| dc.identifier.uri | http://hdl.handle.net/11401/77303 | |
| dc.description.sponsorship | This work is sponsored by the Stony Brook University Graduate School in compliance with the requirements for completion of degree. | en_US |
| dc.format | Monograph | |
| dc.format.medium | Electronic Resource | en_US |
| dc.language.iso | en_US | |
| dc.publisher | The Graduate School, Stony Brook University: Stony Brook, NY. | |
| dc.type | Thesis | |
| dcterms.abstract | As cloud storage in particular and networked storage in general gain widespread adoption, the biggest concern for customers is security. The concern is well warranted for two reasons. First, the surface area of exploitation and vulnerability is greatly increased with the communication channel and a possibly shared remote server, in addition to multiple clients. Second, when the networked storage server is maintained by a third party, such as a cloud provider, there is a lack of trust on the way data is managed at the server side. In order to minimize the risks while out-sourcing the data management, networked storage clients need security mechanisms at their end to ensure data integrity and confidentiality. However, security mechanisms such as encryption, authentication, and virus-scanning often have high performance overhead. Figuring out the security policy that offers the right balance of security and performance is therefore important. To solve this problem, we examine the performance overhead of different security features of a networked storage system, and develop security policies that trade-off security and performance. This study was motivated by the lack of previous work on performance overhead of security in the context of networked storage systems. A typical way to enforce security policies in client-server computer systems is using proxies to monitor and regulate the client-server communication, as exemplified by network firewalls. While the security installations go into a proxy, clients and servers are kept intact, and can continue to work without changes. The proxies are usually deployed at the trusted end to fence off security threats from the untrusted end. For example, network firewalls are often deployed by the server end to defend malicious clients; cloud-backed storage proxies can be used by the client end to safeguard against the malicious cloud back-end. In addition to providing security, proxies can also improve performance by caching as with CDNs. Considering that storage servers may be slow and over a WAN, as in cloud-backed systems, caching proxies, deployed in the same LAN of the clients, can significantly reduce server access latency. Specifically, we studied the trade-off between security and performance in a Network File System (NFSv4) with a security and caching proxy. We designed and implemented the proxy with a layered architecture, where each security feature is a stackable file system layer. Each layer can be enabled or disabled, and configured separately as required by policy. For example, an anti-virus layer can be configured with the size or type of file that it scans, while an integrity layer can be configured independently whether or not to detect replay attacks of file data. This layered architecture facilitates the security-performance trade-off study because different security policies can be composed easily via composition of different layers. Our study showed interesting interaction between security policies and system performance. We found that the order of the same set of security layers has significant performance impact, and identified the optimal order of anti-virus, encryption, integrity, and caching layers. In addition to a broad idea of security policies and their effect on performance, we also present insight into interactions between caching and security, a topic that is less studied in academia. | |
| dcterms.available | 2017-09-20T16:52:23Z | |
| dcterms.contributor | Stoller, Scott | en_US |
| dcterms.contributor | Zadok, Erez | en_US |
| dcterms.contributor | Ferdman, Mike. | en_US |
| dcterms.creator | Olappamanna Vasudevan, Arun | |
| dcterms.dateAccepted | 2017-09-20T16:52:23Z | |
| dcterms.dateSubmitted | 2017-09-20T16:52:23Z | |
| dcterms.description | Department of Computer Science. | en_US |
| dcterms.extent | 56 pg. | en_US |
| dcterms.format | Application/PDF | en_US |
| dcterms.format | Monograph | |
| dcterms.identifier | http://hdl.handle.net/11401/77303 | |
| dcterms.issued | 2015-12-01 | |
| dcterms.language | en_US | |
| dcterms.provenance | Made available in DSpace on 2017-09-20T16:52:23Z (GMT). No. of bitstreams: 1
OlappamannaVasudevan_grad.sunysb_0771M_12376.pdf: 1379604 bytes, checksum: 87652ed7ae452977e15d81e75081c00e (MD5)
Previous issue date: 1 | en |
| dcterms.publisher | The Graduate School, Stony Brook University: Stony Brook, NY. | |
| dcterms.subject | Measurement, NAS, NFS, NFSv4, Performance, Security | |
| dcterms.subject | Engineering | |
| dcterms.title | Finding the Right Balance: Security vs. Performance with Network Storage Systems | |
| dcterms.type | Thesis | |
