Scribd Logo
Upload

Welcome to Scribd!

  • 16 views

    LOCKSS: Lots of Copies Keep Stuff Safe

    Uploaded by

    madden8154
    LOCKSS (Lots of Copies Keeps Stuff Safe) is a system that uses distributed data replication across participating nodes to preserve digital content. It aims to provide access to content even if the original publisher becomes unavailable by storing copies across multiple "loyal peers" and using polling to detect and repair any damage or missing content. The design principles focus on using the inertia of a large number of distributed copies along with intrinsic intrusion detection through proof of effort to make it difficult and costly for an adversary to damage the system without detection. Simulations showed the system can effectively preserve content over decades even with random damage or attacks occurring.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    LOCKSS: Lots of Copies Keep Stuff Safe

    Uploaded by

    madden8154
    16 views31 pages
    LOCKSS (Lots of Copies Keeps Stuff Safe) is a system that uses distributed data replication across participating nodes to preserve digital content. It aims to provide access to content even if the original publisher becomes unavailable by storing copies across multiple "loyal peers" and using polling to detect and repair any damage or missing content. The design principles focus on using the inertia of a large number of distributed copies along with intrinsic intrusion detection through proof of effort to make it difficult and costly for an adversary to damage the system without detection. Simulations showed the system can effectively preserve content over decades even with random damage or attacks occurring.

    Original Description:

    Original Title

    lockss

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    LOCKSS (Lots of Copies Keeps Stuff Safe) is a system that uses distributed data replication across participating nodes to preserve digital content. It aims to provide access to content even if the original publisher becomes unavailable by storing copies across multiple "loyal peers" and using polling to detect and repair any damage or missing content. The design principles focus on using the inertia of a large number of distributed copies along with intrinsic intrusion detection through proof of effort to make it difficult and costly for an adversary to damage the system without detection. Simulations showed the system can effectively preserve content over decades even with random damage or attacks occurring.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    16 views31 pages

    LOCKSS: Lots of Copies Keep Stuff Safe

    Uploaded by

    madden8154
    LOCKSS (Lots of Copies Keeps Stuff Safe) is a system that uses distributed data replication across participating nodes to preserve digital content. It aims to provide access to content even if the original publisher becomes unavailable by storing copies across multiple "loyal peers" and using polling to detect and repair any damage or missing content. The design principles focus on using the inertia of a large number of distributed copies along with intrinsic intrusion detection through proof of effort to make it difficult and costly for an adversary to damage the system without detection. Simulations showed the system can effectively preserve content over decades even with random damage or attacks occurring.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 31

    LOCKSS: Lots of

    Copies Keep Stuff Safe


    Petros Maniatis, Mema Roussopoulos, TJ Giuli, David S. Rosenthal, and Mary Baker
    Slides by: Brian Madden

    Friday, May 7, 2010


    Introduction

    Friday, May 7, 2010


    Introduction

    • Transition means renting access to


    publisher’s copy
    • Doesn’t guarantee lifetime of access

    Friday, May 7, 2010


    Introduction

    • Physical media easy


    • Copy it
    • Distribute it
    • Lend it to others who will do the same

    Friday, May 7, 2010


    LOCKSS

    • Lots of Copies Keep Stuff Safe

    Friday, May 7, 2010


    Design Goal

    • High probability that loyal peers are in a


    healthy state despite failures and attacks,
    and a low probability that an adversary can
    damage things without detection

    Friday, May 7, 2010


    Design Observations

    • Must be cheap
    • Must be easy
    • Slow is okay
    • Must be durable

    Friday, May 7, 2010


    Design Principles

    • Cheap is good, but cheap storage is


    unreliable

    Friday, May 7, 2010


    Design Principles

    • Use no long term secrets

    Friday, May 7, 2010


    Design Principles

    • Use inertia

    Friday, May 7, 2010


    Design Principles

    • Avoid third party reputation

    Friday, May 7, 2010


    Design Principles

    • Reduce predictability

    Friday, May 7, 2010


    Design Principles

    • Intrinsic intrusion detection

    Friday, May 7, 2010


    Design Principles

    • Assume a strong adversary

    Friday, May 7, 2010


    Operation

    • Collects: by crawling journal sites for new


    material
    • Distributes: by acting as a local proxy cache
    for local readers
    • Preserves: by working with other caches to
    hold, detect, and repair the same material

    Friday, May 7, 2010


    Polling

    • To ensure a replica is still valid nodes


    participate in polls
    • A sample of peers vote on a specified
    part of the content

    Friday, May 7, 2010


    Polling

    • Peers vote on large archival units (AUs)


    • Typically a year’s worth of a journal
    • Different peers hold different sets of AUs

    Friday, May 7, 2010


    Polling

    • If a peer loses a poll on an AU it performs


    increasingly specific partial polls to locate
    the damage
    • If the damage is found, peers cooperate to
    replace the bad AU

    Friday, May 7, 2010


    Polling

    • Peers call polls on AUs at a rate faster than


    anticipated rate of damage
    • Invites to its poll a small subset of recently
    encountered peers
    • Unless an invited peer is busy it creates a
    digest of the AU and votes

    Friday, May 7, 2010


    Polling
    • If the vote is overwhelmingly in favor of the
    poller, it is a landslide win.
    • If the vote is overwhelmingly against the
    poller, it is a landslide loss.
    • Triggers a repair and re-polls to ensure
    AU is now correct
    • If the poll is inconclusive, raise an alarm
    Friday, May 7, 2010
    Polling
    • Polls require both the poller and the voters
    to expend provable computational effort.
    • Voters exist in two circles
    • Inner circle voters vote counts
    • Outer circle is used for discovery of who
    to invite to future inner circle

    Friday, May 7, 2010


    Polling
    • A poller removes from its inner circle:
    • Peers who do not participate in a poll
    • Timeouts, refusals, conflicting response
    • Removed voters are discredited
    • If too many voters discredited, alarm is
    raised

    Friday, May 7, 2010


    Polling

    • After voting, inner circle peers nominate


    new outer circle peers
    • All nominations treated equal

    Friday, May 7, 2010


    Polling

    • Votes are verified


    • First the proof of effort is verified
    • Then the vote
    • If a vote is incorrect, that voter is removed

    Friday, May 7, 2010


    Polling

    • If a node is unable to get enough votes


    from its inner circle it makes no decision
    and calls another poll
    • If it fails repeatedly it raises an inter-poll
    interval alarm

    Friday, May 7, 2010


    Alarms

    • LOCKSS raises alarms if it suspects attacks


    • Inconclusive poll alarm
    • Local spoofing alarm

    Friday, May 7, 2010


    Quick Security
    • LOCKSS ensures security properties
    though:
    • Rate limiting
    • Provable recent effort
    • Friend bias in the reference list
    • Obfuscation of protocol state
    Friday, May 7, 2010
    Simulation

    • To test the new protocol a discrete event


    simulation was used
    • Simulated a 30 year life
    • Initial population of 1,000 peers
    • Cost of hashing AU = 120s

    Friday, May 7, 2010


    Simulation

    • Simulation included both loyal and


    malicious peers
    • Malicious peers attempted a number of
    different attacks

    Friday, May 7, 2010


    Results

    • Simulation shows:
    • Substantial rates of random damage yield
    low rates of false alarms
    • Adversaries must spend non-negligible
    resources or time to subvert the system

    Friday, May 7, 2010


    Conclusions

    • Lots of Copies does Keep Stuff Safe


    • Using massive replication, rate limitation,
    inherit intrusion detection, and costly
    operations can create a resilient peer to
    peer system

    Friday, May 7, 2010

    You might also like