Efficiently Binding Data to Owners in Distributed Content-Addressable Storage Systems
Slides
:
Abstract
Distributed content-addressable storage systems use self-verifying
data to protect data integrity and to enable graceful scaling. One
feature commonly missing from these systems, however, is the ability
to identify the owner of a piece of data in a non-repudiable manner.
While a solution that associates a certificate with each block of data
is conceptually simple, it has been traditionally claimed that the
cost of creating and maintaining certificates is too great. In this
paper, we demonstrate that systems can, in fact, efficiently map data
to its owner in a secure and non-repudiable fashion. To reduce the
cost of creating and maintaining certificates, we extend the
traditional content-addressable interface to allow the aggregation of
many small data blocks into larger containers. The aggregation is
performed in a way that also supports self-verifying data at the
granularity of the block and container, fine-granularity access, and
incremental updates. We describe two prototype implementations and
present preliminary performance results from deployments on PlanetLab
and a local cluster.