generic raid reassembly using block level entropy
play

Generic RAID Reassembly using Block-Level Entropy Christian Zoubek, - PowerPoint PPT Presentation

May 03, 2023 •239 likes •547 views

Generic RAID Reassembly using Block-Level Entropy Generic RAID Reassembly using Block-Level Entropy Christian Zoubek, Sabine Seufert, Andreas Dewald 30.04.2016 Generic RAID Reassembly using Block-Level Entropy Outline Introduction 1

  1. Generic RAID Reassembly using Block-Level Entropy Generic RAID Reassembly using Block-Level Entropy Christian Zoubek, Sabine Seufert, Andreas Dewald 30.04.2016

  2. Generic RAID Reassembly using Block-Level Entropy Outline Introduction 1 Motivation Prerequisities Parameter detection using Entropy 2 RAID type Stripe size Stripe map Evaluation 3 Correctness Conclusion 4

  3. Generic RAID Reassembly using Block-Level Entropy Introduction Outline Introduction 1 Motivation Prerequisities Parameter detection using Entropy 2 RAID type Stripe size Stripe map Evaluation 3 Correctness Conclusion 4

  4. Generic RAID Reassembly using Block-Level Entropy Introduction Motivation What is RAID Redundant Array of Independent (originally ’Inexpensive’) Disks - Several physical disks combined Abstraction layer between hard disks and file system One logical unit - Depending on RAID it is able to recover Data lost by hardware failure speed up Data transfer heavily increase capacity

  5. Generic RAID Reassembly using Block-Level Entropy Introduction Motivation Why recovery Most server environments use RAID Seizure does not guarantee knowledge about RAID parameters - Undocumented RAID parameters - Administrator not willing to cooperate - Broken RAID controller ⇒ Some or all parameters missing Missing parameters may lead to data loss

  6. Generic RAID Reassembly using Block-Level Entropy Introduction Prerequisities RAID parameters RAID defined by several parameters - RAID type/level (RAID 0, RAID 1, etc.) - Stripe size Size of each contiguous block Common: 1KB - 1MB - Disk count - Stripemap Order of disks How data is distributed over disks

  7. Generic RAID Reassembly using Block-Level Entropy Introduction Prerequisities In detail RAID 1 - All disks save the exact same data - Redundancy by mirroring → Recovery straightforward RAID 0 - Data distributed over all disks - No redundancy → One broken disk equals to loss of all data

  8. Generic RAID Reassembly using Block-Level Entropy Introduction Prerequisities RAID 5 in detail RAID 5 - Redundancy through parity - Data and parity distribution over all disks → Mix of failure safety and better performance - Literature: Different Setups possible

  9. Generic RAID Reassembly using Block-Level Entropy Introduction Prerequisities RAID 5 Properties of common RAID 5 setups - Parity distribution (describes shift of parity block after each row) Left-sided (Parity block shifted from last disk to first) Right-sided (Parity block shifted from first disk to last) - Data distribution (describes location of first block of each row) symmetric (First data block right to parity block) asymmetric (First data block at first disk)

  10. Generic RAID Reassembly using Block-Level Entropy Introduction Prerequisities RAID 5 - examples RAID 5 using 4 disks 0 1 2 P 3 4 P 5 6 P 7 8 P 9 10 11 left asymmetric P 0 1 2 5 P 3 4 7 8 P 6 9 10 11 P right symmetric

  11. Generic RAID Reassembly using Block-Level Entropy Parameter detection using Entropy Outline Introduction 1 Motivation Prerequisities Parameter detection using Entropy 2 RAID type Stripe size Stripe map Evaluation 3 Correctness Conclusion 4

  12. Generic RAID Reassembly using Block-Level Entropy Parameter detection using Entropy RAID type Algorithm Distinguish between RAID 0/1/5 by utilizing their characteristics - RAID 1 only has mirrored blocks - RAID 5 uses parity block in each row Declare counters for occurences of - Mirrored blocks - Parity blocks - None of both Comparison of counters lead to knowledge of RAID level

  13. Generic RAID Reassembly using Block-Level Entropy Parameter detection using Entropy RAID type Interpretation Possibility to detect missing RAID 5 disk - Assumption: Some blocks on missing disk are empty - Mirrored or parity blocks may be found ( Y xor 0 = Y ) RAID-0 RAID-1 RAID-5c RAID-5i mirrored low high low mean parity low low high mean unassigned high low low high

  14. Generic RAID Reassembly using Block-Level Entropy Parameter detection using Entropy Stripe size Algorithm Find possible sizes using entropy - Calculate entropy of 512-byte blocks - Count encounters of each possible byte value - Probability distribution → H = − � i p i × log( p i ) - Find consecutive blocks with high entropy differences (Unusual within the same file) - Validate finding by checking surroundings - Mark edge as possible interesting address

  15. Generic RAID Reassembly using Block-Level Entropy Parameter detection using Entropy Stripe size Algorithm - continued After finding some addresses of interest - Calculate difference between two consecutive addresses - Find best fitting stripe size Start with greatest stripe size (we use 2MB) Difference modulo stripe size If zero, mark as possible stripe size

  16. Generic RAID Reassembly using Block-Level Entropy Parameter detection using Entropy Stripe size Example 1.75MB file over four disks, RAID 0 Address Disk 0 Disk 1 Disk 2 Disk 3 ... 888273920 0 0 0 0 888274432 0 0 0 0 888274944 0 7.50199 7.56131 7.57583 888275456 0 7.53411 7.54758 7.54145 ... 888306176 0 7.46816 7.43265 7.48876 888306688 0 7.43318 7.59278 7.60496 888307200 6.14066 7.48741 7.58424 7.49408 888307712 7.64113 7.53735 7.59764 7.46034 ... 888732672 7.43689 7.55090 7.52364 7.54029 888733184 7.52416 7.54816 7.57045 7.53455 888733696 7.44034 7.54581 7.46290 0 888734208 7.47576 7.51771 7.57273 0 ... Stripe: 888274944 - 888733696 (= 458752; Stripe: 64KB)

  17. Generic RAID Reassembly using Block-Level Entropy Parameter detection using Entropy Stripe map Disk order Striped data blocks are written consecutively over the disks - Empty blocks may indicate position within stripe - Stripe with empty blocks and used blocks interesting Algorithm - Find begin/end of a file within a disk Calculate entropy of blocks half the stripe size Rising entropy: begin of a file Falling entropy: end of a file

  18. Generic RAID Reassembly using Block-Level Entropy Parameter detection using Entropy Stripe map Disk order - Algorithm Check other disks at same address - All full with data: Discard - One or more empty If begin of a file; Empty blocks were written beforehand else; empty blocks written after end of file RAID 0 almost finished - Only disk order to recover - Rebuild order by resolving findings RAID 5 uses parity block - Disk order not that easy to tell (parity block) - Derive a disk order for each row in stripe map

  19. Generic RAID Reassembly using Block-Level Entropy Parameter detection using Entropy Stripe map RAID 5 - extension RAID 5 usually uses map with n rows (n = # disks) - Find distribution of parity across disks Fact: The more random data the higher the entropy Assumption: Parity most often the most random block each row → Derive parity map by comparing entropies of each row � a � - Find correct row to address: mod ( n ) s a = address on disk s = stripe size n = number of disks

  20. Generic RAID Reassembly using Block-Level Entropy Parameter detection using Entropy Stripe map RAID 5 - Stripe map Use parity map and row-wise disk order to set properties - Find parity block of each row - Check blocks written previous to parity block by the same disk Always first block → right symmetric Always last block → left symmetric Ascending order → right asymmetric Descending order → left asymmetric

  21. Generic RAID Reassembly using Block-Level Entropy Evaluation Outline Introduction 1 Motivation Prerequisities Parameter detection using Entropy 2 RAID type Stripe size Stripe map Evaluation 3 Correctness Conclusion 4

  22. Generic RAID Reassembly using Block-Level Entropy Evaluation Data set Different RAID setups for data storage - Low entropy data (text files) - High entropy data (picture files) - RAID 0 and RAID 5 - Varying stripe sizes: 16,64,256,1024 [KB] - File systems: Ext4 and NTFS Furthermore - Six Ubuntu installations (3 × RAID 0, 3 × RAID 5) - Several Software RAIDS (mdadm) ⇒ 38 RAIDs + Software RAIDs

  23. Generic RAID Reassembly using Block-Level Entropy Evaluation Stripesize Optimal threshold for entropy differences dependent on - File system - Types of file - Stripe size Observations - NTFS using picture files stable in almost every combination - Large stripe sizes prefer large entropy differences - Best fitting in all cases: 0.3 (lower bound) - 7.3 (upper bound)

  24. Generic RAID Reassembly using Block-Level Entropy Evaluation Correctness Stripesize Some results for different stripe sizes and data 100 Small ✁ les, ext 90 Small ✁ les, ntfs Picture ✁ les, ext 80 Picture ✁ les, ntfs Probability in Percent 70 60 50 40 30 20 10 0 1 4 16 64 256 1024 4096 Stripesize in KB

  25. Generic RAID Reassembly using Block-Level Entropy Evaluation Correctness Stripe map - Parity distribution Using picture files Disk 0 Disk 1 Disk 2 Disk 3 0 4958 0 0 0 0 5002 0 0 0 0 4911 4922 0 0 0 Different small files Disk 0 Disk 1 Disk 2 Disk 3 485 480 497 3805 469 512 3808 478 499 3785 490 498 3800 518 442 510

  26. Generic RAID Reassembly using Block-Level Entropy Evaluation Correctness Summary Stripe size calculation - fixed entropy threshold (0.3 and 7.3) - worked in every case Stripe map - Parity distribution worked in every RAID 5 case - Finding disk order worked in every case but one RAID 0, small files, great stripe size Only part of the disk order was recovered

Recommend

Block-level RAID is dead Raja Appuswamy, David C. van Moolenbroek, Andrew S. Tanenbaum Vrije

Block-level RAID is dead Raja Appuswamy, David C. van Moolenbroek, Andrew S. Tanenbaum Vrije

Block-level RAID is dead Raja Appuswamy, David C. van Moolenbroek, Andrew S. Tanenbaum Vrije Universiteit, Amsterdam June 22, 2010 Traditional storage stack File Originally one file system per disk system Later RAID layer was introduced

453 views • 19 slides
Entropy, Relative Entropy, Cross Entropy Entropy Entropy, H(x) is a measure of the uncertainty of

Entropy, Relative Entropy, Cross Entropy Entropy Entropy, H(x) is a measure of the uncertainty of

Entropy, Relative Entropy, Cross Entropy Entropy Entropy, H(x) is a measure of the uncertainty of a discrete random variable. Properties: H(x) >= 0 Entropy Entropy Lesser the probability for an event, larger the entropy.

471 views • 21 slides
Disk Management Disk Structure Disk Scheduling RAID Disk Block Management

Disk Management Disk Structure Disk Scheduling RAID Disk Block Management

CPSC 410 / 611 : Operating Systems Disk Management Disk Management Disk Structure Disk Scheduling RAID Disk Block Management Modern Secondary Storage Technologies Disk Management Disk Structure Disk Scheduling RAID

555 views • 18 slides
7 Network Layer Network Layer Network Layer Network Layer Subnets Classful Address

7 Network Layer Network Layer Network Layer Network Layer Subnets Classful Address

Network Layer Network Layer Network Layer Network Layer IP Fragmentation & Reassembly IP Fragmentation and Reassembly network links have MTU length ID fragflag offset (max.transfer size) - largest possible link-level frame.

948 views • 5 slides
at Technopark@Chai Chee 6 May 2015 Perspective Post AEI Block A conversion of level 1 Block

at Technopark@Chai Chee 6 May 2015 Perspective Post AEI Block A conversion of level 1 Block

Asset Enhancement Initiative (AEI) at Technopark@Chai Chee 6 May 2015 Perspective Post AEI Block A conversion of level 1 Block B conversion of level 1 carpark, existing and new & 2 into enrichment/ adjoining annexed block

563 views • 13 slides
Lecture 23: Multiprocessors Todays topics: RAID Multiprocessor taxonomy

Lecture 23: Multiprocessors Todays topics: RAID Multiprocessor taxonomy

Lecture 23: Multiprocessors Todays topics: RAID Multiprocessor taxonomy Snooping-based cache coherence protocol 1 RAID 0 and RAID 1 RAID 0 has no additional redundancy (misnomer) it uses an array of disks and stripes

193 views • 16 slides
Entropy and The Second Law of Thermodynamics Entropy (S)

Entropy and The Second Law of Thermodynamics Entropy (S)

Entropy and The Second Law of Thermodynamics Entropy (S) Entropy is o8en related to disorder but not strictly correct Entropy is a measure

351 views • 8 slides
Building Secure Block Ciphers on Generic Attacks Assumptions Jacques Patarin and Yannick Seurin

Building Secure Block Ciphers on Generic Attacks Assumptions Jacques Patarin and Yannick Seurin

Building Secure Block Ciphers on Generic Attacks Assumptions Jacques Patarin and Yannick Seurin University of Versailles and Orange Labs SAC 2008 August 14-15, 2008 intro the Russian Dolls construction generic attacks application to

539 views • 17 slides
Formal Modeling in Cognitive Science Lecture 25: Entropy, Joint Entropy, Conditional Entropy 1

Formal Modeling in Cognitive Science Lecture 25: Entropy, Joint Entropy, Conditional Entropy 1

Entropy Entropy Formal Modeling in Cognitive Science Lecture 25: Entropy, Joint Entropy, Conditional Entropy 1 Entropy Entropy and Information Joint Entropy Frank Keller Conditional Entropy School of Informatics University of Edinburgh

81 views • 4 slides
Orc David Schleef Entropy Wave Inc (c) 2009 Entropy Wave Inc What is Orc A system for

Orc David Schleef Entropy Wave Inc (c) 2009 Entropy Wave Inc What is Orc A system for

Orc David Schleef Entropy Wave Inc (c) 2009 Entropy Wave Inc What is Orc A system for describing low-level computation on modern CPUs (c) 2009 Entropy Wave Inc Motivation (c) 2009 Entropy Wave Inc Motivation Want maintainable assembly

611 views • 28 slides
Combining Compression Functions and Block Cipher-Based Hash Functions Asiacrypt 2006 Thomas

Combining Compression Functions and Block Cipher-Based Hash Functions Asiacrypt 2006 Thomas

Introduction The Framework Known Generic Attacks Against Multiple Block Length Hashing How to Avoid Known Generic Attacks ? Conclusions Combining Compression Functions and Block Cipher-Based Hash Functions Asiacrypt 2006 Thomas Peyrin 1 ,

655 views • 44 slides
CPSC 410/611: Disk Management Disk Structure Disk Scheduling RAID Disk Block

CPSC 410/611: Disk Management Disk Structure Disk Scheduling RAID Disk Block

CPSC 410 / 611 : Operating Systems Disk Management CPSC 410/611: Disk Management Disk Structure Disk Scheduling RAID Disk Block Management Reading: Doeppner 6.1, 6.4 (more to follow, on File Systems) Disk Structure sector

367 views • 13 slides
1 Definition of a simple generic class Why generic programming (cont.) class Pair <T> {

1 Definition of a simple generic class Why generic programming (cont.) class Pair <T> {

Topics background and goals of generic programming basics of generic classes = parameterized types generic methods for general algorithms inheritance rules for generic types Generic programming in Java bounded type parameters

261 views • 5 slides
Block-Based Adaptive Mesh Refinement scheme based on numerical density of entropy production for

Block-Based Adaptive Mesh Refinement scheme based on numerical density of entropy production for

Block-Based Adaptive Mesh Refinement scheme based on numerical density of entropy production for conservation laws and applications. Mehmet Ersoy 1 , Fr ed eric Golay, Lyudmyla Yushchenko, Universit e de Toulon, IMATH, and Damien Sous,

1.55k views • 102 slides
Outline CPSC 418/MATH 318 Introduction to Cryptography Entropy 1 Entropy, Product Ciphers,

Outline CPSC 418/MATH 318 Introduction to Cryptography Entropy 1 Entropy, Product Ciphers,

Outline CPSC 418/MATH 318 Introduction to Cryptography Entropy 1 Entropy, Product Ciphers, Block Ciphers Encodings Product Ciphers Renate Scheidler 2 Error Propagation Department of Mathematics & Statistics Department of Computer

663 views • 10 slides
Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the

Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the

Outline Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the Technion) Huffman coding Arithmetic coding Lempel-Ziv coding 2 Entropy Definitions Alphabet : A finite set containing at least

402 views • 10 slides
MD/RAID-456 Write Journal and Cache Shaohua Li & So Song g Liu Software Engineer, Facebook

MD/RAID-456 Write Journal and Cache Shaohua Li & So Song g Liu Software Engineer, Facebook

MD/RAID-456 Write Journal and Cache Shaohua Li & So Song g Liu Software Engineer, Facebook MD/RAID-456 Write Journal and Cache Write holes of RAID-456 Hardware RAID: benefits and challenges Write operation in MD/RAID-456

847 views • 84 slides
Op#mal Reassembly of Shadow Tests in CAT Seung W. Choi,

Op#mal Reassembly of Shadow Tests in CAT Seung W. Choi,

Op#mal Reassembly of Shadow Tests in CAT Seung W. Choi, Karin Mollering, Jie Li, & Wim J. van der Linden McGraw-Hill Educa#on CTB 2015

749 views • 28 slides
38. RAID Operating System: Three Easy Pieces 1 Youjip Won RAID (Redundant Array of Inexpensive

38. RAID Operating System: Three Easy Pieces 1 Youjip Won RAID (Redundant Array of Inexpensive

38. RAID Operating System: Three Easy Pieces 1 Youjip Won RAID (Redundant Array of Inexpensive Disks) Use multiple disks in concert to build a faster , bigger , and more reliable disk system. RAID just looks like a big disk to the host

884 views • 30 slides
A RAID AT THE HEART OF THE OILIBYA RALLY OF MOROCCO Discover the Cross- Country Raid in the

A RAID AT THE HEART OF THE OILIBYA RALLY OF MOROCCO Discover the Cross- Country Raid in the

A RAID AT THE HEART OF THE OILIBYA RALLY OF MOROCCO Discover the Cross- Country Raid in the heart of the Moroccan desert! BIKE / QUAD / SSV / 4WD No need for specific preparation, you can use your own vehicle! Bring An accessible

186 views • 6 slides
Disks and RAID (Chapter 12, 14.2) CS 4410 Operating Systems [R. Agarwal, L. Alvisi, A. Bracy,

Disks and RAID (Chapter 12, 14.2) CS 4410 Operating Systems [R. Agarwal, L. Alvisi, A. Bracy,

Disks and RAID (Chapter 12, 14.2) CS 4410 Operating Systems [R. Agarwal, L. Alvisi, A. Bracy, E. Sirer, R. Van Renesse] Storage Devices Magnetic disks Storage that rarely becomes corrupted Large capacity at low cost Block

2.33k views • 29 slides
IP Fragmentation and Reassembly IP datagrams can be up to 65,535 bytes much larger

IP Fragmentation and Reassembly IP datagrams can be up to 65,535 bytes much larger

IP Fragmentation and Reassembly IP datagrams can be up to 65,535 bytes much larger than most networks can transmit in one packet Each network type defines maximum transmission unit (MTU) maximum number of bytes that can be

1.01k views • 23 slides
RAID Summer 2016 Cornell University Today Performance and reliability using RAID. 2 Need

RAID Summer 2016 Cornell University Today Performance and reliability using RAID. 2 Need

CS 4410 Operating Systems RAID Summer 2016 Cornell University Today Performance and reliability using RAID. 2 Need for performance Disks are improving, but not as fast as CPUs. 1970s seek time: 50-100 ms. 2000s seek time:

462 views • 15 slides
Road detection via entropy By Anna Zaidman 1 1 What is entropy? Entropy is a mathematically

Road detection via entropy By Anna Zaidman 1 1 What is entropy? Entropy is a mathematically

Road detection via entropy By Anna Zaidman 1 1 What is entropy? Entropy is a mathematically - defined thermodynamic quantity that helps to account for the flow of energy through a thermodynamic process. 2 What is

467 views • 13 slides

More recommend