Survivable information storage systems

Dept. of Electr. & Comput. Eng., Carnegie Mellon Univ., Pittsburgh, PA
Computer (Impact Factor: 1.44). 09/2000; 33(8):61 - 68. DOI: 10.1109/2.863969
Source: IEEE Xplore


As society increasingly relies on digitally stored and accessed
information, supporting the availability, integrity and confidentiality
of this information is crucial. We need systems in which users can
securely store critical information, ensuring that it persists, is
continuously accessible, cannot be destroyed and is kept confidential. A
survivable storage system would provide these guarantees over time and
despite malicious compromises of storage node subsets. The PASIS
architecture flexibly and efficiently combines proven technologies
(decentralized storage system technologies, data redundancy and
encoding, and dynamic self-maintenance) for constructing information
storage systems whose availability, confidentiality and integrity
policies can survive component failures and malicious attacks

Download full-text


Available from: Pradeep K. Khosla, Jan 30, 2014
  • Source
    • "Data-intensive applications rely on stored and accessed data; supporting the availability, integrity, and confidentiality of these data is crucial. While et al. developed a survivable storage system which guarantees that the data is persist, continuously accessible, cannot be destroyed, and is kept confidential [22]. Leung and Miller proposed a scalable and efficient protocol for security in high-performance storage systems, which increases the performance without sacrificing security primitives [8]. "
    [Show abstract] [Hide abstract]
    ABSTRACT: In the past decade, parallel disk systems have been highly scalable and able to alleviate the problem of disk I/O bottleneck, thereby being widely used to support data-intensive applications. Although a variety of parallel disk systems were developed, most existing disk systems lack a means to adaptively control the quality of security for dynamically changing workloads. We address this gap in disk technology by designing, implementing, and evaluating a quality of security control framework for parallel disk systems, or ASPAD for short, that makes it possible for parallel disk systems to adapt to changing security requirements and workload conditions. The ASPAD framework comprises four major components, namely, a security service middleware, a dynamic data-partitioning mechanism, a response time estimator, and an adaptive security quality controller. The framework is conducive to adaptively and expeditiously determining security services for requests submitted to a parallel disk system in a way to improve security of the disk system while making an effort to guarantee desired response times of the requests. We conduct extensive experiments to quantitatively evaluate the performance of the proposed ASPAD framework. Empirical results show that ASPAD significantly improves the overall performance of parallel disk systems over the same disk systems without using the ASPAD framework.
    Journal of Parallel and Distributed Computing 02/2011; 71(2):288-301. DOI:10.1016/j.jpdc.2010.08.014 · 1.18 Impact Factor
  • Source
    • "Only a minimum scope of data is allowed to be provided after files are converted through interface software, e.g. the data storage access control proposed by ISO/IEC 15816 [31]. On the other hand, this research proposes a framework of security for database systems (as indicated in Fig. 2) [32] [33], with the corresponding two aspects of DiD and defense in horizontal (DiH), respectively. In DiD, each data is processed by authentication, access control, certification of input data, and control of output data, to ensure the rationality of input data and the consistency of output data. "
    [Show abstract] [Hide abstract]
    ABSTRACT: In the process of standardization, whether the announcement of a standard represents a cause or an outcome, it is opportunity of the trend of standardization or achievement. The process of standardization is to understand "why" and "how" to explore the detailed outline of a time flow. From a long-term perspective, a standard is the milestone of the standardization process. On May 26th 2010, with the announcement of the Personal Data Protection Act in Taiwan, information security management (ISM) of the Personal Data Protection Act has received much attention from the public. This study is centered on the working items of standards announced by the International Organization for Standardization (ISO) and the ongoing information security management system (ISMS) standards and standardization in order to propose standards which comply with the ISMS of the Personal Data Protection Act and methods which increase implementation control measures.
    01/2011; DOI:10.1109/ICPADS.2011.16
  • Source
    • "One well known example is the use of a quorum system to implement a storage service from individual storage servers, each of which supports local read and write operations. And various robust storage systems [21] [23] [33] have been structured in this way, as have richer services such as the COCA [37] certification authority, which implements operations involve both reading and writing service state. To constitute a quorum system, servers are associated with groups; each operation is executed on all servers in some group. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Trustworthy services, as a result from the interactions of replication with threshold cryptography for use in environments that satisfy weak assumptions, are investigated. A trustworthy service must tolerate attacks as well as failures. Two general components are involved in building trustworthy services such as processors and channels. Processors serve as hosts while channels enable hosts to communicate. A correct component only exhibits intended behavior while a compromised component can exhibit other behavior. It is found that component compromise is caused by failures or attacks.
    Replication: Theory and Practice; 01/2010
Show more