A secure file sharing service for distributed computing environments

Distributed cryptographic file systems enable file sharing among their users and need the adoption of a key management scheme for the distribution of the cryptographic keys to authorized users according to their specific degree of trust. In this paper we describe the architecture of a basic secure file sharing facility relying on a multi-party threshold-based key-sharing scheme that can be overlaid on top of the existing stackable networked file systems, and discuss its application to the implementation of distributed cryptographic file systems. It provides flexible access control policies supporting multiple combination of roles and trust profiles. A proof of concept prototype implementation within the Linux operating system framework demonstrated its effectiveness in terms of performance and security robustness.     

Maintaining and checking parity in highly available Scalable Distributed Data Structures

Access to data stored in distributed main memory is much faster than access to local disks. Highly available, Scalable Distributed Data Structures (SDDS) utilize this fast access. They counteract the effects of failed or unavailable nodes by storing data redundantly. Since main memory per node is limited, they generate this redundancy by storing parity data calculated with erasure correcting codes instead of using replication. We present here a way to maintain parity that is about 10 times faster than using the traditional 2PC scheme. We also present a scheme that can diagnose a mismatch between parity and user data with very little network traffic.     

Achieving spilling-friendly register file assignment for highly distributed register files

Distributed register file architectures divide registers into multiple sets, and it follows that the register files could be small. This can increase the frequency of spilling if register allocation encounters high register pressure, which will reduce the performance. That is, there is extra spilling to handle the pressure and results in performance decline. One of the factors that can produce high pressure is improper register file assignment. Register file assignment is a phase that assigns virtual registers to suitable register files and avoids communication costs. To reduce spilling in the phase of register file assignment, this paper proposes the SPIlling-FRiendly (SPIFR) method, which attempts to improve spilling by estimating the spilling cost from two aspects: assignment and spilling. We used MiBench and EEMBC benchmarks in experiments performed with the Open64-based compiler and a cycle-accurate instruction set simulator. The MiBench experimental results show that the SPIFR method improved the average cycle counts of the benchmarks by 6.0 %. For the kernels of the benchmarks, the method improved the average cycle counts by 20.5 % and reduced the average spilling ratio by 19.0 %. The results on the EEMBC benchmarks indicate that the method improved the cycle counts with the average speedup of 7.0 %, the speedup average of the kernel functions was 11.3 %, and the average reduction in the spilling ratio was 11.7 %, respectively. We conclude that the SPIFR method can reduce spilling and increase the performance.     

Two secure file servers

In this paper, we describe the design and implementation of a two secure file servers which allow a trusted computer network to be built from untrusted computing bases. We begin with a brief review of recent results in the use of partial orderings for protection and administration of information networks, and introduce limited functionality, trusted computing base file servers as a means for allowing restricted information flow. We show the means by which such a server may be made provably secure. We consider the practicality of implementation and describe two prototype implementations for personal computers. We then summarizes results and point out possible extensions of this work.     

Scalable,low complexity,and fast greedy scheduling heuristics for highly heterogeneous distributed computing systems

For heterogeneous distributed computing systems, important design issues are scalability and system optimization. Given such systems, it is crucial to develop low computational complexity algorithms to schedule tasks in a manner that exploits the heterogeneity of the resources and applications. In this paper, we report and evaluate three scalable, and fast scheduling heuristics for highly heterogeneous distributed computing systems. We conduct a comprehensive performance evaluation study using simulation. The benchmarking outlines the performance of the schedulers, representing scalability, makespan, flowtime, computational complexity, and memory utilization. The set of experimental results shows that our heuristics perform as good as the traditional approaches, for makespan and flowtime, while featuring lower complexity, lower running time, and lower used memory. The experimental results also detail the various scenarios under which certain algorithms excel and fail.     

Scalable solutions for secure group communications

With the advent of digital technologies and widening Internet bandwidth in recent years there has been a marked rise in new multimedia services, including teleconferencing, pay-per-view TV, interactive simulations, software updates and real-time delivery of stock market information. Multicast data distribution has been used in controlled environments to deliver such services. However, the lack of secure, accountable multicast data distribution has prevented its use in general Internet environments. Proposals for multicast security solutions so far are complex and often require trust in intermediate components or are inefficient. A secure multicast protocol suite must provide data confidentiality and multicast packet source authentication. In this paper we present a robust, simple and efficient multicast key management protocol based on proxy encryption and a multicast data source authentication mechanism based on symmetric message authentication codes. The solutions are analyzed and compared to previously published schemes. The results show that the proposed schemes are efficient and scalable relative to existing schemes.     

Bounds and constructions for unconditionally secure distributed key distribution schemes for general access structures

In this paper we investigate the issues concerning the use of a single server across a network, the key distribution center (KDC) to enable private communications within groups of users. After providing several motivations, showing the advantages related to the distribution of the task accomplished by this server, we describe a model for such a distribution, and present bounds on the amount of resources required in a real-world implementation: random bits, memory storage, and messages to be exchanged. Moreover, we introduce a linear algebraic approach to design optimal schemes distributing a KDC, and we point out that some previous constructions belong to the proposed framework.     

Scalable, statistical storage allocation for extensible inverted file construction

An Inverted file is a commonly used index for both archival databases and free text where no updates are expected. Applications like information filtering and dynamic environments like the Internet require inverted files to be updated efficiently. Recently, extensible inverted files are proposed which can be used for fast online indexing. The effective storage allocation scheme for such inverted files uses the arrival rate to preallocate storage. In this article, this storage allocation scheme is improved by using information about both the arrival rates and their variability to predict the storage needed, as well as scaling the storage allocation by a logarithmic factor. The resultant, final storage utilization rate can be as high as 97-98% after indexing about 1.6 million documents. This compares favorably with the storage utilization rate of the original arrival rate storage allocation scheme. Our evaluation shows that the retrieval time for extensible inverted file on solid state disk is on average similar to the retrieval time for in-memory extensible inverted file. When file seek time is not an issue, our scalable storage allocation enables extensible inverted files to be used as the main index on disk. Our statistical storage allocation may be applicable to novel situations where the arrival of items follows a binomial, Poisson or normal distribution.     

Scalable local density-based distributed clustering

Large amounts of high-dimensional data are distributed with the application of networks. Distributed clustering has become an increasingly important task due to variety of real-life constrains, including bandwidth and security aspects. Many distributed clustering algorithm have been proposed, but most of them have high transmission cost and poor clustering quality. In this paper, we propose a scalable local density-based distributed clustering algorithm which can easily fit high-dimensional data sets by this method such as density attractor distance and noise factor. In order to keep a lower transmission cost, we determine suitably low factor noises to send to the server. Furthermore, Test data sets, CMC data sets and KDD-CUP-99 are used for experimental evaluation to validate the performance practically. The experimental results and theoretical analysis show that the efficiency and quality for clustering of the proposed algorithm are superior to the other distributed clustering algorithm.     

Scalable access to scientific data

The author use a simple analytic model to analyze the scalability of an infrastructure that generates high-level data products derived from raw data and then delivers them in response to user requests. He also discusses the concept of metadata and how it generally facilitates access to scientific data.     

The pulse distributed file system

A network of powerful personal computers, linked by a high-speed local area network, is being seen increasingly as an alternative to a traditional centralized time-sharing operating system. The PULSE project is investigating how such a system may be constructed to give the benefits of a self-sufficient personal computer to each user without losing the facilities for communication and sharing of data inherent in centralized systems. In particular, a distributed file system has been built which provides a single global UNIX

1 UNIX is a trademark of Bell Laboratories.

-like hierarchy, with a consistent appearance when accessed from any machine. Replicated copies of files are maintained to improve reliability, increase performance, and enable each machine to run stand-alone, albeit with reduced facilities.     

Scalable distributed on-the-fly symbolic model checking

This paper presents a scalable method for parallel symbolic on-the-fly model checking in a distributed memory environment. Our method combines a scheme for on-the-fly model checking for safety properties with a scheme for scalable reachability analysis. We suggest an efficient, BDD-based algorithm for a distributed construction of a counterexample. The extra memory requirement for counterexample generation is evenly distributed among the processes by a memory balancing procedure. At no point during computation does the memory of a single process contain all the data. This enhances scalability. Collaboration between the parallel processes during counterexample generation reduces memory utilization for the backward step. We implemented our method on a standard, loosely- connected environment of workstations, using a high-performance model checker. Our initial performance evaluation, carried out on several large circuits, shows that our method can check models that are too large to fit in the memory of a single node. Our on-the-fly approach may find counterexamples even when the model is too large to fit in the memory of the parallel system.     

双连接文件安全传输的设计与实现

针对文件传输存在的安全性缺陷,提出了一种基于转发模式的双连接文件安全传输方法。采用转发隔离思想设计了双连接结构,对文件存储服务器和客户端进行隔离,通过文件安全传输协议栈实现数据的全程加密和可靠传输,并讨论和解决了双连接结构的数据传输引起的流量控制问题。实验结果表明,基于转发模式的双连接文件安全传输在确保服务器安全性和数据密文传输的同时,保障了文件传输的速度和效率。     

Scalable consistency protocols for distributed services

A common way to address scalability requirements of distributed services is to employ server replication and client caching of objects that encapsulate the service state. The performance of such a system could depend very much on the protocol implemented by the system to maintain consistency among object copies. We explore scalable consistency protocols that never require synchronization and communication between all nodes that have copies of related objects. We achieve this by developing a novel approach called local consistency (LC). LC based protocols can provide increased flexibility and efficiency by allowing nodes control over how and when they become aware of updates to cached objects. We develop two protocols for implementing strong consistency using this approach and demonstrate that they scale better than a traditional invalidation based consistency protocol along the system load and geographic distribution dimensions of scale     

Advanced transaction processing in multilevel secure file stores

The concurrency control requirements for transaction processing in a multilevel secure file system are different from those in conventional transaction processing systems. In particular, there is the need to coordinate transactions at different security levels avoiding both potential timing covert channels and the starvation of transactions at higher security levels. Suppose a transaction at a lower security level attempts to write a data item that is being read by a transaction at a higher security level. On the one hand, a timing covert channel arises if the transaction at the lower security level is either delayed or aborted by the scheduler. On the other hand, the transaction at the high security level may be subjected to an indefinite delay if it is forced to abort repeatedly. This paper extends the classical two-phase locking mechanism to multilevel secure file systems. The scheme presented here prevents potential timing covert channels and avoids the abort of higher level transactions nonetheless guaranteeing serializability. The programmer is provided with a powerful set of linguistic constructs that supports exception handling, partial rollback, and forward recovery. The proper use of these constructs can prevent the indefinite delay in completion of a higher level transaction, and allows the programmer to trade off starvation with transaction isolation     

Storage efficient and secure replicated distributed databases

Data availability and security are two important issues in a distributed database system. Existing schemes achieve high availability at the expense of higher storage cost and data security at the expense of higher processing cost. We develop an integrated methodology that combines the features of some existing schemes dealing with data fragmentation, data encoding, partial replication, and quorum consensus concepts to achieve storage efficient, highly available, and secure distributed database systems