoding, and transmission) required in such a paradigm, given the limited resources in such devices. This paper focuses on addressing this challenge, i.e., improving data storage performance in mobile cloud-of-clouds storage systems. The key of our proposal is to allow the low-capability mobile devices to offload the computational and transmission overhead to the clouds. In other words, we propose a Network Coding based Cloud-of-clouds Storage (NCCS) scheme, where the clouds can encode and exchange data collaboratively. We consider two state-of-the-art cloud-of-clouds storage approaches, i.e., AONT-RS and CAONT-RS, as example cases to deploy our scheme. Accordingly, we propose their network coding-based enhancements, namely NAONT-RS and NCAONT-RS. We implement a prototype cloud-of-clouds system to verify the efficiency of our proposal. We deploy the prototype on Microsoft Azure and conduct extensive experiments with real-world traces. The experimental results show that NAONT-RS and NCAONT-RS can reduce the time of data storage process by up to 50% and improve the throughput by up to 110% compared with their original versions, i.e., AONT-RS and CAONT-RS.","PeriodicalId":219374,"journal":{"name":"2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS)","volume":"89 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115220245","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: