Provendo Segurança e Privacidade em Coordenação Distribuída e Extensível
Resumo
Mecanismos de coordenação e sincronização, como contadores compartilhados e filas distribuídas, são empregados no desenvolvimento de vários sistemas distribuídos. Estes mecanismos são suportados por infraestruturas de coordenação, como as baseadas em espaço de tuplas. Um espaço de tuplas é um objeto de memória compartilhada que fornece operações para armazenar e recuperar conjuntos ordenados de dados, chamados tuplas. Apesar de espaços de tuplas proverem as funcionalidades necessárias para coordenação, estudos recentes mostraram que o emprego de protocolos e arquiteturas extensíveis é fundamental para o desempenho do sistema. A ideia principal das extensões é permitir que os servidores, que mantém a infraestrutura de coordenação, acessem e processem as informações de coordenação. Desta forma, não é necessário transportar informações para os clientes, além de evitar reprocessamentos devido a acessos concorrentes. As propostas existentes para coordenação distribuída e extensível não fornecem segurança e privacidade adequadas, uma vez que dados em claro são acessados pelos servidores. Neste sentido, este trabalho propõe a utilização de esquemas robustos de criptografia, implementados no DEPSPACE, para o desenvolvimento de protocolos de coordenação extensível com propriedades de segurança e privacidade. Experimentos mostram que as soluções propostas melhoram significativamente o desempenho do sistema.
Referências
Alves, P. G. M. R. and Aranha, D. F. (2016). A framework for searching encrypted In XVI Simpósio Brasileiro em Segurança da Informação e de Sistemas databases. Computacionais (SBSEG 2016), pages 142–155. SBC.
Analytics, N. (2017). A java library for paillier partially homomorphic encryption.
GitHub. https://github.com/n1analytics/javallier.
Avizienis, A., Laprie, J.-C., Randell, B., and Landwehr, C. (2004). Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing, 1(1):11–33.
Bakken, D. E. and Schlichting, R. D. (1995). Supporting Fault-Tolerant Parallel Programing in Linda. IEEE Transactions on Parallel and Distributed Systems, 6(3):287–302.
Baldoni, R., Marchetti, C., and Verde, L. (2003). Corba request portable interceptors: Analysis and applications. Concurrency and Computation: Practice and Experience, 15(6):551–579.
Bershad, B. N., Savage, S., Pardyak, P., Sirer, E. G., Fiuczynski, M. E., Becker, D., Chambers, C., and Eggers, S. (1995). Extensibility safety and performance in the spin operating system. In Proceedings of 15th Symposium on Operating Systems Principles.
Bessani, A., Alchieri, E., Correia, M., and da Silva Fraga, J. (2008). DepSpace: A byzantine fault-tolerant coordination service. European Conference on Computer Systems.
Bessani, A., Sousa, J., and Alchieri, E. (2014). State machine replication for the masses with BFT-SMaRt. In International Conference on Dependable Systems and Networks.
Bessani, A. N., Correia, M., Fraga, J. S., and Lung, L. C. (2006). Sharing memory between Byzantine processes using policy-enforced tuple spaces. In Proceedings of 26th IEEE International Conference on Distributed Computing Systems ICDCS 2006.
Boldyreva, A., Chenette, N., Lee, Y., and O’Neill, A. (2012). Order-preserving symmetric encryption. Cryptology ePrint Archive, Report 2012/624.
Boneh, D., Lewi, K., Raykova, M., Sahai, A., Zhandry, M., and Zimmerman, J. (2014). Semantically secure order-revealing encryption: Multi-input functional encryption without obfuscation. Cryptology ePrint Archive, Report 2014/834.
Boneh, D. and Shoup, V. (2015). A graduate course in applied cryptography. https: //crypto.stanford.edu/˜dabo/cryptobook/draft_0_2.pdf.
Castro, M. and Liskov, B. (2002). Practical Byzantine fault-tolerance and proactive recovery. ACM Transactions Computer Systems, 20(4):398–461.
Distler, T., Bahn, C., Bessani, A., Fischer, F., and Junqueira, F. (2015). Extensible distributed coordination. In Proc. of 10th European Conference on Computer Systems.
Floriano, E., Alchieri, E., Aranha, D., and Solis, P. (2017a). Privacidade em dados armazenados em memória compartilhada através de espaços de tupla. In Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos.
Floriano, E., Alchieri, E., Aranha, D., and Solis, P. (2017b). Providing privacy on the tuple space model. Journal of Internet Services and Applications, 8(19):1–16.
Gelernter, D. (1985). Generative Communication in Linda. ACM Transactions on Programing Languages and Systems, 7(1):80–112.
Hunt, P., Konar, M., Junqueira, F. P., and Reed, B. (2010). Zookeeper: Wait-free coordination for internet-scale systems. In Proceedings of the 2010 USENIX Conference on USENIX Annual Technical Conference, pages 11–11.
Lewi, K. and Wu, D. J. (2016). Order-revealing encryption: New constructions, applications, and lower bounds. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 1167–1178.
Naehrig, M., Lauter, K., and Vaikuntanathan, V. (2011). Can homomorphic encryption be practical? In Proceedings of 3rd Workshop on Cloud Computing Security Workshop.
Naveed, M., Kamara, S., and Wright, C. V. (2015).
Inference attacks on propertypreserving encrypted databases. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 644–655.
Paillier, P. (1999). Public-key cryptosystems based on composite degree residuosity classes. In Proceedings of the 17th International Conference on Theory and Application of Cryptographic Techniques, EUROCRYPT’99, pages 223–238.
Schneider, F. B. (1990). Implementing fault-tolerant service using the state machine aproach: A tutorial. ACM Computing Surveys, 22(4):299–319.
Schoenmakers, B. (1999). A simple publicly veriable secret sharing scheme and its application to electronic voting. In Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology CRYPTO’99, pages 148–164.
Segall, E. J. (1995). Resilient distributed objects: Basic results and applications to shared spaces. In Proceedings of the 7th Symposium on Parallel and Distributed Processing.
Tourky, D., ElKawkagy, M., and Keshk, A. (2016). Homomorphic encryption the “holy grail” of cryptography. In 2nd IEEE Conference on Computer and Communications.
Veríssimo, P. (2016). Dialogue on cyber policies between brazil and the eu: prospecting threats and opportunities of the cyberspace. Dialogue on Cyber Policies.
White, B., Lepreau, J., Stoller, L., Ricci, R., Guruprasad, S., Newbold, M., Hibler, M., Barb, C., and Joglekar, A. (2002). An Integrated Experimental Environment for Distributed Systems and Networks. In Proc. of 5th Symp. on Operating Systems Design and Implementations. ACM.
Analytics, N. (2017). A java library for paillier partially homomorphic encryption.
GitHub. https://github.com/n1analytics/javallier.
Avizienis, A., Laprie, J.-C., Randell, B., and Landwehr, C. (2004). Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing, 1(1):11–33.
Bakken, D. E. and Schlichting, R. D. (1995). Supporting Fault-Tolerant Parallel Programing in Linda. IEEE Transactions on Parallel and Distributed Systems, 6(3):287–302.
Baldoni, R., Marchetti, C., and Verde, L. (2003). Corba request portable interceptors: Analysis and applications. Concurrency and Computation: Practice and Experience, 15(6):551–579.
Bershad, B. N., Savage, S., Pardyak, P., Sirer, E. G., Fiuczynski, M. E., Becker, D., Chambers, C., and Eggers, S. (1995). Extensibility safety and performance in the spin operating system. In Proceedings of 15th Symposium on Operating Systems Principles.
Bessani, A., Alchieri, E., Correia, M., and da Silva Fraga, J. (2008). DepSpace: A byzantine fault-tolerant coordination service. European Conference on Computer Systems.
Bessani, A., Sousa, J., and Alchieri, E. (2014). State machine replication for the masses with BFT-SMaRt. In International Conference on Dependable Systems and Networks.
Bessani, A. N., Correia, M., Fraga, J. S., and Lung, L. C. (2006). Sharing memory between Byzantine processes using policy-enforced tuple spaces. In Proceedings of 26th IEEE International Conference on Distributed Computing Systems ICDCS 2006.
Boldyreva, A., Chenette, N., Lee, Y., and O’Neill, A. (2012). Order-preserving symmetric encryption. Cryptology ePrint Archive, Report 2012/624.
Boneh, D., Lewi, K., Raykova, M., Sahai, A., Zhandry, M., and Zimmerman, J. (2014). Semantically secure order-revealing encryption: Multi-input functional encryption without obfuscation. Cryptology ePrint Archive, Report 2014/834.
Boneh, D. and Shoup, V. (2015). A graduate course in applied cryptography. https: //crypto.stanford.edu/˜dabo/cryptobook/draft_0_2.pdf.
Castro, M. and Liskov, B. (2002). Practical Byzantine fault-tolerance and proactive recovery. ACM Transactions Computer Systems, 20(4):398–461.
Distler, T., Bahn, C., Bessani, A., Fischer, F., and Junqueira, F. (2015). Extensible distributed coordination. In Proc. of 10th European Conference on Computer Systems.
Floriano, E., Alchieri, E., Aranha, D., and Solis, P. (2017a). Privacidade em dados armazenados em memória compartilhada através de espaços de tupla. In Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos.
Floriano, E., Alchieri, E., Aranha, D., and Solis, P. (2017b). Providing privacy on the tuple space model. Journal of Internet Services and Applications, 8(19):1–16.
Gelernter, D. (1985). Generative Communication in Linda. ACM Transactions on Programing Languages and Systems, 7(1):80–112.
Hunt, P., Konar, M., Junqueira, F. P., and Reed, B. (2010). Zookeeper: Wait-free coordination for internet-scale systems. In Proceedings of the 2010 USENIX Conference on USENIX Annual Technical Conference, pages 11–11.
Lewi, K. and Wu, D. J. (2016). Order-revealing encryption: New constructions, applications, and lower bounds. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 1167–1178.
Naehrig, M., Lauter, K., and Vaikuntanathan, V. (2011). Can homomorphic encryption be practical? In Proceedings of 3rd Workshop on Cloud Computing Security Workshop.
Naveed, M., Kamara, S., and Wright, C. V. (2015).
Inference attacks on propertypreserving encrypted databases. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 644–655.
Paillier, P. (1999). Public-key cryptosystems based on composite degree residuosity classes. In Proceedings of the 17th International Conference on Theory and Application of Cryptographic Techniques, EUROCRYPT’99, pages 223–238.
Schneider, F. B. (1990). Implementing fault-tolerant service using the state machine aproach: A tutorial. ACM Computing Surveys, 22(4):299–319.
Schoenmakers, B. (1999). A simple publicly veriable secret sharing scheme and its application to electronic voting. In Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology CRYPTO’99, pages 148–164.
Segall, E. J. (1995). Resilient distributed objects: Basic results and applications to shared spaces. In Proceedings of the 7th Symposium on Parallel and Distributed Processing.
Tourky, D., ElKawkagy, M., and Keshk, A. (2016). Homomorphic encryption the “holy grail” of cryptography. In 2nd IEEE Conference on Computer and Communications.
Veríssimo, P. (2016). Dialogue on cyber policies between brazil and the eu: prospecting threats and opportunities of the cyberspace. Dialogue on Cyber Policies.
White, B., Lepreau, J., Stoller, L., Ricci, R., Guruprasad, S., Newbold, M., Hibler, M., Barb, C., and Joglekar, A. (2002). An Integrated Experimental Environment for Distributed Systems and Networks. In Proc. of 5th Symp. on Operating Systems Design and Implementations. ACM.
Publicado
10/05/2018
Como Citar
S. JUNIOR, Edson Floriano; ALCHIERI, Eduardo; ARANHA, Diego F.; SOLIS, Priscila.
Provendo Segurança e Privacidade em Coordenação Distribuída e Extensível. In: SIMPÓSIO BRASILEIRO DE REDES DE COMPUTADORES E SISTEMAS DISTRIBUÍDOS (SBRC), 36. , 2018, Campos do Jordão.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2018
.
p. 267-280.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2018.2421.
