随着大数据处理系统日趋复杂, 软件错误、软件兼容性、管理失误甚至恶意入侵等导致的拜占庭故障对系统可用性影响日趋严重。拜占庭故障节点可能采用含糊行为欺骗正确节点, 因此检测节点是否存在含糊行为是兼顾安全性和效率的一种有效手段。该文提出了一种支持完整性检测的安全日志Log-Keeper, 通过创建完整性证据支持存在性和一致性检测, 证明状态的完整性。为了支持分布式环境下的频繁检测, 基于IndexTree实现了Log-Keeper, 支持O(lbn)规模证据。测试表明, Log-Keeper创建的证据规模是AASL(authenticated append-only skip list)的25%~50%。
With the increasing complexity of the large data processing systems, Byzantine fault behavior caused by software bugs, misconfiguration or malicious intrusions can seriously affect system availability. Byzantine fault nodes can then cheat other correct nodes by equivocation behavior, so the equivocation behaviors can be detected to maintain system safety. This paper presents a security log with integrity verification support, Log-Keeper, which generates integrity proofs for existence and consistency verification. Frequent verification in a distributed environment uses an IndexTree-based Log-Keeper which supports O(lbn) proof. Tests show that the size of the integrity proofs generated by Log-Keeper is 25%~50% of that of the authenticated append-only skip list (AASL).
[1] Keeney M, Kowalski E, Cappelli D, et al. Insider threat study:Computer system sabotage in critical infrastructure sectors[R]. Pittsburgh, PA, USA:Carnegie Mellon University, 2005.
[2] Chun B G, Maniatis P, Shenker S, et al. Attested append-only memory:Making adversaries stick to their word[J]. ACM SIGOPS Operating Systems Reviews, 2007, 41(6):189-204.
[3] Gil T, Muthitacharoen A, Morris R, et al. Ivy:A read/writepeer-to-peer file system[J]. Proc Fifth Symposium on Operating Systems Design and Implementation, 2002, 36(1):31-44.
[4] Abd-El-Malek M, Ganger G R, Goodson G R, et al. Fault-scalable Byzantine fault-tolerant services[J]. Proceedings of ACM Symposium on Operating Systems Principles, 2005, 39(5):59-74.
[5] Castro M, Liskov B. Practical byzantine fault tolerance and proactive recovery[J]. ACM Transactions on Computer Systems, 2002, 20(4):398-461.
[6] Kotla R, Clement A, Wong E, et al. Zyzzyva:Speculative byzantine fault tolerance[J]. Communications of the ACM, 2009, 27(11):86-95.
[7] 咸鹤群, 冯登国. 外包数据库模型中的完整性检测方案[J]. 计算机研究与发展, 2010, 47(6):1107-1115.Xian H, Feng D. An integrity checking scheme in outsourced database model[J]. Journal of Computer Research & Development, 2010, 47(6):1107-1115.
[8] Pavlou K E, Snodgrass R T. Forensic analysis of database tampering[C]//Proceedings of the 2006 ACM SIGMOD international conference on Management of data. New York, NY, USA:ACM, 2006:109-120.
[9] Maniatis P. Historic integrity in distributed systems[D]. Palo Alto, CA, USA:Stanford University, 2003.
[10] Bao Y, Wang Y, Luan Z, et al. IndexTree:An Efficient Tamper-Evidence Logging[C]//Proc 12th IEEE International Conference on High Performance Computing and Communications (HPCC 2010). Piscataway, NJ, USA:IEEE Press, 2010:701-706.
[11] Merkle R. C. Protocols for public key cryptosystems[C]//Proc IEEE Symposium on Security and Privacy. Piscataway, NJ, USA:IEEE Press, 1980:122-122.
