Secure File Assignment in Heterogeneous Distributed Systems
Type of Degreedissertation
MetadataShow full item record
There is a growing demand for large-scale distributed storage systems to support resource sharing and fault tolerance. Although heterogeneity issues of distributed systems have been widely investigated, little attention has yet been paid to security solutions designed for distributed systems with heterogeneous vulnerabilities. This fact motivates us to investigate the topic of secure file assignment in heterogeneous distributed systems. Firstly we propose a secure fragment allocation scheme called S-FAS to improve security of a distributed system where storage sites have a wide variety of vulnerabilities. In the S-FAS approach, we integrate file fragmentation with the secret sharing technique in a distributed storage system with heterogeneous properties in vulnerability. Storage sites in distributed systems are categorized into a variety of different types of storage node based on vulnerability characteristics. Given a file and a distributed system, S-FAS allocates fragments of the file to as many different types of nodes as possible in the system. Data confidentiality is preserved because fragments of a file are allocated to multiple storage nodes. We develop storage assurance and dynamic assurance models to evaluate quality of security offered by S-FAS. Analysis results show that fragment allocations made by S-FAS lead to enhanced security because of the consideration of heterogeneous vulnerabilities in distributed storage systems. In order to consider performance while providing higher quality of security for large scale distributed systems with heterogeneous features, we develop a Secure Allocation Processing (SAP) algorithm for the S-FAS scheme to improve the security level and consider its performance using the heterogeneous features of a large distributed system. To improve the security, the design of SAP is guided by the experimental results from S-FAS; to improve performance, we not only consider the heterogeneity of the storage nodes and the whole system, but also the heterogeneous features of the requests. The SAP allocation algorithm considers load balancing, delayed effects caused by the workload variance of many consecutive requests, and the heterogeneous features (such as CPU speed and network bandwidth) of the storage nodes in the system. In order to use practical implementations to demonstrate the ideas on actual systems with real-world applications, we developed a prototype using the multi-threading technique and C language for the S-FAS scheme with the SAP algorithm to guide the file allocation. The prototype is built in the distributed cluster environment with heterogeneous storage nodes, in which the Network File System (NFS) and Linux are installed. We did some experiments on system throughput and testing against real world traces. The evaluation results show that the proposed solution can not only improve the security level, but also improve the throughput and performance of the distributed storage systems with heterogeneous vulnerabilities by using the multi-thread technique. To further explore the security solution while considering system availability, we propose a solution called Reef by integrating fragment replication into the proposed S-FAS and SAP solution for distributed systems with heterogeneous features. The Reef scheme is extended based on the S-FAS scheme. In the proposed Reef scheme we consider the system failure mode caused by hardware diversity when categorizing the storage nodes into different groups. The storage assurance model for Reef is developed to evaluate the security quality offered by Reef when all fragments have the same replication degrees. Then we developed a secure fragment replication allocation process algorithm called R-SAP illustrating how to use the proposed Reef scheme. The evaluation results show that the proposed Reef scheme and R-SAP algorithm can improve both availability and security for distributed storage systems with heterogeneous vulnerabilities.