Author_Institution :
Network Security & Appl. Cryptography Lab., Stony Brook Univ., Stony Brook, NY
Abstract :
We introduce a Write-Once Read-Many (WORM) storage system providing strong assurances of data retention and compliant migration, by leveraging trusted secure hardware in close data proximity. This is important because existing compliance storage products and research prototypes are fundamentally vulnerable to faulty or malicious behavior, as they rely on simple enforcement primitives ill-suited for their threat model. This is hard because tamper-proof processing elements are significantly constrained in both computation ability and memory capacity - as heat dissipation concerns under tamper-resistant requirements limit their maximum allowable spatial gate-density. We achieve efficiency by (i) ensuring the secure hardware is accessed sparsely, minimizing the associated overhead for expected transaction loads, and (ii) using adaptive overhead-amortized constructs to enforce WORM semantics at the throughput rate of the storage servers ordinary processors during burst periods. With a single secure co-processor, on single-CPU commodity x86 hardware, our architecture can support over 2500 transactions per second.
Keywords :
file servers; storage management; Write-Once Read-Many storage system; adaptive overhead-amortized constructs; compliance storage product; data proximity; data retention; spatial gate density; storage servers; tamper-proof processing element; tamper-resistant requirements; Computer security; Computer worms; Coprocessors; Data security; Distributed computing; Hardware; Information management; Information security; Logic devices; Secure storage; regulatory compliance WORM write once read many storage;
Conference_Titel :
Distributed Computing Systems, 2008. ICDCS '08. The 28th International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-0-7695-3172-4
Electronic_ISBN :
1063-6927
DOI :
10.1109/ICDCS.2008.20
