Recent developments in cloud architectures have originated new models of online storage clouds based on data dispersal algorithms. According to these algorithms the data is divided into several slices that are distributed among remote and independent storage nodes. Ensuring confidentiality in this context is crucial: only legitimate users should access any part of information they distribute among storage nodes. To the best of our knowledge, the security analysis and assessment of existing solutions always assumes of homogeneous networks and honestbut-curious nodes as attacker model.We analyze more complex scenarios with heterogeneous network topologies and a passive attacker eavesdropping the channel between user and storage nodes. We use parameterized Markov Decision Processes to model such a class of systems and Probabilistic Model Checking to assess the likelihood of breaking the confidentiality. Even if, generally speaking, the parameterized model checking is undecidable, in this paper, however, we proved a Small Model Theorem that makes such a problem decidable for the class of models adopted in this work. We discovered that confidentiality is highly affected by parameters such as the number of slices and the number of write and read requests. At design-time, the presented methodology helps to determine the optimal values of parameters affecting the likelihood of a successful attack to confidentiality.
A probabilistic small model theorem to assess confidentiality of dispersed cloud storage / Baldi, Marco; Bartocci, Ezio; Chiaraluce, Franco; Cucchiarelli, Alessandro; Senigagliesi, Linda; Spalazzi, Luca; Spegni, Francesco. - ELETTRONICO. - 10503:(2017), pp. 123-139. (Intervento presentato al convegno 14th International Conference on Quantitative Evaluation of Systems, QEST 2017 tenutosi a Berlino, Germania nel 5-7 settembre 2017) [10.1007/978-3-319-66335-7_8].
A probabilistic small model theorem to assess confidentiality of dispersed cloud storage
BALDI, Marco;Bartocci, Ezio;CHIARALUCE, FRANCO;CUCCHIARELLI, ALESSANDRO;SENIGAGLIESI, LINDA;SPALAZZI, Luca;SPEGNI, FRANCESCO
2017-01-01
Abstract
Recent developments in cloud architectures have originated new models of online storage clouds based on data dispersal algorithms. According to these algorithms the data is divided into several slices that are distributed among remote and independent storage nodes. Ensuring confidentiality in this context is crucial: only legitimate users should access any part of information they distribute among storage nodes. To the best of our knowledge, the security analysis and assessment of existing solutions always assumes of homogeneous networks and honestbut-curious nodes as attacker model.We analyze more complex scenarios with heterogeneous network topologies and a passive attacker eavesdropping the channel between user and storage nodes. We use parameterized Markov Decision Processes to model such a class of systems and Probabilistic Model Checking to assess the likelihood of breaking the confidentiality. Even if, generally speaking, the parameterized model checking is undecidable, in this paper, however, we proved a Small Model Theorem that makes such a problem decidable for the class of models adopted in this work. We discovered that confidentiality is highly affected by parameters such as the number of slices and the number of write and read requests. At design-time, the presented methodology helps to determine the optimal values of parameters affecting the likelihood of a successful attack to confidentiality.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.