Fatemeh Khoda Parast,Brett Kelly,Saqib Hakak,Yang Wang,Kenneth B. Kent

DOI: https://doi.org/10.1109/access.2022.3227384

IF: 3.9

2022-12-13

IEEE Access

Abstract:Clustered storage systems are dominant solutions for the era of data-intensive computing. Ceph represents a sustainable clustered storage solution, supporting object, block, and file storage capabilities with no single point of failure. Despite the strong management abilities, security remains a serious concern in the Ceph storage system. To date, authentication and access control are the only supported security protocols in the system. Data confidentiality will be undermined if a malicious insider or outside intruder accesses storage devices. This study proposes a lightweight cryptographic-based interface, CephArmor, for a Ceph storage system to ensure data confidentiality in storage. The proposed method has been integrated into the Ceph stable version, Pacific, and evaluated through 45Drives Storinator servers, a commercial hardware commodity for storage solutions in real-world scenarios. The experimental results denote a nuanced overhead regarding elapsed time, throughput, average operations per second, and latency on a write operation. In contrast, the read operations illustrated near-zero performance overhead for the same metrics.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xiaonan Zhao,Xiao Zhang,Qing Wang,Yanqiu Wang

DOI: https://doi.org/10.1109/ICDIS.2019.00018

2019-06-28

Abstract:Block storage resources are essential in an Infrastructure-as-a-Service(IaaS) cloud computing system. It is used for storing virtual machines’ images. It offers persistent storage service even the virtual machine is off. Distribute storage systems are used to provide block storage services in IaaS, such as Amazon EBS, Cinder, Ceph, Sheepdog. Ceph is widely used as the backend block storage service of OpenStack platform. It converts block devices into objects with the same size and saves them on the local file system. The performance of block devices provided by Ceph is only 30% of hard disks in many cases. One of the key issues that affect the performance of Ceph is the three replicas for fault tolerance. But our research finds that replicas are not the real reason slow down the performance. In this paper, we present a new approach to accelerate the IO operations. The experiment results show that by using our storage engine, Ceph can offer faster IO performance than the hard disk in most cases. Our new storage engine provides more than three times up than the original one.

Engineering,Computer Science

Zhike Li,Yong Wang

DOI: https://doi.org/10.1007/s10586-022-03764-3

2022-10-07

Cluster Computing

Abstract:The advent of the Big Data era has brought considerable challenges to storing and managing massive data. Moreover, distributed storage systems are critical to the pressure and storage capacity costs. The Ceph cloud storage system only selects data storage nodes based on node storage capacity. This node selection method results in load imbalance and limited storage scenarios in heterogeneous storage systems. Therefore, we add node heterogeneity, network state, and node load as performance weights to the CRUSH algorithm and optimize the performance of the Ceph system by improving load balancing. We designed a cloud storage system model based on Software Defined Network (SDN) technology. This system model can avoid the tedious configuration and significant measurement overhead required to obtain network status in traditional network architecture. Then we propose adaptive read and write optimization algorithms based on SDN technology. The Object Storage Device (OSD) is initially classified based on the Node Heterogeneous Resource Classification Strategy. Then the SDN technology is used to obtain network and load conditions in real-time and an OSD performance prediction model is built to obtain weights for performance impact factors. Finally, a mathematical model is proposed for multi-attribute decision making in conjunction with the OSD state and its prediction model. Furthermore, this model is addressed to optimize read and write performance adaptively. Compared with the original Ceph system, TOPSIS_PA improves the performance of reading operations by 36%; TOPSIS_CW and TOPSIS_PACW algorithms improve the elastic read performance by 23 to 60% and 36 to 85%, and the elastic write performance by 180 to 468% and 188 to 611%, respectively.

Fan Lei,Junqi Chen,Yong Wang,Sijie Yang

DOI: https://doi.org/10.3390/electronics13030593

IF: 2.9

2024-02-01

Electronics

Abstract:Distributed storage systems such as Ceph have been widely adopted, with erasure coding technology being an essential fault-tolerance technique. While ensuring data reliability and security, it significantly reduces the cost of data storage. Due to the computational overhead and encoding latency introduced by the erasure coding process, the data encoding rate is often constrained. To address this issue, an FPGA-accelerated erasure coding encoding scheme in Ceph, based on an efficient layered strategy (FPGA-Accelerated Erasure Coding Encoding in Ceph with an Efficient Layered Strategy, LFEC-Accelerator), is proposed and implemented. This approach takes full advantage of FPGA's parallel computing capabilities to accelerate the erasure coding algorithm at the hardware level. Furthermore, to maximize the utilization of the FPGA controller's resources and ensure that all processing steps are properly managed and scheduled, our approach introduces a hierarchical structure comprising a communication interface layer, task scheduling layer, and hardware acceleration layer. Experimental results indicate that, under the same erasure coding configurations and file sizes, our solution outperforms native Ceph-supported erasure coding libraries such as Jerasure, Clay, Shec and ISA, with an encoding rate improvement of up to 3.04 times.

engineering, electrical & electronic,computer science, information systems,physics, applied

Fan Lei,Yong Wang,Junqi Chen,Sijie Yang

DOI: https://doi.org/10.3390/sym16060672

2024-05-31

Symmetry

Abstract:In the realm of Ceph distributed storage systems, ensuring swift and symmetrical data recovery during severe data corruption scenarios is pivotal for data reliability and system stability. This paper introduces an innovative FPGA-based Multi-Dimensional Elastic Recovery Acceleration method, termed AMDER-Ceph. Utilizing FPGA technology, this method is a pioneer in accelerating erasure code data recovery within such systems symmetrically. By harnessing the parallel computing power of FPGAs and optimizing Cauchy matrix binary operations, AMDER-Ceph significantly enhances data recovery speed and efficiency symmetrically. Our evaluations in real-world Ceph environments show that AMDER-Ceph achieves up to 4.84 times faster performance compared with traditional methods, especially evident in the standard 4 MB block size configurations of Ceph systems.

multidisciplinary sciences

Jinpeng Wang,Yang Wang,Hekang Wang,Kejiang Ye,Chengzhong Xu,Shuibing He,Lingfang Zeng

DOI: https://doi.org/10.1109/nas.2019.8834729

2019-01-01

Abstract:In this paper, we design an efficient deduplication algorithm based on the distributed storage architecture of Ceph. The algorithm uses on-line block-level data deduplication technology to complete data slicing, which neither affects the data storage process in Ceph nor alter other interfaces and functions in Ceph. Without relying on any central node, the algorithm maintains the characteristics of Ceph by designing a special hash object to store the data fingerprint, and uses the CRUSH algorithm to judge the data duplication based on calculation, instead of global search. The algorithm replaces the duplicate data with the deduplicated objects, which storage their fingerprints with less storage space. We compare the effects of different block sizes with respect to the performance and deduplication rates through experimental studies, and select the most appropriate block size in our prototype implementation. The experimental results show that the algorithm can not only effectively save the storage space but also improve the bandwidth utilization when reading and writing the duplicate data.

Moo-Ryong Ra

DOI: https://doi.org/10.48550/arXiv.1802.08102

2018-02-22

Distributed, Parallel, and Cluster Computing

Abstract:Hyper-converged cloud refers to an architecture that an operator runs compute and storage services on the same set of physical servers. Although the hyper-converged design comes with a number of benefits, it makes crucial operational tasks, such as capacity planning and cost analysis, fairly complicated. The problem becomes more onerous if we consider a complex distributed system, such as Ceph, for the cloud with the proliferation of SSD drives. In this paper, we aim to answer some of these questions based on comprehensive microbenchmarks, and consequently better understand the behavior of Ceph in a hyper-converged cloud with all-flash storage. We reported our findings based on the study, devised a cost model and compared the cost of hyper-converged architecture with dedicated storage architecture. Additionally we summarized our experience based on the interactions with many teams at AT&T in the past couple of years.

Evan F. Bollig,Graham T. Allan,Benjamin J. Lynch,Yectli A. Huerta,Mathew Mix,Edward A. Munsell,Raychel M. Benson,Brent Swartz

DOI: https://doi.org/10.1145/3219104.3219165

2018-07-23

Abstract:While traditional HPC has and continues to satisfy most workflows, a new generation of researchers has emerged looking for sophisticated, scalable, on-demand, and self-service control of compute infrastructure in a cloud-like environment. Many also seek safe harbors to operate on or store sensitive and/or controlled-access data in a high capacity environment. To cater to these modern users, the Minnesota Supercomputing Institute designed and deployed Stratus, a locally-hosted cloud environment powered by the OpenStack platform, and backed by Ceph storage. The subscription-based service complements existing HPC systems by satisfying the following unmet needs of our users: a) on-demand availability of compute resources, b) long-running jobs (i.e., $> 30$ days), c) container-based computing with Docker, and d) adequate security controls to comply with controlled-access data requirements. This document provides an in-depth look at the design of Stratus with respect to security and compliance with the NIH's controlled-access data policy. Emphasis is placed on lessons learned while integrating OpenStack and Ceph features into a so-called "walled garden", and how those technologies influenced the security design. Many features of Stratus, including tiered secure storage with the introduction of a controlled-access data "cache", fault-tolerant live-migrations, and fully integrated two-factor authentication, depend on recent OpenStack and Ceph features.

Distributed, Parallel, and Cluster Computing

Jiyang Zhang,Hanxu Hou,Kedan Li,Hui Li

DOI: https://doi.org/10.1109/BigData.2017.8258230

2017-01-01

Abstract:Ceph is a reliable, scalable, unified distributed storage system, and recently has become one of OpenStack's standard open source storage solutions. For the reason of the low performance, Ceph Filesystem (Cephfs) cannot employ erasure codes directly, especially for binary Reed-Solomon (BRS) codes, whose size of the parity block is larger than that of the data block. To address these problems, we implemented efficient BRS codes, and filled the gap between BRS codes and Cephfs by a simple conversion. In addition to that, an efficient framework consisting of filesystem, cache tier and storage tier was adopted in Ceph to ensure that the file data is finally stored with the erasure coding technology. The experimental results show that such a design spends a small amount of additional cost but obtains much better effects.

Jiwu Shu,Zhirong Shen,Wei Xue

DOI: https://doi.org/10.1016/j.jpdc.2014.06.003

IF: 4.542

2014-01-01

Journal of Parallel and Distributed Computing

Abstract:With the increasing amount of personal data stored in public storage, users are losing control of their physical data, putting their data information at risk of theft or being compromised. Traditional secure storage systems either require users to completely trust the storage provider or impose the considerable burden of managing files on file owners; such systems are inapplicable in the practical cloud environment. This paper addresses these challenging problems by proposing a new secure system architecture and implementing a stackable secure storage system named Shield, in which a proxy server is introduced to be in charge of authentication and access control. We propose a new variant of the Merkle Hash Tree to support efficient integrity checking and file content update; further, we have designed a hierarchical key organization to achieve convenient keys management and efficient permission revocation. Shield supports concurrent write access by employing a virtual linked list; it also provides secure file sharing without any modification to the underlying file systems. A series of evaluations over various real benchmarks show that Shield causes about 7%∼13% performance degradation when compared with eCryptfs but provides enhanced security for user’s data.

Shen Zhirong,Xue Mao,Xue Wei,Shu Jiwu

2011-01-01

Journal of Computer Research and Development

Abstract:With the development of network storage technology,how to protect the shared data from being intruded continues to grow in importance in the untrusted network storage environment.This paper presents the recently researches of shared secure file system and analyzes the Corslet secure file system proposed by our group.We give the description of the roles that play in Corslet and analyze the key approaches that are used in it.Meanwhile,this paper evaluates the performance of Corslet secure file system and takes some measures to optimize performance.By evaluating the operation of reading/writing big files in Corslet,we draw the conclusion that cryptographic overhead accounts for most of the overhead caused by reading writing operation.According to the conclusion,two optimizations are proposed which are to make improvement on the implementation of cryptographic algorithms and to use the new API of cryptographic functions.With the original Corslet secure file system optimizated by the two optimizations,the performance of reading/writing improve by 16% to 20% and 5% to 12% respectively evaluated by the benchmark of IOzone.

Wei-Zhe Zhang,Ibrahim A. Elgendy,Mohamed Hammad,Abdullah M. Iliyasu,Xiaojiang Du,Mohsen Guizani,Ahmed A. Abd El-Latif

DOI: https://doi.org/10.1109/jiot.2020.3042433

IF: 10.6

2021-05-15

IEEE Internet of Things Journal

Abstract:Mobile-edge computing (MEC) has emerged as a new computing paradigm with great potential to alleviate resource limitations attributed to mobile device users (MDUs) by offloading intensive computations to ubiquitous MEC server. However, most of the current offloading policies allow MDUs to transmit their tasks to the same connected small base stations (sBSs), which invariably increases latency and limits performance gain due to overload. Moreover, the security issue mitigating sensitive communication of information is not adequately addressed. Therefore, in this study, in addition to proposing a joint load balancing and computation offloading (CO) technique for MEC systems, we introduce a new security layer to circumvent potential security issues. First, a load balancing algorithm for efficient redistribution of MDUs among sBSs is proposed. In addition, a new advanced encryption standard (AES) cryptographic technique suffused with electrocardiogram (ECG) signal-based encryption and decryption key is presented as a security layer to safeguard the vulnerability of data during the transmission. Furthermore, an integrated model of load balancing, CO and security is formulated as a problem whose goal is to decrease the time and energy demands of the system. Detailed experimental results prove that our model with and without the additional security layers can save about 68.2% and 72.4% of system consumption compared to the local execution.

computer science, information systems,telecommunications,engineering, electrical & electronic

ByungRae Cha,Sun Park,JongWon Kim,SungBum Pan,JuHyun Shin

DOI: https://doi.org/10.1155/2018/1746809

IF: 1.968

2018-01-01

Security and Communication Networks

Abstract:The megatrends and Industry 4.0 in ICT (Information Communication & Technology) are concentrated in IoT (Internet of Things), BigData, CPS (Cyber Physical System), and AI (Artificial Intelligence). These megatrends do not operate independently, and mass storage technology is essential as large computing technology is needed in the background to support them. In order to evaluate the performance of high-capacity storage based on open source Ceph, we carry out the network performance test of Abyss storage with domestic and overseas sites using KOREN (Korea Advanced Research Network). And storage media and network bonding are tested to evaluate the performance of the storage itself. Additionally, the security test is demonstrated by Cuckoo sandbox and Yara malware detection among Abyss storage cluster and oversea sites. Lastly, we have proposed the draft design of Data Lake framework in order to solve garbage dump problem.

computer science, information systems,telecommunications

Wei Xue,JiWu Shu,Yang Liu,Mao Xue

DOI: https://doi.org/10.1007/s11432-011-4259-y

2011-01-01

Science China Information Sciences

Abstract:With the exponential growth of digital data, it is becoming more and more popular to store data in shared distributed storage systems inside the same organization. In such shared distributed storage systems, an ordinary user usually does not have the control permission over the whole system, and thus cannot secure data storage or data sharing of his own files. To solve this issue, this paper proposes a new system architecture to secure file storing and sharing efficiently over untrusted shared storage and network environments. Based on this architecture, this paper designs and implements a stackable secure storage system called Corslet. Corslet can run directly on deployed underlying storage systems without modification, while bringing end-to-end confidentiality and integrity as well as efficient access control for user data. For individual users, Corslet is easy to use, and does not require users to maintain or manage any keys on their client machines locally. The Bonnie++ and IOzone benchmark results show that the throughput of Corslet over NFS can achieve more than 90% of native NFS throughput in most tests, proving that Corslet can provide enhanced security for user data while maintaining acceptable performance.

Gabryel Mason-Williams,Dave Bond,Mark Basham

DOI: https://doi.org/10.48550/arXiv.2212.03054

2022-12-06

Distributed, Parallel, and Cluster Computing

Abstract:High Performance Compute (HPC) clusters often produce intermediate files as part of code execution and message passing is not always possible to supply data to these cluster jobs. In these cases, I/O goes back to central distributed storage to allow cross node data sharing. These systems are often high performance and characterised by their high cost per TB and sensitivity to workload type such as being tuned to small or large file I/O. However, compute nodes often have large amounts of RAM, so when dealing with intermediate files where longevity or reliability of the system is not as important, local RAM disks can be used to obtain performance benefits. In this paper we show how this problem was tackled by creating a RAM block that could interact with the object storage system Ceph, as well as creating a deployment tool to deploy Ceph on HPC infrastructure effectively. This work resulted in a system that was more performant than the central high performance distributed storage system used at Diamond reducing I/O overhead and processing time for Savu, a tomography data processing application, by 81.04% and 8.32% respectively.

K. Roslin Dayana,P. Shobha Rani

DOI: https://doi.org/10.1080/00051144.2023.2213564

IF: 1.79

2023-05-26

Automatika

Abstract:The environment of cloud computing provides several advantages and a variety of data storage models, which entirely frees users from the vexing processes of storage equipment upgradation and data administration. Nevertheless, the customers' primary worry is the safety of their data, and the literature offers a number of different security-based solutions for addressing this issue. This paper proposes a technique for time-efficient cloud data storage that makes use of keccak and Advanced Encryption Standard (AES) which enhances the data availability with a reasonable storage space. Third party agents are not employed, due to the fact that a third party cannot be relied upon to maintain a high level of data security. Thus, the proposed algorithm is applied by cloud users before the process of outsourcing is carried out. This method is resistant to data tamper and analytical attacks. In addition, the execution of the work that has been proposed requires a limited amount of time, which, in turn, minimizes the amount of energy that is required. In contrast to the already used algorithms, the presented work demonstrates superior performance in terms of its overall effectiveness.

automation & control systems,engineering, electrical & electronic

Zhijiang Zhang,Yanyong Zhang,Zhibing Wang

DOI: https://doi.org/10.1145/3617184.3618038

2023-01-01

Abstract:The technology of large-scale object storage is increasingly important in industrial applications. CEPH is widely used in enterprise object storage system because of its simple architecture and open source eco-system. However, in EB-level or huilarge-scale cluster expansion, CEPH could not provide multi-cluster aggregation service stably. In this paper, a EB-level data storage system based on CEPH is proposed. The key technologies is huge-metadata index server, bucket virtual mapping, cold and hot data laying and so on. These technologies enhance the system's performance, scalability, and query efficiency while also resolving data migration across different clusters and query-related problems, delivering a seamless user experience and maximum benefits. It can provide OSS (Object Storage Service) range from 10 billion to 100 billion to trillions in one object bucket, and solve the elastic expansion of object storage cluster and the storage cost at EB level storage cost.

Victor Chang,Muthu Ramachandran

DOI: https://doi.org/10.1109/tsc.2015.2491281

IF: 11.019

2016-01-01

IEEE Transactions on Services Computing

Abstract:Offering real-time data security for petabytes of data is important for cloud computing. A recent survey on cloud security states that the security of users' data has the highest priority as well as concern. We believe this can only be able to achieve with an approach that is systematic, adoptable and well-structured. Therefore, this paper has developed a framework known as Cloud Computing Adoption Framework (CCAF) which has been customized for securing cloud data. This paper explains the overview, rationale and components in the CCAF to protect data security. CCAF is illustrated by the system design based on the requirements and the implementation demonstrated by the CCAF multi-layered security. Since our Data Center has 10 petabytes of data, there is a huge task to provide real-time protection and quarantine. We use Business Process Modeling Notation (BPMN) to simulate how data is in use. The use of BPMN simulation allows us to evaluate the chosen security performances before actual implementation. Results show that the time to take control of security breach can take between 50 and 125 hours. This means that additional security is required to ensure all data is well-protected in the crucial 125 hours. This paper has also demonstrated that CCAF multi-layered security can protect data in real-time and it has three layers of security: 1) firewall and access control; 2) identity management and intrusion prevention and 3) convergent encryption. To validate CCAF, this paper has undertaken two sets of ethical-hacking experiments involved with penetration testing with 10,000 trojans and viruses. The CCAF multi-layered security can block 9,919 viruses and trojans which can be destroyed in seconds and the remaining ones can be quarantined or isolated. The experiments show although the percentage of blocking can decrease for continuous injection of viruses and trojans, 97.43 percent of them can be quarantined. Our CCAF multi-layered security has an average of 20 percent better performance than the single-layered approach which could only block 7,438 viruses and trojans. CCAF can be more effective when combined with BPMN simulation to evaluate security process and penetrating testing results.

computer science, information systems, software engineering

Xiangguo Li,JianHua Yang,Zhaohui Wu

DOI: https://doi.org/10.1007/11576259_15

2005-01-01

Abstract:This paper presents a security scheme for network-attached storage based on NFSv4 frame. One novel aspect of our system is that it enhances NFSv4 to guarantee the security of storage. Another novel feature is that we develop new user authentication mechanism which outperforms Kerberos. It uses HMAC and the symmetric cryptography to provide the integrity and privacy of transmitted data. The system includes three essential procedures: authenticating user, establishing security context and exchanging data. Our scheme can protect data from tampering, eavesdropping and replaying attacks, and it ensures that the data stored on the device is copy-resistant and encrypted. In spite of this level of security, the scheme does not impose much performance overhead. Our experiments show that large sequential reads or writes with security impose performance expense by 10-20%, which is much less than some other security systems.

Zhun Zhang,Xiang Wang,Qiang Hao,Dongdong Xu,Jinlei Zhang,Jiakang Liu,Jinhui Ma

DOI: https://doi.org/10.3390/mi12050560

IF: 3.4

2021-05-15

Micromachines

Abstract:Dynamic data security in embedded systems is raising more and more concerns in numerous safety-critical applications. In particular, the data exchanges in embedded Systems-on-Chip (SoCs) using main memory are exposing many security vulnerabilities to external attacks, which will cause confidential information leakages and program execution failures for SoCs at key points. Therefore, this paper presents a security SoC architecture with integrating a four-parallel Advanced Encryption Standard-Galois/Counter Mode (AES-GCM) cryptographic accelerator for achieving high-efficiency data processing to guarantee data exchange security between the SoC and main memory against bus monitoring, off-line analysis, and data tampering attacks. The architecture design has been implemented and verified on a Xilinx Virtex-5 Field Programmable Gate Array (FPGA) platform. Based on evaluation of the cryptographic accelerator in terms of performance overhead, security capability, processing efficiency, and resource consumption, experimental results show that the parallel cryptographic accelerator does not incur significant performance overhead on providing confidentiality and integrity protections for exchanged data; its average performance overhead reduces to as low as 2.65% on typical 8-KB I/D-Caches, and its data processing efficiency is around 3 times that of the pipelined AES-GCM construction. The reinforced SoC under the data tampering attacks and benchmark tests confirms the effectiveness against external physical attacks and satisfies a good trade-off between high-efficiency and hardware overhead.

chemistry, analytical,nanoscience & nanotechnology,instruments & instrumentation,physics, applied