|
A Secure, Structured, Distributed Caching System for Providing Availability of Mission-Critical Reference Data
November 2009
Robert C. Durst, The MITRE Corporation
Sushil Jajodia, The MITRE Corporation
Alessandro Mei, The MITRE Corporation
Susan F. Symington, The MITRE Corporation
ABSTRACT
Mission-critical information is typically stored in the clear on some trusted portion of a network and only encrypted when sent elsewhere. If the network is penetrated, the
information becomes vulnerable to disclosure, modification, and deletion, thus jeopardizing the mission. In response to such an attack or the imminent threat of attack, the information may be disconnected from the network, but the resulting lack of availability may also jeopardize the mission. We define requirements for a data caching system that is designed to maintain availability of mission-critical reference information, despite network penetration by an adversary, without sacrificing the information's security. We describe a basic network model and three alternative caching architectures to address these requirements: a secure, centralized (SCCA); a secure, unstructured, distributed (SUDCA); and a secure, structured, distributed (SSDCA) caching architecture. We define availability and confidentiality models and apply them to characterize these three architectures and compare their relative performance. We show that the SSDCA outperforms the alternatives in providing data availability and data confidentiality, assuming the
compromise of data caches and the presence of eavesdropping. Lastly, we recommend related areas for further exploration.
Additional Search Keywords
Distributed Caching, Erasure Coding, Fragmentation, Confidentiality, Integrity, Availability, Resiliency
|
