Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK 8 th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001 A Distributed P2P

Marco Casassa Mont – TESL - Hewlett-Packard Laboratories, Bristol, UK8th IEEE Workshop FTDCS 2001 – Bologna - 31/10/2001-02/11/2001

A Distributed P2P Storage Service, A Distributed P2P Storage Service,

Adaptive to Trust AssessmentAdaptive to Trust Assessment

Marco Casassa Mont Marco Casassa Mont ([email protected] )([email protected] )

Lorenzo TomasiLorenzo Tomasi(University of Bologna)(University of Bologna)

Trusted E-Services Laboratory (TESL)Trusted E-Services Laboratory (TESL)Hewlett-Packard Laboratories, Bristol, UKHewlett-Packard Laboratories, Bristol, UK


Table of ContentsTable of Contents

BackgroundBackground Trust E-ServicesTrust E-Services Distributed Long-term Trusted E-Record StorageDistributed Long-term Trusted E-Record Storage

Distributed P2P Storage ServiceDistributed P2P Storage Service Model Model

Conclusions & some Future TrendsConclusions & some Future Trends


Trust E-Services

NotaryNotary

Restoration Services

Restoration Services

Access ControlAccess Control

EvidentialAnalysis

EvidentialAnalysis

Identitytracking

Identitytracking

Storage-contracts-keys-evidential documents

Storage-contracts-keys-evidential documents

real timeMonitoring

real timeMonitoring

Reliable Messaging

Reliable Messaging

UnderwriterUnderwriter

CredentialManagement

CredentialManagement

PolicyPolicy

Transactions, contracts, agreements, e-records B2B, B2C, P2P, …


Purpose: Long-term preservation of electronic documents

Longevity of e-Documents (E-records) and Processes

Survivability Long-term identity management and access control Long-term Renewal of information Long term Renewal of signatures & time-stamps Migration of data through technology

Accountability Integrity Privacy & Confidentiality Non-Repudiation Authenticity

Long-Term Trusted Storage


DistributedLong-TermTrusted Storage

Portals

Storage SLAs

E-Record (Evidence)

E-Record Clusters: - Conversation - Bundle

User/Application

AddRetrieve ModifyDelete

DERMS ServicesDistributed E-Records Management & Storage


PortalLayer

Indexing &ManagementLayer

Physical StorageLayer

Service Pool

Service Pool

Service Pool

Service Pool

ManagementService Pool

Portal Portal Portal

StorageSystems

ApplicationLayer

Distributed Long-term Trusted StorageArchitecture

Replication:• Stored Documents• Metadata

Randomness:• Portals • Service Pools• Services• Storages

“Lazy transactional” behaviour

Diversity

Decentralization &Distribution

Monitoring

Self healing …


• PCs: geographically distributed (survivability)

• Their storage capacity and CPU time are not fully used

Alternative long-term Storage Service

Context: Medium/Large Enterprise

• Dynamic (in the medium/long term):• PCs• employees/people

• Collaborative but unreliable• not necessary trusted


Research IssuesChallenge: cope with a dynamic and unreliable environment

Medium-Large enterprise: 15000 peoplePCs: 10000

PC obsolescence timeframe: 3-4 years

Percentage of PCs involved in the service: 10%Number of PCs: 1000Average obsolescence of involved PCs (per year): 250 (1/4* 1000)

This without considering faults, loss of data, PC’s owner accidental andintentional data deletion, time zones, etc. ….


Resources: distributed

Trust: variable• resources’ behaviour is very dynamic

Control: variable

• not fully centralized (take advantage of distributed resources)

• not fully distributed (likely anarchic, need for a trusted access point for DERMS Services)

Research Space: Choices

Resources

distributed

centralized Control distribute

dcentralize

d

Trust

none

full

“Trust”: belief that someone/something is going to act and behave as expected


Server

Trusted Not trustedDERMS Service

s

AA

AA

AA

AA

Server

Hybrid P2P Model

Controller Peers

• Agents installed on distributed PCs (not necessarily trusted, at least initially)

• Trusted controller, acting as Gateway with DERMS services


Server

Trusted Not trusted

AA

AA

AA

AA

Agent Installation (on Peers)

Agents installed on requests (by PCs’ users)

Server


Server

Trusted Not trusted

AA

AA

AA

AA

Storage, Retrieval, Deletion of E-Records

DERMS Service

s

- Replication of stored E-Records- Integrity Check during E-Record retrieval

Server


Tasks Delegation

Server

Trusted Not trusted

AA

AA

AA

AA

DERMS Service

s

- Delegation of Tasks to Peers (if Authorised)

Server


Peer-to-Peer Interaction

Server

Trusted Not trusted

AA

AA

AA

AA

DERMS Service

s

-Peer-to-Peer interaction triggered by an Agent (if Authorised)

Server


Are distribution and replication sufficient to achieve long-term storage?

It depends …

In case of dynamic environment, peers may:

• not be available

• lose data (or data may get corrupted)

• not be able to complete tasks

“Blind” delegation of tasks to Peers

Is this Sufficient?


Need for an Adaptive System

• Monitor Distributed Peers

• Learn from Peers’ behaviour

• Adopt dynamic working criteria • “delegation of tasks to peers” depending on peers’

reliability • Select contextual policies depending on peers’ behaviour and environment dynamics


Monitoring & LearningMonitoring Objectives:

• control replicas’ status (survivability)

• observe peers’ behaviour

• gather information about peers

• trigger reactions

Learn about:

• Peers’ availability• Peers’ reliability• Correctness of document replicas• Peers’ ability to complete tasks with success• Peers’ response time• …


• Aggregation of measures of reliability/ trustworthiness in Trust Rating Information

• Usage of Trust Rating Information to dynamically adapt service by making decision on allocation of storage and delegation tasks

• Delegation and Storage Policies driven by measures of trust

• Usage of “Trust and Reliability Functions” to define Trust Metrics based on measured indicators (parameters)

Adaptation driven by “Trust Rating”

“Trust”: belief that a Peer/Resource is going to act and behave as expected


DERMS Services

Communication Manager

Index andSecure Repository

MonitoringModule

RatingModule

Storage Module

TaskManager

Communication Manager

MonitoringModule

RatingModule

Storage Module

TaskManager

Enterprise

Central ControlComponent

Agents

Agent

SecureConnections

SecureRepository

LocalStorage

Scheduler

TRUSTED UNTRUSTED

SecureConnections

Registration

Registration

High Level Architecture


• Communication: authentication based on secure link (SSL)

• Delegation: authorization token (SPKI based)

• Integrity management: hash value, digital signature

• Confidentiality: encryption

• Survivability: documents’ replication

Basic Mechanisms


• Usage of distributed cheap resources and agents to underpin survivability of data over long time

• P2P architecture viable to decongest central control

• Hybrid control as a balance between full centralization and completely distributed control (anarchism) • Trust Assessment to underpin adaptability in dynamic distributed environment

• Our approach:• reduces risks in very dynamic environments (Best Effort)• introduces overhead: … need for a “real-life” trial• requires a sustained number of participants

Conclusions


Future Trends on Distributed Systems

• Growing importance of Distributed Web Services: - within Enterprises and across Enterprises (on the Internet)

• Key role for Trust Services to reduce Risks and increase Accountability

• Importance of Adaptability of Systems and Services to the behaviour of (the involved) resources (Reliability and Trustworthiness are crucial aspects to be considered)

• Growing importance of Peer-to-Peer based environments: - mobile systems/services, collaborative environments, dynamic business interactions, resource sharing, etc.


Backup Slides


• Agents (on PCs) join or leave the Storage Service

• DERMS Service initiative: store, retrieve, delete

• Peer’s initiative

Use Cases


CentralControlComponent

Resource

1. Register

2. DownloadAgentPackage

3. InstallAgent

Peer

Employee

Enterprise

DERMSServices

Agent

4. Updatelocal Index

Use Case: Join


DERMSServices

Collaborative Environment


Peers

Enterprise

1. Request tostore a document (Metadata attached)

2. Interpret Metadata

3. Identify a reasonableset of agents where to store replicas of the documents

4. Encrypt and digitally sign thedocument.

6. Update local Index

5. Store Document Replicas

7. Unique name

Use Case: Store


Use Case: Retrieve

DERMSServices



Peers

Enterprise

1. Request toretrieve a document

2. Retrieve from the Index a list of location where thedocument has been stored

4. Decrypt and verify the integrity of the replica. If the replica is compromised,repeat step 3.

3. Retrieve a Replica

5. Return thedocument


Use Case: Delete

DERMSServices



Peers

Enterprise

2. Retrieve location ofreplicas

1. Request todelete a Document

3. Request fordocument deletion


Use Case: Peer-to-Peer

DERMSServices



Peers

Enterprise

1. Storage changes are locally madeby the resourceowner

2. The agent intercepts changes.inform the central control

3. Central control provides listof possible peersto contact foralternative storage

4. The agent contact asuggested peer andask for the storageof a document replica


DERMSServices



Peers

Enterprise

2. Repair damagedreplicas

1. Monitor state ofreplicas stored within peers

3. Calculate/Update Rating informationassociated to peers

Use Case: Monitoring


DERMSService



Peers

Enterprise

1. Identify a set of agents to which delegate tasks.Rating information isused to make this choice..

2. Delegatetasks to an agent

3. The agent collectsinformation from the authorised peers

4. The agent periodically returns collected information to thecentral component.

Use Case: Delegation of Monitoring Tasks


• Information base: basic information module and rating information module

• Monitoring module• Rating module• Engines for testing, storage, deletion, and retrieval• Registration module• keys and identities manager• Communication manager



Server

Engines

Monitoring

Interaction with peers

(via communication

manager)

May influenc

e Informatio

n base

May update

Policy-based and “planning” componen

ts



List of tasks

GeneratorGeneratorDelegatio

n manager

requests

From/to informatio

n base

Tasks manage

r

Scheduler

From/to

engines

Monitoring Module


“events” generator“events” generator

Trust function

queries Information on peers’ behaviour

notifications

Rating information

db

Rating Module