kurma secure geo distributed multi cloud storage gateways
play

Kurma: Secure Geo-distributed Multi-cloud Storage Gateways Ming - PowerPoint PPT Presentation

Mar 06, 2024 •134 likes •650 views

Kurma: Secure Geo-distributed Multi-cloud Storage Gateways Ming Chen and Erez Zadok Stony Brook University File Systems and Storage Lab (FSL) Cloud Storage Gateways l Benefits of cloud gateways Public NAS u Combine advantages of both Cloud

  1. Kurma: Secure Geo-distributed Multi-cloud Storage Gateways Ming Chen and Erez Zadok Stony Brook University File Systems and Storage Lab (FSL)

  2. Cloud Storage Gateways l Benefits of cloud gateways Public NAS u Combine advantages of both Cloud (NFS) clouds and traditional NAS u High security without relying on trusted third parties Accessibility Security u Allow clients to use public clouds using network-attached Availability Performance storage (NAS) protocols but still share across regions Economy Rich Semantics Scalability Consistency SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 31

  3. Kurma Design Goals 1. Strong Security u Use clouds to store only encrypted blocks u Share metadata directly among gateways 2. High availability u Use multiple public clouds u Each gateway is highly available (ZooKeeper) 3. High performance u Extensive caching for data and metadata u Asynchronous replication of metadata 4. High flexibility u Replication, erasure coding, and secret sharing SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 32

  4. Kurma Architecture Clients Kurma Region Gateway 1 storage metadata metadata S3 Azure Region Region Google 2 3 Rackspace Untrusted Public Clouds metadata SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 33

  5. Kurma Architecture Clients Kurma Region Gateway 1 storage Multiple clouds metadata metadata S3 Azure Region Region Google 2 3 Rackspace Untrusted Public Clouds metadata SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 34

  6. Kurma Architecture Clients Replicate Kurma Region Gateway metadata 1 storage Multiple (versions) clouds metadata metadata S3 Azure Region Region Google 2 3 Rackspace Untrusted Public Clouds metadata SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 35

  7. Kurma Architecture Clients Replicate Kurma Region Gateway metadata 1 storage Multiple (versions) clouds Distributed metadata metadata gateways S3 Azure Region Region Google 2 3 Rackspace Untrusted Public Clouds metadata SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 36

  8. Background l ZooKeeper: A distributed coordination service u Coordinate Kurma servers a u Store Kurma FS metadata znode b u Execute transactions of metadata changes zpath:/a/b l Hedwig: A publish-subscribe system u Provide guaranteed delivery u Replicate Kurma metadata l Thrift: A RPC framework u Define FS metadata format u RPC among Kurma servers SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 37

  9. Components Public Google Azure S3 Rackspace Clouds 1 2 3 Other Kurma Gateway Gateways Clients SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 38

  10. Components Public Google Azure S3 Rackspace Clouds 1 2 3 Other Kurma Gateway Gateways Clients SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 39

  11. Components Public Google Azure S3 Rackspace Clouds 1 2 3 Other Kurma Gateway Gateways Clients SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 40

  12. Components Public Google Azure S3 Rackspace Clouds 1 2 3 Other Kurma Gateway Gateways Clients SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 41

  13. Components Public Google Azure S3 Rackspace Clouds 1 2 3 Other Kurma Gateway Gateways Clients SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 42

  14. Metadata Management l Defined using Thrift l Stored in ZooKeeper l Replicated cross-regions using Hedwig SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 43

  15. Metadata Management l Defined using Thrift l Stored in ZooKeeper l Replicated cross-regions using Hedwig SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 44

  16. Metadata Management l Defined using Thrift l Stored in ZooKeeper l Replicated cross-regions using Hedwig SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 45

  17. Metadata Management l Defined using Thrift l Stored in ZooKeeper l Replicated cross-regions using Hedwig SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 46

  18. Metadata Management l Defined using Thrift l Stored in ZooKeeper l Replicated cross-regions using Hedwig SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 47

  19. Metadata Management l Defined using Thrift l Stored in ZooKeeper l Replicated cross-regions using Hedwig SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 48

  20. Metadata Management l Defined using Thrift l Stored in ZooKeeper l Replicated cross-regions using Hedwig SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 49

  21. Metadata Management l Defined using Thrift l Stored in ZooKeeper l Replicated cross-regions using Hedwig SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 50

  22. Kurma Security l Only file data blocks are saved in clouds l Blocks are authenticated and encrypted l Per-file secret key protected by gateway master keys l Detect swap and replay attacks SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 51

  23. Multi-Cloud Redundancy Replication Erasure Coding Secret Sharing Parameters (e.g., 4 n=4 k=3, m=1 n=4, k=3, r=2 clouds) n identical 1MB k+m non-identical n non-identical Apply to a block blocks 1/k MB block 1/k MB block n × 1MB (k+m) × 1/ k MB (k+m) × 1/ k MB Write a block Read a block any 1 cloud any k clouds any k clouds Tolerate failure of n=f+1 m=f n-k=f clouds f+1 (f+1 ) /k (f+1 ) /k Write amplifications 2 × 1MB blocks 4 × 340KB blocks 4 × 340KB blocks Example SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 52

  24. Hybrid Consistency Model l FIFO consistency across gateways u Updates made by a single gateway are seen by other gateways in the order they occur, but updates from different gateways may be seen in any interleaved order u FS metadata is asynchronously replicated among all regions using Hedwig which does not order message across gateways u Resolves inter-gateway conflicts as needed l Region-level NFS consistency u Same as traditional NFS u Data freshness in the same region SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 53

  25. Implementation l NFS Servers built on top of NFS-Ganesha u FSAL_PCACHE u FSAL_KURMA l Gateway Servers u File-System Module uses Thrift u Metadata Module uses Apache Curator (ZooKeeper) u Security Module uses Java 8 standard cryptographic library u Cloud Module uses cloud Java drivers u Redundancy uses Jerasure and CAONS-RS secret sharing Components Language LoC Kurma NFS Server C/C++ 15,802 Kurma Gateway Server Java 27,976 Secret Sharing JNI C/C++ 2,480 RPC & Metadata Definition Thrift 668 SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 54

  26. Optimizations 1. Avoid high-latency of ZooKeeper u Batch metadata changes using transactions u Use in-memory cache for hot znodes 2. Avoid performance variations of clouds u Sort clouds online every N seconds 3. Reduce metadata size u Compress file-system metadata u Use large block sizes SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 55

  27. Evaluation l Experimental setup u Two regions with a network RTT of 100ms u Each region contains VMs for § 3 Metadata Servers running ZooKeeper and Hedwig § 1 Gateway Server § 1 NFS Server with persistent cache on an Intel SSD § 1 NFS client § Each VM has two cores and 4GB of RAM running Fedora 25 with Linux 4.8.10 kernel u Baseline: traditional NFS server § Runs NFS-Ganesha FSAL_VFS § Uses an Intel SSD formatted with Ext4 l Security tests u Availability test u Integrity tests: swapping and replay attacks SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 56

  28. Cloud Read Latency 8192 AWS Google 4096 Azure Rackspace Latency (ms, log 2 ) 2048 1024 512 256 128 64 32 16KB 64KB 256KB 1MB 4MB Cloud Object Size SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 57

  29. Cloud Read Latency 8192 AWS Google 4096 Azure Rackspace Latency (ms, log 2 ) 2048 1.1 ✕ 1024 512 256 128 64 32 16KB 64KB 256KB 1MB 4MB Cloud Object Size SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 58

  30. Cloud Read Latency 8192 AWS Google 4096 Azure Rackspace Latency (ms, log 2 ) 2048 3.1 ✕ 1024 512 256 128 1.3 ✕ 64 32 16KB 64KB 256KB 1MB 4MB Cloud Object Size SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 59

  31. Cloud Read Latency 43 ✕ 8192 AWS Google 4096 Azure Rackspace Latency (ms, log 2 ) 2048 1024 512 256 128 64 32 16KB 64KB 256KB 1MB 4MB Cloud Object Size SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 60

  32. Cloud Read Latency 8192 AWS Google 4096 Azure Rackspace Latency (ms, log 2 ) 2048 1024 512 256 128 64 32 16KB 64KB 256KB 1MB 4MB Cloud Object Size SYSTOR’2019 Kurma: Secure Geo-distributed Multi-cloud Storage Gateways 61

Recommend

Wiera : Towards Flexible Multi-Tiered Geo-Distributed Cloud Storage Instances Kwangsung Oh ,

Wiera : Towards Flexible Multi-Tiered Geo-Distributed Cloud Storage Instances Kwangsung Oh ,

Wiera : Towards Flexible Multi-Tiered Geo-Distributed Cloud Storage Instances Kwangsung Oh , Abhishek Chandra, and Jon Weissman Department of Computer Science and Engineering University of Minnesota Twin Cities HPDC 2016 Cloud Providers

419 views • 41 slides
Large objects in the Cloud Thursday, 11 April 13 Riak Cloud Storage Cloud Storage software

Large objects in the Cloud Thursday, 11 April 13 Riak Cloud Storage Cloud Storage software

Large objects in the Cloud Thursday, 11 April 13 Riak Cloud Storage Cloud Storage software backed by Riak Simple API Multi-tenant, Per-tenant Reporting Pluggable Authentication Multi Data Center Replication (Enterprise)

369 views • 18 slides
Cloud Storage Nabil Abdennadher nabil.abdennadher@hesge.ch 1 Cloud storage Objective

Cloud Storage Nabil Abdennadher nabil.abdennadher@hesge.ch 1 Cloud storage Objective

Cloud Storage Nabil Abdennadher nabil.abdennadher@hesge.ch 1 Cloud storage Objective Provide logical storage pools that abstract a more complex distributed infrastructure made of commodity hardware Separate storage service

627 views • 15 slides
Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation Computation How to Run Sublinear Algorithms in a Distributed Algorithms in a Distributed Setting Elette Boyle Shafi Goldwasser Stefano Tessaro

1.01k views • 36 slides
Cloud storage state of affairs Storage clusters contain thousands of storage nodes, with e.g. 500

Cloud storage state of affairs Storage clusters contain thousands of storage nodes, with e.g. 500

A mathematical theory of distributed storage Dagstuhl workshop (16321) Coding in the time of Big Data Michael Luby August 8, 2016 Research Cloud storage state of affairs Storage clusters contain thousands of storage nodes, with e.g. 500 TB

796 views • 37 slides
Distributed Storage Systems part 1 Marko Vukoli Distributed Systems and Cloud Computing This

Distributed Storage Systems part 1 Marko Vukoli Distributed Systems and Cloud Computing This

Distributed Storage Systems part 1 Marko Vukoli Distributed Systems and Cloud Computing This part of the course (5 slots) Distributed Storage Systems CAP theorem and Amazon Dynamo Apache Cassandra Distributed Systems

767 views • 52 slides
YFS 1.0 is the next generation distributed file system for secure private, public and hybrid

YFS 1.0 is the next generation distributed file system for secure private, public and hybrid

YFS 1.0 is the next generation distributed file system for secure private, public and hybrid cloud storage deployments. YFS 1.0 is not a hardware appliance. Backward compatible with IBM AFS 3.6 and OpenAFS. No flag day required

359 views • 16 slides
A Simulation-based Evaluation of a Hybrid Storage System combining P2P, F2F, and Cloud storage

A Simulation-based Evaluation of a Hybrid Storage System combining P2P, F2F, and Cloud storage

. . A Simulation-based Evaluation of a Hybrid Storage System combining P2P, F2F, and Cloud storage with a Distributed Reputation System Anders Skoglund andsk668@student.liu.se November 04, 2013 . Cloud storage P2P storage F2F storage

660 views • 36 slides
Distributed and Cloud Storage Systems Corso di Sistemi Distribuiti e Cloud Computing A.A. 2017/18

Distributed and Cloud Storage Systems Corso di Sistemi Distribuiti e Cloud Computing A.A. 2017/18

Universit degli Studi di Roma Tor Vergata Dipartimento di Ingegneria Civile e Ingegneria Informatica Distributed and Cloud Storage Systems Corso di Sistemi Distribuiti e Cloud Computing A.A. 2017/18 Valeria Cardellini Why to scale

1.15k views • 82 slides
Distributed and Cloud Storage Systems Corso di Sistemi Distribuiti e Cloud Computing A.A. 2018/19

Distributed and Cloud Storage Systems Corso di Sistemi Distribuiti e Cloud Computing A.A. 2018/19

Universit degli Studi di Roma Tor Vergata Dipartimento di Ingegneria Civile e Ingegneria Informatica Distributed and Cloud Storage Systems Corso di Sistemi Distribuiti e Cloud Computing A.A. 2018/19 Valeria Cardellini Why to scale

396 views • 37 slides
Cloud Gateways Suli Yang, Kiran Srinivasan, Kishore Udayashankar, Swetha Krishnan, Jingxin Feng,

Cloud Gateways Suli Yang, Kiran Srinivasan, Kishore Udayashankar, Swetha Krishnan, Jingxin Feng,

Tombolo: Performance Enhancements for Cloud Gateways Suli Yang, Kiran Srinivasan, Kishore Udayashankar, Swetha Krishnan, Jingxin Feng, Yupu Zhang, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau 1 Storage is Moving to the Cloud Clients

618 views • 47 slides
Secure Distributed Computation and Storage Jed Liu Michael D. George K. Vikram Xin Qi Lucas

Secure Distributed Computation and Storage Jed Liu Michael D. George K. Vikram Xin Qi Lucas

A Platform for Secure Distributed Computation and Storage Jed Liu Michael D. George K. Vikram Xin Qi Lucas Waye Andrew C. Myers Department of Computer Science Cornell University 22 nd ACM SIGOPS Symposium on Operating Systems Principles 14

650 views • 38 slides
Distributed Storage Systems part 2 Marko Vukoli Distributed Systems and Cloud Computing

Distributed Storage Systems part 2 Marko Vukoli Distributed Systems and Cloud Computing

Distributed Storage Systems part 2 Marko Vukoli Distributed Systems and Cloud Computing Distributed storage systems Part I CAP Theorem Amazon Dynamo Part II Cassandra 2 Cassandra in a nutshell Distributed key-value

1.46k views • 59 slides
Secure storage in the cloud using property preserving encryption Kenny Paterson Information

Secure storage in the cloud using property preserving encryption Kenny Paterson Information

Secure storage in the cloud using property preserving encryption Kenny Paterson Information Security Group Overview 1. Application scenarios. 2. Deterministic encryption and search. 3. OPE/ORE and range queries. 4. Analysing access pattern

877 views • 48 slides
Distributed Data Service for Secure Cloud Simulations Sonia R. von der Lippe, M&S Systems

Distributed Data Service for Secure Cloud Simulations Sonia R. von der Lippe, M&S Systems

Distributed Data Service for Secure Cloud Simulations Sonia R. von der Lippe, M&S Systems Engineer, HII-TSD, Orlando, FL Andre Odermatt, Technical Marketing Manager, Real-Time Innovations, Sunnyvale, USA Operation Training In Infrastructure

346 views • 22 slides
Security on cloud storage and IaaS at Taiwan-Japan Workshop 2012/Nov/27

Security on cloud storage and IaaS at Taiwan-Japan Workshop 2012/Nov/27

Resea earch I Institut ute e for or Se Secure Sy Systems Security on cloud storage and IaaS at Taiwan-Japan Workshop 2012/Nov/27 http://www.jst.go.jp/sicp/ws2012_nsc.html Kuniyasu Suzaki Research Institute for Secure Systems (RISEC)

350 views • 22 slides
CERN, June 2008 large, reliable, and secure distributed online storage harness idle resources of

CERN, June 2008 large, reliable, and secure distributed online storage harness idle resources of

CERN, June 2008 large, reliable, and secure distributed online storage harness idle resources of participating computers old dream of computer science The design of a world-wide, fully transparent distributed file system for simultaneous

1.05k views • 102 slides
Performance Isolation and Fairness for Multi-Tenant Cloud Storage David Shue *, Michael Freedman*,

Performance Isolation and Fairness for Multi-Tenant Cloud Storage David Shue *, Michael Freedman*,

PrincetonUniversity Performance Isolation and Fairness for Multi-Tenant Cloud Storage David Shue *, Michael Freedman*, and Anees Shaikh *Princeton IBM Research Setting: Shared Storage in the Cloud Y Y F F Z Z T T 2 Setting:

1.2k views • 101 slides
TripS : Automated Multi-tiered Data Placement in a Geo-distributed Cloud Environment Kwangsung Oh

TripS : Automated Multi-tiered Data Placement in a Geo-distributed Cloud Environment Kwangsung Oh

TripS : Automated Multi-tiered Data Placement in a Geo-distributed Cloud Environment Kwangsung Oh , Abhishek Chandra, and Jon Weissman Department of Computer Science and Engineering University of Minnesota Twin Cities Systor 2017 Cloud

801 views • 41 slides
Computations on Encrypted Data for the Cloud David Pointcheval CNRS - ENS - INRIA Secure Cloud

Computations on Encrypted Data for the Cloud David Pointcheval CNRS - ENS - INRIA Secure Cloud

Computations on Encrypted Data for the Cloud David Pointcheval CNRS - ENS - INRIA Secure Cloud Services and Storage Workshop Oslo, Norway - September 10th, 2017 The Cloud David Pointcheval Introduction 2 / 17 Anything from Anywhere One

290 views • 17 slides
Distributed multi-tenant cloud/fog and heterogeneous SDN/NFV orchestration for 5G services Ricard

Distributed multi-tenant cloud/fog and heterogeneous SDN/NFV orchestration for 5G services Ricard

Distributed multi-tenant cloud/fog and heterogeneous SDN/NFV orchestration for 5G services Ricard Vilalta, A. Mayoral, Raul Muoz, Ramon Casellas, Ricardo Martnez The need for generic control functions and a Transport API The NBI of the

679 views • 15 slides
Coordinating distributed systems Marko Vukoli Distributed Systems and Cloud Computing Previous

Coordinating distributed systems Marko Vukoli Distributed Systems and Cloud Computing Previous

Coordinating distributed systems Marko Vukoli Distributed Systems and Cloud Computing Previous lectures Distributed Storage Systems CAP Theorem Amazon Dynamo Cassandra 2 Today Distributed systems coordination Apache

1.57k views • 62 slides
VBS-Lustre: A Distributed Block Storage System for Cloud Infrastructure Xiaoming Gao,

VBS-Lustre: A Distributed Block Storage System for Cloud Infrastructure Xiaoming Gao,

VBS-Lustre: A Distributed Block Storage System for Cloud Infrastructure Xiaoming Gao, gao4@indiana.edu Yu Ma, yuma@indiana.edu Marlon Pierce, mpierce@cs.indiana.edu Mike Lowe, jomlowe@iupui.edu Geoffrey Fox, gcf@indiana.edu Outline

387 views • 20 slides
Limitlessly Scalable Storage for Capacity-Intensive Computing Meet Cloudian S3-compatible

Limitlessly Scalable Storage for Capacity-Intensive Computing Meet Cloudian S3-compatible

Limitlessly Scalable Storage for Capacity-Intensive Computing Meet Cloudian S3-compatible object storage Appliances and Software-defined Storage Start small, scale to over an exabyte Hybrid cloud and multi-cloud ready 2 See

257 views • 7 slides

More recommend