Emanuele Giuseppe Esposito, Paulo R. Coelho, F. Pedone
State machine replication is a well-known technique to build fault-tolerant replicated systems. The technique guarantees that replicas of a service execute the same sequence of deterministic commands in the same total order. At the core of state machine replication is consensus, a distributed problem in which replicas agree on the next command to be executed. Among the various consensus algorithms proposed, Paxos stands out for its optimized resilience and communication. Much effort has been placed on implementing Paxos efficiently. Existing solutions make use of special network topologies, rely on specialized hardware, or exploit application semantics. Instead of proposing yet another variation of the original Paxos algorithm, this paper proposes a new strategy to increase performance of Paxos-based state machine replication. We introduce Kernel Paxos, an implementation of Paxos that significantly reduces communication overhead by avoiding system calls and TCP/IP stack. To reduce the number of context switches related to system calls, we provide Paxos as a kernel module. We present a detailed performance analysis of Kernel Paxos and compare it to a user-space equivalent implementation.
{"title":"Kernel Paxos","authors":"Emanuele Giuseppe Esposito, Paulo R. Coelho, F. Pedone","doi":"10.1109/SRDS.2018.00037","DOIUrl":"https://doi.org/10.1109/SRDS.2018.00037","url":null,"abstract":"State machine replication is a well-known technique to build fault-tolerant replicated systems. The technique guarantees that replicas of a service execute the same sequence of deterministic commands in the same total order. At the core of state machine replication is consensus, a distributed problem in which replicas agree on the next command to be executed. Among the various consensus algorithms proposed, Paxos stands out for its optimized resilience and communication. Much effort has been placed on implementing Paxos efficiently. Existing solutions make use of special network topologies, rely on specialized hardware, or exploit application semantics. Instead of proposing yet another variation of the original Paxos algorithm, this paper proposes a new strategy to increase performance of Paxos-based state machine replication. We introduce Kernel Paxos, an implementation of Paxos that significantly reduces communication overhead by avoiding system calls and TCP/IP stack. To reduce the number of context switches related to system calls, we provide Paxos as a kernel module. We present a detailed performance analysis of Kernel Paxos and compare it to a user-space equivalent implementation.","PeriodicalId":219374,"journal":{"name":"2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS)","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116870413","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Wireless sensor networks and other power-efficient devices fill increasingly important roles in modern society. At the same time, they also face increasing internal and external threats, such as node capture or protocol disruption by adversarial agents. Providing reliable and secure service in the face of these challenges remains an ongoing problem, and one that is only exacerbated by the computational and power constraints imposed on these devices. In this paper, we first introduce the concept of on-demand topic channels in the context of ephemeral wireless sensor networks. Then, building on this concept, we introduce three novel messaging protocols to provide secure, authenticated communication between a sensor network and an authorized user while also providing resilience from accidental or adversarial disruption. These protocols leverage homomorphic hashing in innovative ways to trade secrecy against network and computational costs in on-demand topic channel authentication. Finally, we compare and contrast the costs of these protocols, and show that hash-based protocols provide significant implementation-independent improvements to network resilience.
{"title":"Adversarially-Resistant On-Demand Topic Channels for Wireless Sensor Networks","authors":"H. Behrens, K. Candan","doi":"10.1109/SRDS.2018.00019","DOIUrl":"https://doi.org/10.1109/SRDS.2018.00019","url":null,"abstract":"Wireless sensor networks and other power-efficient devices fill increasingly important roles in modern society. At the same time, they also face increasing internal and external threats, such as node capture or protocol disruption by adversarial agents. Providing reliable and secure service in the face of these challenges remains an ongoing problem, and one that is only exacerbated by the computational and power constraints imposed on these devices. In this paper, we first introduce the concept of on-demand topic channels in the context of ephemeral wireless sensor networks. Then, building on this concept, we introduce three novel messaging protocols to provide secure, authenticated communication between a sensor network and an authorized user while also providing resilience from accidental or adversarial disruption. These protocols leverage homomorphic hashing in innovative ways to trade secrecy against network and computational costs in on-demand topic channel authentication. Finally, we compare and contrast the costs of these protocols, and show that hash-based protocols provide significant implementation-independent improvements to network resilience.","PeriodicalId":219374,"journal":{"name":"2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129727425","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In recent years, the interest in blockchain has grown exponentially, and nowadays it is foreseen as a technology with the potential to revolutionize the way data is maintained and transferred around the globe. The reason of this excitement is ascribable to the ability of enabling new forms of transactions and interactions between mistrusting and decentralized entities. Indeed, it has attracted interests and huge investments from enterprises, and it is predictable that in a near future many industries will adopt it. However, it is not a panacea and in some cases may even become useless or not convenient. Moreover, even when it can really constitute an added value, selecting the proper blockchain and configuring it may not be trivial. Trying to go beyond the hype and to address this problem, this paper proposes a methodology addressing: i) whether, given a specific problem requirements, the blockchain is a proper solution for it ii) in such a case which is the blockchain category more suitable, and finally iii) guiding the designer throughout its configuration.
{"title":"A Requirements-Driven Methodology for the Proper Selection and Configuration of Blockchains","authors":"Mirko Staderini, Enrico Schiavone, A. Bondavalli","doi":"10.1109/SRDS.2018.00031","DOIUrl":"https://doi.org/10.1109/SRDS.2018.00031","url":null,"abstract":"In recent years, the interest in blockchain has grown exponentially, and nowadays it is foreseen as a technology with the potential to revolutionize the way data is maintained and transferred around the globe. The reason of this excitement is ascribable to the ability of enabling new forms of transactions and interactions between mistrusting and decentralized entities. Indeed, it has attracted interests and huge investments from enterprises, and it is predictable that in a near future many industries will adopt it. However, it is not a panacea and in some cases may even become useless or not convenient. Moreover, even when it can really constitute an added value, selecting the proper blockchain and configuring it may not be trivial. Trying to go beyond the hype and to address this problem, this paper proposes a methodology addressing: i) whether, given a specific problem requirements, the blockchain is a proper solution for it ii) in such a case which is the blockchain category more suitable, and finally iii) guiding the designer throughout its configuration.","PeriodicalId":219374,"journal":{"name":"2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127547363","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Christoph Lambert, Maria Fernandes, Jérémie Decouchant, P. Veríssimo
The recent introduction of new DNA sequencing techniques caused the amount of processed and stored biological data to skyrocket. In order to process these vast amounts of data, bio-centers have been tempted to use low-cost public clouds. However, genomes are privacy sensitive, since they store personal information about their donors, such as their identity, disease risks, heredity and ethnic origin. The first critical DNA processing step that can be executed in a cloud, i.e., read alignment, consists in finding the location of the DNA sequences produced by a sequencing machine in the human genome. While recent developments aim at increasing performance, only few approaches address the need for fast and privacy preserving read alignment methods. This paper introduces MaskAl, a novel approach for read alignment. MaskAl combines a fast preprocessing step on raw genomic data - filtering and masking - with established algorithms to align sanitized reads, from which sensitive parts have been masked out, and refines the alignment score using the masked out information with Intel's software guard extensions (SGX). MaskAl is a highly competitive privacy-preserving read alignment software that can be massively parallelized with public clouds and emerging enclave clouds. Finally, MaskAl is nearly as accurate as plain-text approaches (more than 96% of aligned reads with MaskAl compared to 98% with BWA) and can process alignment workloads 87% faster than current privacy-preserving approaches while using less memory and network bandwidth.
{"title":"MaskAl: Privacy Preserving Masked Reads Alignment using Intel SGX","authors":"Christoph Lambert, Maria Fernandes, Jérémie Decouchant, P. Veríssimo","doi":"10.1109/SRDS.2018.00022","DOIUrl":"https://doi.org/10.1109/SRDS.2018.00022","url":null,"abstract":"The recent introduction of new DNA sequencing techniques caused the amount of processed and stored biological data to skyrocket. In order to process these vast amounts of data, bio-centers have been tempted to use low-cost public clouds. However, genomes are privacy sensitive, since they store personal information about their donors, such as their identity, disease risks, heredity and ethnic origin. The first critical DNA processing step that can be executed in a cloud, i.e., read alignment, consists in finding the location of the DNA sequences produced by a sequencing machine in the human genome. While recent developments aim at increasing performance, only few approaches address the need for fast and privacy preserving read alignment methods. This paper introduces MaskAl, a novel approach for read alignment. MaskAl combines a fast preprocessing step on raw genomic data - filtering and masking - with established algorithms to align sanitized reads, from which sensitive parts have been masked out, and refines the alignment score using the masked out information with Intel's software guard extensions (SGX). MaskAl is a highly competitive privacy-preserving read alignment software that can be massively parallelized with public clouds and emerging enclave clouds. Finally, MaskAl is nearly as accurate as plain-text approaches (more than 96% of aligned reads with MaskAl compared to 98% with BWA) and can process alignment workloads 87% faster than current privacy-preserving approaches while using less memory and network bandwidth.","PeriodicalId":219374,"journal":{"name":"2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS)","volume":"49 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133737282","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, we consider runtime verification of synchronous distributed systems, where a decentralized set of monitors that only have a partial view of the system are subject to crash failures. In this context, it is unavoidable that monitors may have different views of the underlying system, and, therefore, have different opinions about the correctness property. We propose an automata-based synchronous monitoring algorithm that copes with t crash monitor failures. Moreover, local monitors do not communicate their explicit reading of the underlying system. Rather, they emit a symbolic verdict that efficiently encodes their partial views. This significantly reduces the communication overhead.
{"title":"Crash-Resilient Decentralized Synchronous Runtime Verification","authors":"Shokoufeh Kazemlou, Borzoo Bonakdarpour","doi":"10.1109/SRDS.2018.00032","DOIUrl":"https://doi.org/10.1109/SRDS.2018.00032","url":null,"abstract":"In this paper, we consider runtime verification of synchronous distributed systems, where a decentralized set of monitors that only have a partial view of the system are subject to crash failures. In this context, it is unavoidable that monitors may have different views of the underlying system, and, therefore, have different opinions about the correctness property. We propose an automata-based synchronous monitoring algorithm that copes with t crash monitor failures. Moreover, local monitors do not communicate their explicit reading of the underlying system. Rather, they emit a symbolic verdict that efficiently encodes their partial views. This significantly reduces the communication overhead.","PeriodicalId":219374,"journal":{"name":"2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS)","volume":"48 8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132395822","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Christian Göttel, Rafael Pires, Isabelly Rocha, Sébastien Vaucher, P. Felber, Marcelo Pasin, V. Schiavoni
Major cloud providers such as Amazon [1], Google [2] and Microsoft [3] provide nowadays some form of infrastructure as a service (IaaS) which allows deploying services in the form of virtual machines [4], containers [5] or bare-metal [6] instances. Although software-based solutions like homomorphic encryption exit, privacy concerns [7] greatly hinder the deployment of such services over public clouds. It is particularly difficult for homomorphic encryption to match performance requirements of modern workloads [8]. Evaluating simple operations on basic data types with HElib [9], a homomorphic encryption library, against their unencrypted counter part reveals, that homomorphic encryption is still impractical under realistic workloads.
{"title":"Security, Performance and Energy Implications of Hardware-Assisted Memory Protection Mechanisms on Event-Based Streaming Systems","authors":"Christian Göttel, Rafael Pires, Isabelly Rocha, Sébastien Vaucher, P. Felber, Marcelo Pasin, V. Schiavoni","doi":"10.1109/SRDS.2018.00042","DOIUrl":"https://doi.org/10.1109/SRDS.2018.00042","url":null,"abstract":"Major cloud providers such as Amazon [1], Google [2] and Microsoft [3] provide nowadays some form of infrastructure as a service (IaaS) which allows deploying services in the form of virtual machines [4], containers [5] or bare-metal [6] instances. Although software-based solutions like homomorphic encryption exit, privacy concerns [7] greatly hinder the deployment of such services over public clouds. It is particularly difficult for homomorphic encryption to match performance requirements of modern workloads [8]. Evaluating simple operations on basic data types with HElib [9], a homomorphic encryption library, against their unencrypted counter part reveals, that homomorphic encryption is still impractical under realistic workloads.","PeriodicalId":219374,"journal":{"name":"2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS)","volume":"96 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132780232","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Shudip Datta, S. Madria, James R. Milligan, M. Linderman
In application environments like international military coalitions or multi-party relief work in a disaster zone, passing secure messages using Delay Tolerant Networks (DTNs) is challenging because existing public-private key cryptographic approaches may not be always accessible across different groups due to the unavailability of Public Key Infrastructure (PKI). In addition, connectivity may be intermittent so finding the reliable route is also difficult. Thus, instead of sending the complete message in a single packet, fragmenting the messages and sending them via multiple nodes can help achieve better security and reliability when multiple groups are involved. Therefore, encrypting messages before fragmentation and then sending both the data fragments and the key fragments (needed for decryption) provide much higher security. Keys are also fragmented as sending the key in a single packet can hamper security if it is forwarded to some corrupted nodes who may try to tamper or drop it. Hence, in this paper, we develop a scheme to provide improved security by generating multiple key-shares and data fragments and disseminating them via some intermediate nodes. In this fragmentation process, we also create a few redundant blocks to guarantee higher data arrival rate at the destination when message drop rate is higher like in the DTN environment. Our performance evaluation when compared to the most closely related scheme like Multiparty Encryption shows the improvement on minimizing the number of compromised messages as well as reduced bandwidth consumption in the network.
{"title":"Secure Information Forwarding through Fragmentation in Delay-Tolerant Networks","authors":"Shudip Datta, S. Madria, James R. Milligan, M. Linderman","doi":"10.1109/SRDS.2018.00020","DOIUrl":"https://doi.org/10.1109/SRDS.2018.00020","url":null,"abstract":"In application environments like international military coalitions or multi-party relief work in a disaster zone, passing secure messages using Delay Tolerant Networks (DTNs) is challenging because existing public-private key cryptographic approaches may not be always accessible across different groups due to the unavailability of Public Key Infrastructure (PKI). In addition, connectivity may be intermittent so finding the reliable route is also difficult. Thus, instead of sending the complete message in a single packet, fragmenting the messages and sending them via multiple nodes can help achieve better security and reliability when multiple groups are involved. Therefore, encrypting messages before fragmentation and then sending both the data fragments and the key fragments (needed for decryption) provide much higher security. Keys are also fragmented as sending the key in a single packet can hamper security if it is forwarded to some corrupted nodes who may try to tamper or drop it. Hence, in this paper, we develop a scheme to provide improved security by generating multiple key-shares and data fragments and disseminating them via some intermediate nodes. In this fragmentation process, we also create a few redundant blocks to guarantee higher data arrival rate at the destination when message drop rate is higher like in the DTN environment. Our performance evaluation when compared to the most closely related scheme like Multiparty Encryption shows the improvement on minimizing the number of compromised messages as well as reduced bandwidth consumption in the network.","PeriodicalId":219374,"journal":{"name":"2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133665398","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Run Guo, Jianjun Chen, Baojun Liu, Jia Zhang, Chao Zhang, Haixin Duan, Tao Wan, Jian Jiang, S. Hao, Yaoqi Jia
Content Delivery Networks (CDNs) are critical Internet infrastructure. Besides high availability and high performance, CDNs also provide security services such as anti-DoS and Web Application Firewalls to CDN-powered websites. However, the massive resources of CDNs may also be leveraged by attackers exploiting their architectural, implementation, or operational weaknesses. In this paper, we show that today's CDN operation is overly loose in customer-controlled forwarding policy and the lack of origin validation leads to a wide range of abuse cases such as DoS attack and stealthy port scan. We systematically study these abuse cases and demonstrate their feasibility in popular CDNs. Further, we evaluate the impact of these abuses by discovering that there are millions of CDN edge servers, and a substantial fraction of them can be abused. Lastly, we propose mitigation solutions against such abuses and discuss their feasibility.
{"title":"Abusing CDNs for Fun and Profit: Security Issues in CDNs' Origin Validation","authors":"Run Guo, Jianjun Chen, Baojun Liu, Jia Zhang, Chao Zhang, Haixin Duan, Tao Wan, Jian Jiang, S. Hao, Yaoqi Jia","doi":"10.1109/SRDS.2018.00011","DOIUrl":"https://doi.org/10.1109/SRDS.2018.00011","url":null,"abstract":"Content Delivery Networks (CDNs) are critical Internet infrastructure. Besides high availability and high performance, CDNs also provide security services such as anti-DoS and Web Application Firewalls to CDN-powered websites. However, the massive resources of CDNs may also be leveraged by attackers exploiting their architectural, implementation, or operational weaknesses. In this paper, we show that today's CDN operation is overly loose in customer-controlled forwarding policy and the lack of origin validation leads to a wide range of abuse cases such as DoS attack and stealthy port scan. We systematically study these abuse cases and demonstrate their feasibility in popular CDNs. Further, we evaluate the impact of these abuses by discovering that there are millions of CDN edge servers, and a substantial fraction of them can be abused. Lastly, we propose mitigation solutions against such abuses and discuss their feasibility.","PeriodicalId":219374,"journal":{"name":"2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133897593","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: