Horus: Fine-Grained Encryption-Based Security for Large-Scale Storage
Intervenant(s) : Prof. Darrell Long (U. California Santa Cruz)
With the growing use of large-scale distributed systems, the likelihood that at least one node is compromised is increasing. Large-scale systems that process sensitive data such as geographic data with defense implications, drug modeling, nuclear explosion modeling, and private genomic data would benefit greatly from strong computing (HPC), cloud, or secure content delivery network (SCDN) systems that handle such data still store them unencrypted or use simple encryption schemes, relying heavily on physical isolation to ensure confidentiality, providing little protection against compromised computers or malicious insiders. Moreover, current encryption solutions cannot efficiently provide fine-grained encryption for large datasets.
Our approach, Horus, encrypts large datasets using keyed hash trees (KHTs) to generate different keys for each region of the dataset, providing fine-grained security: the key for one region cannot be used to access another region. Horus also reduces key management and distribution overhead while providing end-to-end data encryption and reducing the need to trust system operators or cloud service providers. Horus requires little modification to existing systems and user applications. Performance evaluation shows that our prototype's key distribution is highly scalable and robust: a single key server can provide 140,000 keys per second, theoretically enough to sustain more than 100 GB/s I/O throughput, and multiple key servers can efficiently operate in parallel to support load balancing and reliability.
Horus will appear in FAST 2013. It is joint work with Yan Li, Nakul Sanjay Dhotre, Yasuhiro Ohara,Thomas Kroeger, and Ethan Miller
Darrell D. E. Long is a Fellow of the Institute of Electrical and Electronics Engineers and of the American Association for the Advancement of Science He is the Director of the Storage Systems Research Center at the University of California, Santa Cruz where he is Professor of Computer Science and holds the Kumar Malavalli Endowed Chair. He received his B.S. degree in Computer Science from San Diego State University, and his M.S. and Ph.D. from the University of California, San Diego. His current research interests in the storage systems area include high performance storage systems, archival storage systems and exascale file systems. His research also includes computer system reliability, video-on-demand, applied machine learning and computer security.
He served as the Vice Chair and then Chair of the University of California Committee on Research Policy. He has served on the University of California President’s Council on the National Laboratories, and on the Science & Technology, National Security and Intelligence committees. He currently serves on the Science & Technology committee for both Los Alamos and Lawrence Livermore National Laboratories. He served on the National Research Council Standing Committee on Technology Insight-Gauge, Evaluate and Review.
Marc.Shapiro (at) nulllip6.fr