Secure replica allocation in cloud storage systems with heterogeneous vulnerabilities

Highly available cloud storage is often implemented with complex, multi-tiered distributed systems built on top of clusters of commodity servers and disk drives. Storage reliability, security and performance are among the top desired features when clients consider storing data on cloud storage. Although replication improves reliability and performance in cloud storage systems, data replication increases the risk of data storage in an insecure network environment. When a cloud storage scales up, storage nodes are very likely to become heterogeneous in nature. In this study, we propose a secure replica allocation scheme called SecRA to improve security, reliability, and performance of a cloud storage system where storage nodes have a wide variety of vulnerabilities. Our SecRA integrates the techniques of replication and fragmentation with secret sharing in a heterogeneous cloud system, where storage nodes are comprised of various server types in terms of vulnerability characteristics. SecRA allocates data replicas of fragments of a file to as many different types of nodes as possible. For the replicas of the same fragment, SecRA tries to allocate these replicas to the same type of nodes in the system. Data assurance is significantly improved, because the replicas of different fragments of a file are allocated to multiple types of storage nodes. To quantitatively evaluate the quality of security offered by SecRA, we develop a storage assurance model. Our analytically results show that replica allocations made by SecRA lead to enhanced security thanks to the consideration of heterogeneous vulnerabilities in cloud storage systems.