Survivable information storage systems

Dept. of Electr. & Comput. Eng., Carnegie Mellon Univ., Pittsburgh, PA
Computer (Impact Factor: 1.68). 09/2000; DOI: 10.1109/2.863969
Source: DBLP

ABSTRACT As society increasingly relies on digitally stored and accessed
information, supporting the availability, integrity and confidentiality
of this information is crucial. We need systems in which users can
securely store critical information, ensuring that it persists, is
continuously accessible, cannot be destroyed and is kept confidential. A
survivable storage system would provide these guarantees over time and
despite malicious compromises of storage node subsets. The PASIS
architecture flexibly and efficiently combines proven technologies
(decentralized storage system technologies, data redundancy and
encoding, and dynamic self-maintenance) for constructing information
storage systems whose availability, confidentiality and integrity
policies can survive component failures and malicious attacks

  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: We discuss the design and evaluation of a secure and fault tolerant storage infrastructure for un-trusted distributed computing environments. Previous designs of storage systems for this space have tended to use decoupled mechanisms for achieving fault tolerance and security. Our design, based on cryptographic properties of error-correction codes, combines redundancy (for fault tolerance) and encryption (for security) in a single unified framework. Our protocol can handle Byzantine faults and ensures confidentiality in a completely un-trusted environment. We qualitatively demonstrate the practicability of this approach. We also carry out quantitative comparison of our scheme and two other approaches, viz., Pure replication based techniques and SecureIDA scheme, and discuss their mertis and demerits.
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Users are storing ever-increasing amounts of information digitally, driven by many factors including government regulations and the public's desire to digitally record their personal histories. Unfortunately, many of the security mechanisms that modern systems rely upon, such as encryption, are poorly suited for storing data for indefinitely long periods of time; it is very difficult to manage keys and update cryptosystems to provide secrecy through encryption over periods of decades. Worse, an adversary who can compromise an archive need only wait for cryptanalysis techniques to catch up to the encryption algorithm used at the time of the compromise in order to obtain “secure” data. To address these concerns, we have developed POTSHARDS, an archival storage system that provides long-term security for data with very long lifetimes without using encryption. Secrecy is achieved by using unconditionally secure secret splitting and spreading the resulting shares across separately managed archives. Providing availability and data recovery in such a system can be difficult; thus, we use a new technique, approximate pointers, in conjunction with secure distributed RAID techniques to provide availability and reliability across independent archives. To validate our design, we developed a prototype POTSHARDS implementation. In addition to providing us with an experimental testbed, this prototype helped us to understand the design issues that must be addressed in order to maximize security.
    TOS. 01/2009; 5.
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Archival storage systems are designed for a write-once, read-maybe usage model which places an emphasis on the long-term preserva- tion of their data contents. In contrast to traditional stor age systems in which data lifetimes are measured in months or possibly years, data lifetimes in an archival system are measured in decades. Se- cure archival storage has the added goal of providing controlled ac- cess to its long-term contents. In contrast, public archiva l systems aim to ensure that their contents are available to anyone. Since secure archival storage systems must store data over much longer periods of time, new threats emerge that affect the security landscape in many novel, subtle ways. These security threats en- danger the secrecy, availability and integrity of the archi val storage contents. Adequate understanding of these threats is essential to effectively devise new policies and mechanisms to guard against them. We discuss many of these threats in this new context to fi ll this gap, and show how existing systems meet (or fail to meet) these threats.
    Proceedings of the 2006 ACM Workshop On Storage Security And Survivability, StorageSS 2006, Alexandria, VA, USA, October 30, 2006; 01/2006

Full-text (4 Sources)

Available from
May 27, 2014