As cloud storage in particular and networked storage in general gain widespread adoption, the biggest concern for customers is security. The concern is well warranted for two reasons. First, the surface area of exploitation and vulnerability is greatly increased with the communication channel and a possibly shared remote server, in addition to multiple clients. Second, when the networked storage server is maintained by a third party, such as a cloud provider, there is a lack of trust in the way data is managed at the server side.
To minimize the risks while out-sourcing the data management, networked storage clients need security mechanisms at their end to ensure data integrity and confidentiality. However, security mechanisms such as encryption, authentication, and virus-scanning often have high-performance overhead. Figuring out the security policy that offers the right balance of security and performance is, therefore, important. To solve this problem, we examine the performance overhead of different security features of a networked storage system and develop security policies that trade-off security and performance. This study was motivated by the lack of previous work on performance overhead of security in the context of networked storage systems.
A typical way to enforce security policies in client-server computer systems is using proxies to monitor and regulate the client-server communication, as exemplified by network firewalls. While the security installations go into a proxy, clients and servers are kept intact, and can continue to work without changes. The proxies are usually deployed at the trusted end to fence off security threats from the untrusted end. Besides to providing security, proxies can also improve performance by caching. Considering that storage servers may be slow and over a WAN, as in cloud-backed systems, caching proxies, deployed in the same LAN of the clients, can significantly reduce server access latency.
Specifically, we studied the trade-off between security and performance in a Network File System (NFSv4) with a security and caching proxy. We designed and implemented the proxy with a layered architecture, where each security feature is a stackable file system layer. Each layer can be enabled or disabled, and separately configured as required by policy. For example, an anti-virus layer can be configured to the size or type of file that it scans while an integrity layer can be configured, independently, whether or not to detect replay attacks of file data. This layered architecture facilitates the study of security performance trade-off because different security policies can be composed easily via composition of different layers.
Our study showed the interesting interaction between security policies and system performance. We found that the order of the same set of security layers has a significant performance impact, and identified the optimal order of anti-virus, encryption, integrity, and cache.
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Finding the Right Balance: Security vs. Performance with Network Storage Systems
1. Arun Olappamanna Vasudevan
Stony Brook University
http://www.fsl.cs.sunysb.edu/
Finding the Right Balance:
Security vs. Performance
with Network Storage Systems
A
Master’s
Thesis
2. Summary of Contributions
l Co-developed a secure NFSv4 proxy
with integrity-checking, encryption, anti-
virus, and cache
l Contributed to NFS-Ganesha project to
support stacking of multiple FSALs
l Developed buffer scanner in ClamAV
05/15/2015 Arun Olappamanna Vasudevan—Masters Defense 2
LOC Proxy-cache,
Anti-virus
Integrity-
Encryption
Total
Source 9,264 3,586 12,850
4. Cloud Storage
l Availability
u Google Cloud Platform @ 99.9973% up-
time
l Scalability
l Economical
l Accessibility
l Easy to share and collaborate
documents
05/15/2015 Arun Olappamanna Vasudevan—Masters Defense 4
5. Security Concerns
l Confidentiality
u Sony Pictures Entertainment
u Photos of celebrities in iCloud hack
l Integrity
u CERN – petabyte scale data
u 22/33,700 files corrupted (8.7 TB)
l Availability
u Symantec report – 43% of respondents
have lost data in cloud!
05/15/2015 Arun Olappamanna Vasudevan—Masters Defense 5
6. Threat Model
05/15/2015 Arun Olappamanna Vasudevan—Masters Defense 6
Cloud
Secure
Proxy
Clients
LAN
WAN
Trusted Untrusted
Semi-trusted
13. Proxy Architecture
05/15/2015 Arun Olappamanna Vasudevan—Masters Defense 13
Server
Proxy with
security and cache
Clients
LAN
WAN
NFS
NFS
14. NFS-Ganesha
05/15/2015 Arun Olappamanna Vasudevan—Masters Defense 14
Client
Proxy NFSv4
Cache_inode
Server
Stackable
FSAL
FSAL_
PROXY
open read write
pxy_open pxy_read pxy_write
File
System
Abstraction
Layers
(FSAL)
15. Layered Architecture
05/15/2015 Arun Olappamanna Vasudevan—Masters Defense 15
Client
Proxy
Server
Security
Cache
Client
Proxy
Server
Cache
Security
Model A Model B
16. Model A
Item Support?
Write-back cache ✔
Protect against bad data in cache
from server
✖
Protect against bad data in cache
from client
✔
Additional data for security ✔
Modification of data ✖
Handling security updates ✔
05/15/2015 Arun Olappamanna Vasudevan—Masters Defense 16
Client
Proxy
Server
Security
Cache
17. Model A (Write Path)
05/15/2015 Arun Olappamanna Vasudevan—Masters Defense 17
18. Model B
Item Support?
Write-back cache ✖
Protect against bad data in cache
from server
✔
Protect against bad data in cache
from client
✖
Additional data for security ✖
Modification of data ✔
Handling security updates ✖
05/15/2015 Arun Olappamanna Vasudevan—Masters Defense 18
Client
Proxy
Server
Cache
Security
19. Final Hybrid Design
l Cache – Read and write
in block units
l Anti-virus protects
against malware from
clients
l Crypto and integrity
protect confidentiality
and integrity of data in
server
05/15/2015 Arun Olappamanna Vasudevan—Masters Defense 19
Client
Proxy
Server
Anti-virus
Cache
Crypto
Integrity
21. Anti-Virus
l ClamAV
u Signature-based anti-virus scanner
u Full-file scans
l Server-data is protected by integrity
u Scan only writes from clients
u Every 5 minutes (configurable) and at close
05/15/2015 Arun Olappamanna Vasudevan—Masters Defense 21
22. Cache
l Write-back data cache
u Every 5 minutes (configurable) and at close
u Meta-data is not cached
l Persistent cache
u Sparse local files for cached remote files
u Page-cache in memory
l Thread-safe implementation
u Per-file range locks
u Handling asynchronous write-backs
05/15/2015 Arun Olappamanna Vasudevan—Masters Defense 22
23. Integrity
l SCSI standard Data Integrity Field (DIF)
05/15/2015 Arun Olappamanna Vasudevan—Masters Defense 23
24. Integrity with NFSv4.2
05/15/2015 Arun Olappamanna Vasudevan—Masters Defense 24
APP
OS
NFS Client
NFS Server
OS
HBA
Device
WAN
DIX
DIF
WRITE_PLUS(data, integrity_tag)
READ_PLUS: data, integrity_tag
WRITE(data)
WRITE(data)
READ: data
READ: data
DIX: Data Integrity eXtension
25. Integrity and Encryption
05/15/2015 Arun Olappamanna Vasudevan—Masters Defense 25
PDATA
ADATA
Cipher-text
Integrity_tag
AES-GCM
Plain-text
data
Authentication
data
File key
27. Experimental Setup
05/15/2015 Arun Olappamanna Vasudevan—Masters Defense 27
Virtual SCSI
device with
DIX support
Proxy
Anti-virus
Cache
Crypto
Integrity
Client 1
Client 3
Client 2
Client 4
Client 5
Server
LAN (0.2ms RTT)
10 GbE
WAN (30ms RTT)
1 GbE
28. Experiments
l Micro-workloads
u 100 files pre-allocated
u Repeat for 2 minutes:
§ Open a random file
§ Read n times
§ Write m times
§ Close file
l Macro-workloads (Filebench)
u File server and Mail server
u Web server
05/15/2015 Arun Olappamanna Vasudevan—Masters Defense 28
35. Web Server Workload
05/15/2015 Arun Olappamanna Vasudevan—Masters Defense 35
0
20
40
60
80
100
120
140
160
180
200
P I IC IE ICE ICEA
#Ops/Sec
Security and Caching Configs
-60%
+77% +75%
36. Evaluation Summary
l Integrity
u Overhead: 3–26%
l Encryption with integrity
u No additional overhead
l Anti-virus
u Overhead: up to 23% for 10MB files
l Cache
u Performance: up to 8x
l File server, Mail server, Web server
u With all features: 23–28% overhead
05/15/2015 Arun Olappamanna Vasudevan—Masters Defense 36
38. Conclusions
l Designed and implemented a secure
NFS proxy with cloud back-end
l Overhead of security
u Integrity and Encryption give similar
overheads
u Anti-virus overhead depends on file-size
l Caching can offset security overhead to
a great extent
05/15/2015 Arun Olappamanna Vasudevan—Masters Defense 38
39. Future Work
l Security
u Use Merkle tree or versioning scheme for integrity
u Meta-data confidentiality
l Performance
u Anti-virus scanning incrementally
u Relax NFS strict consistency
§ Use RESTful protocols between proxy and server
l Kurma – Secure Geo-Replicated Multi-Cloud
Storage Gateways
05/15/2015 Arun Olappamanna Vasudevan—Masters Defense 39
40. Acknowledgements
l My advisor, Dr. Erez Zadok
l Ming Chen, Kelong Wang
l My family and friends
l Committee members
l NSF
05/15/2015 Arun Olappamanna Vasudevan—Masters Defense 40
41. Arun Olappamanna Vasudevan
Stony Brook University
http://www.fsl.cs.sunysb.edu/
Finding the Right Balance: Security vs. Performance
with Network Storage Systems
A
Master’s
Thesis
Q&A
42. Kurma: Secure Geo-Replicated Multi-Cloud
Storage Gateways
Region
1
Clients
Region
2
metadata
metadata
metadata
Region
3
Azure
S3
Drive
Untrusted
Secure
Gateway
Public Clouds
05/15/2015 Arun Olappamanna Vasudevan—Masters Defense 42
43. Model A (Read Path)
05/15/2015 Arun Olappamanna Vasudevan—Masters Defense 43
44. Model B (Read Path)
05/15/2015 Arun Olappamanna Vasudevan—Masters Defense 44
45. Model B (Write Path)
05/15/2015 Arun Olappamanna Vasudevan—Masters Defense 45