effective and efficient compromise recovery for weakly
play

Effective and Efficient Compromise Recovery for Weakly Consistent - PowerPoint PPT Presentation

Dec 05, 2022 •472 likes •1.34k views

Effective and Efficient Compromise Recovery for Weakly Consistent Replication Prince Mahajan (UT Austin), Ramakrishna Kotla, Cathy Marshall, Venugopalan Rama Ramasubramanian, Tom Rodeheffer, Doug Terry, Ted Wobber (Microsoft Research

  1. Effective and Efficient Compromise Recovery for Weakly Consistent Replication Prince Mahajan (UT Austin), Ramakrishna Kotla, Cathy Marshall, Venugopalan “Rama” Ramasubramanian, Tom Rodeheffer, Doug Terry, Ted Wobber (Microsoft Research Silicon Valley)

  2. Scenario Sam

  3. Scenario Sam

  4. Scenario Alex

  5. Scenario Alex

  6. Scenario Alex Corrupted “contact”

  7. Scenario Alex Corrupted “contact”

  8. Scenario Alex Corrupted “contact” Workgroup

  9. Scenario Sam Corrupted “contact” Workgroup

  10. Scenario Corrupted “contact” Workgroup

  11. Scenario Corrupted “contact” Workgroup In replicated systems, even inappropriate updates propagate automatically.

  12. Another Scenario Chicago San Francisco customers customers L. A. customers

  13. Another Scenario Chicago San Francisco customers customers L. A. customers

  14. Another Scenario Chicago San Francisco customers customers L. A. customers

  15. Another Scenario Chicago San Francisco customers customers L. A. customers

  16. Our Contributions Polygraph: A framework that • Extends weakly consistent replication • Removes corrupted updates • Recovers uncorrupted updates • While being Effective: Retain most uncorrupted updates Efficient: Incur less bandwidth cost

  17. Outline • Motivation • System Model • Backup-based approach • Polygraph: Effective and Efficient Recovery • Results • Conclusion

  18. System Model

  19. System Model • Replicas can independently update items • Each update produces a new version of item • New versions propagate asynchronously

  20. System Model • Replicas can independently update items • Each update produces a new version of item • New versions propagate asynchronously • Replicas retain the most recent version • Archive replica logs all received versions

  21. Example System Replica A updates stored versions Archive Log updates updates Replica C Replica B

  22. Update Timeline wall clock time 1 2 3 4 5 6 7 8 l i k A A1 A2 A3 A4 j replica B B2 B1 B3 B4 B5 C C4 C1 C3 C2 A, B, C replicas i j k l items versions A1, A2,...,C4 influence

  23. Update Timeline wall clock time 1 2 3 4 5 6 7 8 l i k A A1 A2 A3 A4 j replica B B2 B1 B3 B4 B5 C C4 C1 C3 C2 A, B, C replicas i j k l items versions A1, A2,...,C4 influence

  24. Threat Model • Compromises can result from malice or misuse • Corrupted versions Versions injected by compromised replicas Versions influenced by corrupted versions • An external agent detects and reports compromises after the fact • Archive and replication layer is not compromised

  25. Update Timeline wall clock time 1 2 3 4 5 6 7 8 l i k A A1 A2 A3 A4 j replica B B2 B1 B3 B4 B5 C C4 C1 C3 C2 A, B, C replicas i j k l items versions A1, A2,...,C4 influence

  26. Update Timeline (with compromise) wall clock time 1 2 3 4 5 6 7 8 l i k A A1 A2 A3 A4 j replica B B2 B1 B3 B4 B5 C C4 C1 C3 C2 innocent version i j k l items corrupt version A, B, C replicas versions compromise A1, A2,...,C4 compromise notification influence

  27. Update Timeline (after recovery) wall clock time 1 2 3 4 5 6 7 8 l i k A A1 A2 A3 A4 j replica B B2 B1 B3 C C1 C3 C2 innocent version i j k l items corrupt version A, B, C replicas versions compromise A1, A2,...,C4 compromise notification influence

  28. Backup-based Approach Backup Replica A updates stored versions Checkpoints updates updates Replica C Replica B Innocent version Corrupt version Checkpoint

  29. Backup-based Approach Backup Replica A updates stored versions Checkpoints updates updates Replica C Replica B Innocent version Corrupt version Checkpoint

  30. Backup-based Approach Backup Replica A updates stored versions Checkpoints updates updates Replica C Replica B Innocent version Corrupt version Checkpoint

  31. Backup-based Approach Backup Replica A Compromise updates notification: stored versions B compromised at time t Checkpoints updates updates Replica C Replica B Innocent version Corrupt version Checkpoint

  32. Backup-based Approach Backup Replica A Compromise updates notification: stored versions B compromised at time t Checkpoints updates updates Replica C Replica B Innocent version Corrupt version Checkpoint

  33. Backup-based Approach Backup Replica A Compromise updates notification: stored versions B compromised at time t Checkpoints updates updates Replica C Replica B Innocent version Corrupt version Checkpoint

  34. Backup-based Approach Backup Replica A Compromise updates notification: stored versions B compromised at time t Checkpoints updates updates Replica C Replica B Innocent version Corrupt version Checkpoint

  35. Backup-based Approach Backup Replica A Compromise updates notification: stored versions B compromised at time t Checkpoints updates updates Replica C Replica B Innocent version Corrupt version Checkpoint

  36. Backup-based Approach Backup Replica A Compromise updates notification: stored versions B compromised at time t Checkpoints updates updates Replica C Replica B Innocent version Corrupt version Checkpoint

  37. Drawbacks of Backup-based Approach • Inefficient: Re-propagation from backup to replicas • Ineffective: Updates subsequent to checkpoint are lost compromise notification 1 2 3 4 5 6 7 8 l i k A A1 A2 A3 A4 j replica B B2 B1 B3 B4 B5 C C1 C4 C3 C2

  38. Polygraph: Key Ideas

  39. Polygraph: Key Ideas • Innocent version identification Effectiveness: innocent versions created post- compromise are recovered

  40. Polygraph: Key Ideas • Innocent version identification Effectiveness: innocent versions created post- compromise are recovered • Replica-local retention

  41. Polygraph: Key Ideas • Innocent version identification Effectiveness: innocent versions created post- compromise are recovered • Replica-local retention Replicas retain innocent versions

  42. Polygraph: Key Ideas • Innocent version identification Effectiveness: innocent versions created post- compromise are recovered • Replica-local retention Replicas retain innocent versions Effectiveness: newer versions recovered

  43. Polygraph: Key Ideas • Innocent version identification Effectiveness: innocent versions created post- compromise are recovered • Replica-local retention Replicas retain innocent versions Effectiveness: newer versions recovered Efficiency: retained versions save bandwidth

  44. Innocent Versions Version is innocent if it is Generated before compromise, or Not influenced by any corrupt version from the compromised replica

  45. Is a version generated before compromise? Update A1 B1 A2 B2 B3 A4 C3 B4 C1 Archive Log

  46. Is a version generated before compromise? wall clock time 1 2 3 4 5 6 7 8 Update A1 B1 A2 B2 B3 A4 C3 B4 C1 A3 Archive Log

  47. Is a version generated before compromise? compromise notification wall clock time 1 2 3 4 5 6 7 8 Update A1 B1 A2 B2 B3 A4 C3 B4 C1 A3 Archive Log

  48. Is a version generated before compromise? compromise notification wall clock time 1 2 3 4 5 6 7 8 Update A1 B1 A2 B2 B3 A4 C3 B4 C1 A3 Archive Log versions generated prior to compromise

  49. Is a version generated before compromise? compromise notification wall clock time 1 2 3 4 5 6 7 8 Update A1 B1 A2 B2 B3 A4 C3 B4 C1 A3 Archive Log versions generated prior to compromise precompromise cut Precompromise cut summarizes versions archived prior to compromise

  50. Is a version v influenced by any corrupt version from the compromised replica?

  51. Is a version v influenced by any corrupt version from the compromised replica? • Sufficient to check: is the most recent version from the compromised replica that influenced v is corrupt?

  52. Is a version v influenced by any corrupt version from the compromised replica? • Sufficient to check: is the most recent version from the compromised replica that influenced v is corrupt? • Each version has a taint vector • Taint vector of a version v tracks the most recent version from each replica that has influenced v

  53. Is a version v influenced by any corrupt version from the compromised replica? • Sufficient to check: is the most recent version from the compromised replica that influenced v is corrupt? • Each version has a taint vector • Taint vector of a version v tracks the most recent version from each replica that has influenced v B2 A1 C2 C3 Taint vector A1 A1 A1 A1 B2 B2 B2 C3 C2

  54. Is a version v influenced by any corrupt version from the compromised replica? • Sufficient to check: is the most recent version from the compromised replica that influenced v is corrupt? • Each version has a taint vector • Taint vector of a version v tracks the most recent version from each replica that has influenced v B2 A1 C2 C3 Taint vector A1 A1 A1 A1 B2 B2 B2 C3 C2 A version v is innocent if the influencing version from the compromised replica in v ’s taint vector is innocent

Recommend

Ejector Technology for Efficient and Cost Effective Flare Gas Recovery GPA-GCC 24th Annual

Ejector Technology for Efficient and Cost Effective Flare Gas Recovery GPA-GCC 24th Annual

Ejector Technology for Efficient and Cost Effective Flare Gas Recovery GPA-GCC 24th Annual Technical Conference, Kuwait City, Kuwait, May 10-11, 2016 Trevor Leagas Flare Gas Recovery Manager Europe and Middle East Region Zeeco, Inc 2009

941 views • 67 slides
Analysis of low-energy scattering and weakly-bound states through effective-range functions.

Analysis of low-energy scattering and weakly-bound states through effective-range functions.

Analysis of low-energy scattering and weakly-bound states through effective-range functions. Application to 12 C+ . arez 1 Jean-Marc Sparenberg, Oscar Leonardo Ram rez Su Nuclear Physics and Quantum Physics, Universit e libre de

727 views • 29 slides
KEYS TO EFFECTIVE GRANT ADMINISTRATION CDBG Disaster Recovery 4 Keys to Effective Grant

KEYS TO EFFECTIVE GRANT ADMINISTRATION CDBG Disaster Recovery 4 Keys to Effective Grant

CDBG Disaster Recovery KEYS TO EFFECTIVE GRANT ADMINISTRATION CDBG Disaster Recovery 4 Keys to Effective Grant Administration Assessing Capacity (including your partners capacity) Procurement Monitoring Financial Controls

405 views • 19 slides
Intrusion Recovery using Selective Re-execution Taesoo Kim, Xi Wang, Nickolai Zeldovich , M.

Intrusion Recovery using Selective Re-execution Taesoo Kim, Xi Wang, Nickolai Zeldovich , M.

Intrusion Recovery using Selective Re-execution Taesoo Kim, Xi Wang, Nickolai Zeldovich , M. Frans Kaashoek MIT CSAIL Attackers routinely compromise system integrity Attackers routinely compromise system integrity Attackers routinely

1.23k views • 74 slides
efficient and cost effective utilization of electrical power in accelerator based research

efficient and cost effective utilization of electrical power in accelerator based research

EnEfficient sustainable and energy efficient technologies M.Seidel, PSI network related to: efficient and cost effective utilization of electrical power in accelerator based research facilities EuCARD-2 is co-funded by the partners and the

338 views • 15 slides
Tripwire Inferring Internet Site Compromise Joe DeBlasio Stefan Savage UC San Diego Geoffrey

Tripwire Inferring Internet Site Compromise Joe DeBlasio Stefan Savage UC San Diego Geoffrey

Tripwire Inferring Internet Site Compromise Joe DeBlasio Stefan Savage UC San Diego Geoffrey M. Voelker Alex C. Snoeren On account compromise Compromise of email/social network/etc is devastating Personal/professional reputational, financial

798 views • 49 slides
First of a kind commercial Compact system for the efficient Recovery Of CObalt Designed with

First of a kind commercial Compact system for the efficient Recovery Of CObalt Designed with

First of a kind commercial Compact system for the efficient Recovery Of CObalt Designed with novel Integrated LEading technologies This project has received funding from the European General presentation Union's EU Framework Programme for

594 views • 17 slides
First of a kind commercial Compact system for the efficient Recovery Of CObalt Designed with

First of a kind commercial Compact system for the efficient Recovery Of CObalt Designed with

First of a kind commercial Compact system for the efficient Recovery Of CObalt Designed with novel Integrated LEading technologies The CROCODILE project has received funding from the European Union's EU Framework Programme for Research and

469 views • 18 slides
First of a kind commercial Compact system for the efficient Recovery Of CObalt Designed with

First of a kind commercial Compact system for the efficient Recovery Of CObalt Designed with

First of a kind commercial Compact system for the efficient Recovery Of CObalt Designed with novel Integrated LEading technologies This project has received funding from the European General presentation Union's EU Framework Programme for

264 views • 10 slides
Digital Media is it.. ..Economic? ..Efficient? 1 1 Is it Efficient? Can it deliver large

Digital Media is it.. ..Economic? ..Efficient? 1 1 Is it Efficient? Can it deliver large

..Effective? Digital Media is it.. ..Economic? ..Efficient? 1 1 Is it Efficient? Can it deliver large audiences? Does it make the investment work hard? 2 Huge number of intermediaries makes programmatic expensive or inefficient 3

680 views • 40 slides
Towards a more effective and efficient use of psychotropic drugs in nursing homes: a quality

Towards a more effective and efficient use of psychotropic drugs in nursing homes: a quality

Towards a more effective and efficient use of psychotropic drugs in nursing homes: a quality improving project in Belgium Mir irko Petr trovic Department of Geriatrics Ghent University CONFLICT OF IN INTEREST DIS ISCLOSURE I have no

584 views • 34 slides
The need for effective, efficient and robust communications is critical. Data is at the essence

The need for effective, efficient and robust communications is critical. Data is at the essence

The need for effective, efficient and robust communications is critical. Data is at the essence of what we do collection, evaluation, sharing these are all core to decision making whether it is part of the bridge team, the ashore side

352 views • 14 slides
IRS & FTB Offers in Compromise December 12, 2012 Thank you for attending this seminar. Your

IRS & FTB Offers in Compromise December 12, 2012 Thank you for attending this seminar. Your

IRS & FTB Offers in Compromise December 12, 2012 Thank you for attending this seminar. Your work on behalf of ALRP clients can reduce, or eliminate, the financial burdens that result from having tax problems. FEDERAL OFFERS IN COMPROMISE

403 views • 8 slides
Weakly Supervised Classification Weakly Supervised Classification and Robust Learning and Robust

Weakly Supervised Classification Weakly Supervised Classification and Robust Learning and Robust

IIT-H and RIKEN-AIP Joint Workshop on March 15, 2019 Machine Learning and Applications, Hyderabad, India Weakly Supervised Classification Weakly Supervised Classification and Robust Learning and Robust Learning --- Overview of Our Recent

1.06k views • 25 slides
REFERENCES [1] D. Campolo, M. Sitti, R. S. Fearing, Efficient charge recovery method for

REFERENCES [1] D. Campolo, M. Sitti, R. S. Fearing, Efficient charge recovery method for

S. Ben-Yaakov, Power electronics of piezoelectric elements, Gordon Seminar, Tel_Aviv, 2006 1 REFERENCES [1] D. Campolo, M. Sitti, R. S. Fearing, Efficient charge recovery method for driving piezoelectric actuators with quasi-square waves,

85 views • 5 slides
Is Co-Regulation more Efficient and Effective in Supplying Safer Food? Insights from the UK

Is Co-Regulation more Efficient and Effective in Supplying Safer Food? Insights from the UK

Is Co-Regulation more Efficient and Effective in Supplying Safer Food? Insights from the UK Marian GARCIA Andrew FEARNE American Agricultural Economics Association - 2006 Pre-Conference Workshop: New Food Safety Incentives and Regulatory,

634 views • 24 slides
Missouri Compromise, 1820 Firebell in the Night The Missouri Compromise, 1820 Divides the

Missouri Compromise, 1820 Firebell in the Night The Missouri Compromise, 1820 Divides the

Missouri Compromise, 1820 Firebell in the Night The Missouri Compromise, 1820 Divides the Louisiana Purchase into Free and Slave territory along 36 30 Admits Missouri as a Slave state and Maine as a Free state Keeps Equal Political Power

378 views • 24 slides
Universal homogeneous constraint structures and the hom-equivalence classes of weakly

Universal homogeneous constraint structures and the hom-equivalence classes of weakly

Universal homogeneous constraint structures and the hom-equivalence classes of weakly oligomorphic structures Christian Pech Maja Pech 17.03.2012 Weakly oligomorphic structures Definition A countable relational structure A is called weakly

196 views • 18 slides
An Efficient and Effective Detailed Placement Algorithm White-paper by: Min Pan, Natarajan

An Efficient and Effective Detailed Placement Algorithm White-paper by: Min Pan, Natarajan

An Efficient and Effective Detailed Placement Algorithm White-paper by: Min Pan, Natarajan Viswanathan and Chris Chu Department of Electrical and Computer Engineering Iowa State University, Ames, IA 50011 Email: panmin, nataraj, cnchu

309 views • 19 slides
free 18-May-17 Towards Weakly Supervised Image Understanding 1/50 Towards Weakly Supervised

free 18-May-17 Towards Weakly Supervised Image Understanding 1/50 Towards Weakly Supervised

free 18-May-17 Towards Weakly Supervised Image Understanding 1/50 Towards Weakly Supervised Image Understanding (WSIU) http://mmcheng.net/ 18-May-17 Towards Weakly

807 views • 51 slides
HSECQ Review of 2016 JKX Board of Directors JKX believe that an efficient, safe and effective

HSECQ Review of 2016 JKX Board of Directors JKX believe that an efficient, safe and effective

HSECQ Review of 2016 JKX Board of Directors JKX believe that an efficient, safe and effective environment, as per industry standards and definitions, can be achieved in our operations if tailored approaches and management are used, the

246 views • 14 slides
UNIVERSITY OF KENTUCKY PROCUREMENT CARD GUIDANCE for PROPER EFFECTIVE EFFICIENT USE

UNIVERSITY OF KENTUCKY PROCUREMENT CARD GUIDANCE for PROPER EFFECTIVE EFFICIENT USE

UNIVERSITY OF KENTUCKY PROCUREMENT CARD GUIDANCE for PROPER EFFECTIVE EFFICIENT USE PRESENTED BY ACCOUNTS PAYABLE SERVICES BACKGROUND Originated and Implemented in 1996 Designated as the primary procurement method for

417 views • 15 slides
Searches for New Light Weakly Coupled Particles around DESY Intensity Frontier Workshop IF5:

Searches for New Light Weakly Coupled Particles around DESY Intensity Frontier Workshop IF5:

Searches for New Light Weakly Coupled Particles around DESY Intensity Frontier Workshop IF5: New Light Weakly Coupled Particles Argonne National Laboratory 25-27 April 2013 Axel Lindner, DESY Directly looking for Weakly Interacting Slim

682 views • 33 slides
Consolidation of services results in efficient and effective policing. Local Control

Consolidation of services results in efficient and effective policing. Local Control

Consolidation of services results in efficient and effective policing. Local Control Local Identity Experience Liability Accountability Maintain your revenue from citations Personnel Considerations Vehicle

407 views • 22 slides

More recommend