2,620 research outputs found
On Secure Distributed Data Storage Under Repair Dynamics
We address the problem of securing distributed storage systems against
passive eavesdroppers that can observe a limited number of storage nodes. An
important aspect of these systems is node failures over time, which demand a
repair mechanism aimed at maintaining a targeted high level of system
reliability. If an eavesdropper observes a node that is added to the system to
replace a failed node, it will have access to all the data downloaded during
repair, which can potentially compromise the entire information in the system.
We are interested in determining the secrecy capacity of distributed storage
systems under repair dynamics, i.e., the maximum amount of data that can be
securely stored and made available to a legitimate user without revealing any
information to any eavesdropper. We derive a general upper bound on the secrecy
capacity and show that this bound is tight for the bandwidth-limited regime
which is of importance in scenarios such as peer-to-peer distributed storage
systems. We also provide a simple explicit code construction that achieves the
capacity for this regime.Comment: 5 pages, 4 figures, to appear in Proceedings of IEEE ISIT 201
Leveraging OpenStack and Ceph for a Controlled-Access Data Cloud
While traditional HPC has and continues to satisfy most workflows, a new
generation of researchers has emerged looking for sophisticated, scalable,
on-demand, and self-service control of compute infrastructure in a cloud-like
environment. Many also seek safe harbors to operate on or store sensitive
and/or controlled-access data in a high capacity environment.
To cater to these modern users, the Minnesota Supercomputing Institute
designed and deployed Stratus, a locally-hosted cloud environment powered by
the OpenStack platform, and backed by Ceph storage. The subscription-based
service complements existing HPC systems by satisfying the following unmet
needs of our users: a) on-demand availability of compute resources, b)
long-running jobs (i.e., days), c) container-based computing with
Docker, and d) adequate security controls to comply with controlled-access data
requirements.
This document provides an in-depth look at the design of Stratus with respect
to security and compliance with the NIH's controlled-access data policy.
Emphasis is placed on lessons learned while integrating OpenStack and Ceph
features into a so-called "walled garden", and how those technologies
influenced the security design. Many features of Stratus, including tiered
secure storage with the introduction of a controlled-access data "cache",
fault-tolerant live-migrations, and fully integrated two-factor authentication,
depend on recent OpenStack and Ceph features.Comment: 7 pages, 5 figures, PEARC '18: Practice and Experience in Advanced
Research Computing, July 22--26, 2018, Pittsburgh, PA, US
- …