Upload
laurence-perry
View
215
Download
0
Tags:
Embed Size (px)
Citation preview
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
A Distributed P2P Storage Service, A Distributed P2P Storage Service,
Adaptive to Trust AssessmentAdaptive to Trust Assessment
Marco Casassa Mont Marco Casassa Mont ([email protected] )([email protected] )
Lorenzo TomasiLorenzo Tomasi(University of Bologna)(University of Bologna)
Trusted E-Services Laboratory (TESL)Trusted E-Services Laboratory (TESL)Hewlett-Packard Laboratories, Bristol, UKHewlett-Packard Laboratories, Bristol, UK
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
Table of ContentsTable of Contents
BackgroundBackground Trust E-ServicesTrust E-Services Distributed Long-term Trusted E-Record StorageDistributed Long-term Trusted E-Record Storage
Distributed P2P Storage ServiceDistributed P2P Storage Service Model Model
Conclusions & some Future TrendsConclusions & some Future Trends
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
Trust E-Services
NotaryNotary
Restoration Services
Restoration Services
Access ControlAccess Control
EvidentialAnalysis
EvidentialAnalysis
Identitytracking
Identitytracking
Storage-contracts-keys-evidential documents
Storage-contracts-keys-evidential documents
real timeMonitoring
real timeMonitoring
Reliable Messaging
Reliable Messaging
UnderwriterUnderwriter
CredentialManagement
CredentialManagement
PolicyPolicy
Transactions, contracts, agreements, e-records B2B, B2C, P2P, …
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
Purpose: Long-term preservation of electronic documents
Longevity of e-Documents (E-records) and Processes
Survivability Long-term identity management and access control Long-term Renewal of information Long term Renewal of signatures & time-stamps Migration of data through technology
Accountability Integrity Privacy & Confidentiality Non-Repudiation Authenticity
Long-Term Trusted Storage
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
DistributedLong-TermTrusted Storage
Portals
Storage SLAs
E-Record (Evidence)
E-Record Clusters: - Conversation - Bundle
User/Application
AddRetrieve ModifyDelete
DERMS ServicesDistributed E-Records Management & Storage
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
PortalLayer
Indexing &ManagementLayer
Physical StorageLayer
Service Pool
Service Pool
Service Pool
Service Pool
ManagementService Pool
Portal Portal Portal
StorageSystems
ApplicationLayer
Distributed Long-term Trusted StorageArchitecture
Replication:• Stored Documents• Metadata
Randomness:• Portals • Service Pools• Services• Storages
“Lazy transactional” behaviour
Diversity
Decentralization &Distribution
Monitoring
Self healing …
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
• PCs: geographically distributed (survivability)
• Their storage capacity and CPU time are not fully used
Alternative long-term Storage Service
Context: Medium/Large Enterprise
• Dynamic (in the medium/long term):• PCs• employees/people
• Collaborative but unreliable• not necessary trusted
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
Research IssuesChallenge: cope with a dynamic and unreliable environment
Medium-Large enterprise: 15000 peoplePCs: 10000
PC obsolescence timeframe: 3-4 years
Percentage of PCs involved in the service: 10%Number of PCs: 1000Average obsolescence of involved PCs (per year): 250 (1/4* 1000)
This without considering faults, loss of data, PC’s owner accidental andintentional data deletion, time zones, etc. ….
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
Resources: distributed
Trust: variable• resources’ behaviour is very dynamic
Control: variable
• not fully centralized (take advantage of distributed resources)
• not fully distributed (likely anarchic, need for a trusted access point for DERMS Services)
Research Space: Choices
Resources
distributed
centralized Control distribute
dcentralize
d
Trust
none
full
“Trust”: belief that someone/something is going to act and behave as expected
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
Server
Trusted Not trustedDERMS Service
s
AA
AA
AA
AA
Server
Hybrid P2P Model
Controller Peers
• Agents installed on distributed PCs (not necessarily trusted, at least initially)
• Trusted controller, acting as Gateway with DERMS services
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
Server
Trusted Not trusted
AA
AA
AA
AA
Agent Installation (on Peers)
Agents installed on requests (by PCs’ users)
Server
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
Server
Trusted Not trusted
AA
AA
AA
AA
Storage, Retrieval, Deletion of E-Records
DERMS Service
s
- Replication of stored E-Records- Integrity Check during E-Record retrieval
Server
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
Tasks Delegation
Server
Trusted Not trusted
AA
AA
AA
AA
DERMS Service
s
- Delegation of Tasks to Peers (if Authorised)
Server
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
Peer-to-Peer Interaction
Server
Trusted Not trusted
AA
AA
AA
AA
DERMS Service
s
-Peer-to-Peer interaction triggered by an Agent (if Authorised)
Server
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
Are distribution and replication sufficient to achieve long-term storage?
It depends …
In case of dynamic environment, peers may:
• not be available
• lose data (or data may get corrupted)
• not be able to complete tasks
“Blind” delegation of tasks to Peers
Is this Sufficient?
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
Need for an Adaptive System
• Monitor Distributed Peers
• Learn from Peers’ behaviour
• Adopt dynamic working criteria • “delegation of tasks to peers” depending on peers’
reliability • Select contextual policies depending on peers’ behaviour and environment dynamics
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
Monitoring & LearningMonitoring Objectives:
• control replicas’ status (survivability)
• observe peers’ behaviour
• gather information about peers
• trigger reactions
Learn about:
• Peers’ availability• Peers’ reliability• Correctness of document replicas• Peers’ ability to complete tasks with success• Peers’ response time• …
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
• Aggregation of measures of reliability/ trustworthiness in Trust Rating Information
• Usage of Trust Rating Information to dynamically adapt service by making decision on allocation of storage and delegation tasks
• Delegation and Storage Policies driven by measures of trust
• Usage of “Trust and Reliability Functions” to define Trust Metrics based on measured indicators (parameters)
Adaptation driven by “Trust Rating”
“Trust”: belief that a Peer/Resource is going to act and behave as expected
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
DERMS Services
Communication Manager
Index andSecure Repository
MonitoringModule
RatingModule
Storage Module
TaskManager
Communication Manager
MonitoringModule
RatingModule
Storage Module
TaskManager
Enterprise
Central ControlComponent
Agents
Agent
SecureConnections
SecureRepository
LocalStorage
Scheduler
TRUSTED UNTRUSTED
SecureConnections
Registration
Registration
High Level Architecture
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
• Communication: authentication based on secure link (SSL)
• Delegation: authorization token (SPKI based)
• Integrity management: hash value, digital signature
• Confidentiality: encryption
• Survivability: documents’ replication
Basic Mechanisms
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
• Usage of distributed cheap resources and agents to underpin survivability of data over long time
• P2P architecture viable to decongest central control
• Hybrid control as a balance between full centralization and completely distributed control (anarchism) • Trust Assessment to underpin adaptability in dynamic distributed environment
• Our approach:• reduces risks in very dynamic environments (Best Effort)• introduces overhead: … need for a “real-life” trial• requires a sustained number of participants
Conclusions
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
Future Trends on Distributed Systems
• Growing importance of Distributed Web Services: - within Enterprises and across Enterprises (on the Internet)
• Key role for Trust Services to reduce Risks and increase Accountability
• Importance of Adaptability of Systems and Services to the behaviour of (the involved) resources (Reliability and Trustworthiness are crucial aspects to be considered)
• Growing importance of Peer-to-Peer based environments: - mobile systems/services, collaborative environments, dynamic business interactions, resource sharing, etc.
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
Backup Slides
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
• Agents (on PCs) join or leave the Storage Service
• DERMS Service initiative: store, retrieve, delete
• Peer’s initiative
Use Cases
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
CentralControlComponent
Resource
1. Register
2. DownloadAgentPackage
3. InstallAgent
Peer
Employee
Enterprise
DERMSServices
Agent
4. Updatelocal Index
Use Case: Join
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
DERMSServices
Collaborative Environment
CentralControlComponent
Peers
Enterprise
1. Request tostore a document (Metadata attached)
2. Interpret Metadata
3. Identify a reasonableset of agents where to store replicas of the documents
4. Encrypt and digitally sign thedocument.
6. Update local Index
5. Store Document Replicas
7. Unique name
Use Case: Store
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
Use Case: Retrieve
DERMSServices
Collaborative Environment
CentralControlComponent
Peers
Enterprise
1. Request toretrieve a document
2. Retrieve from the Index a list of location where thedocument has been stored
4. Decrypt and verify the integrity of the replica. If the replica is compromised,repeat step 3.
3. Retrieve a Replica
5. Return thedocument
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
Use Case: Delete
DERMSServices
Collaborative Environment
CentralControlComponent
Peers
Enterprise
2. Retrieve location ofreplicas
1. Request todelete a Document
3. Request fordocument deletion
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
Use Case: Peer-to-Peer
DERMSServices
Collaborative Environment
CentralControlComponent
Peers
Enterprise
1. Storage changes are locally madeby the resourceowner
2. The agent intercepts changes.inform the central control
3. Central control provides listof possible peersto contact foralternative storage
4. The agent contact asuggested peer andask for the storageof a document replica
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
DERMSServices
Collaborative Environment
CentralControlComponent
Peers
Enterprise
2. Repair damagedreplicas
1. Monitor state ofreplicas stored within peers
3. Calculate/Update Rating informationassociated to peers
Use Case: Monitoring
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
DERMSService
Collaborative Environment
CentralControlComponent
Peers
Enterprise
1. Identify a set of agents to which delegate tasks.Rating information isused to make this choice..
2. Delegatetasks to an agent
3. The agent collectsinformation from the authorised peers
4. The agent periodically returns collected information to thecentral component.
Use Case: Delegation of Monitoring Tasks
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
• Information base: basic information module and rating information module
• Monitoring module• Rating module• Engines for testing, storage, deletion, and retrieval• Registration module• keys and identities manager• Communication manager
High Level Architecture
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
Server
Engines
Monitoring
Interaction with peers
(via communication
manager)
May influenc
e Informatio
n base
May update
Policy-based and “planning” componen
ts
High Level Architecture
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
List of tasks
GeneratorGeneratorDelegatio
n manager
requests
From/to informatio
n base
Tasks manage
r
Scheduler
From/to
engines
Monitoring Module
Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001
“events” generator“events” generator
Trust function
queries Information on peers’ behaviour
notifications
Rating information
db
Rating Module