Person:
Liu,
Ling
Liu,
Ling
Permanent Link
Associated Organization(s)
Organizational Unit
ORCID
ArchiveSpace Name Record
Publication Search Results
Now showing
1 - 5 of 5
-
ItemEfficient and Secure Search of Enterprise File Systems(Georgia Institute of Technology, 2007) Singh, Aameek ; Srivatsa, Mudhakar ; Liu, LingWith fast paced growth of enterprise data, quickly locating relevant content has become a critical IT capability. Research has shown that nearly 85% of enterprise data lies in flat filesystems [12] that allow multiple users and user groups with different access privileges to underlying data. Any search tool for such large scale systems needs to be efficient and yet cognizant of the access control semantics imposed by the underlying filesystem. Current multiuser enterprise search techniques use two disjoint search and access-control components by creating a single system-wide index and simply filtering search results for access control. This approach is ineffective as the index and query statistics subtly leak private information. The other available approach of using separate indices for each user is undesirable as it not only increases disk consumption due to shared files, but also increases the overheads of updating the indices whenever a file changes. We propose a distributed approach that couples search and access-control into a unified framework and provides secure multiuser search. Our scheme (logically) divides data into independent access-privileges based chunks, called access-control barrels (ACB). ACBs not only manage security but also improve overall efficiency as they can be indexed and searched in parallel by distributing them to multiple enterprise machines. We describe the architecture of ACBs based search framework and propose two optimization technique that ensure the scalability of our approach. We also discuss other useful features of our approach – seamless integration with desktop search and an extenstion to provide secure search in untrusted storage service provider environments. We validate our approach with a detailed evaluation using industry benchmarks and real datasets. Our initial experiments show secure search with 38% improved indexing efficiency and low overheads for ACB processing.
-
ItemEnergy Efficient Exact kNN Search in Wireless Broadcast Environments(Georgia Institute of Technology, 2004-05-24) Gedik, Bugra ; Singh, Aameek ; Liu, LingThe advances in wireless communication and decreasing costs of mobile devices have enabled users to access desired information at any time. Coupled with positioning technologies like GPS, this opens up an exciting domain of location based services, allowing a mobile user to query for objects based on its current position. Main bottlenecks in such infrastructures are the draining of power of the mobile devices and the limited network bandwidth available. To alleviate these problems, broadcasting spatial information about relevant objects has been widely accepted as an efficient mechanism. An important class of queries for such an infrastructure is the k-nearest neighbor (kNN) queries, in which users are interested in k closest objects to their position. Most of the research in kNN queries, use unconventional broadcast indexes and provide only approximate kNN search. In this paper, we describe mechanisms to perform exact kNN search on conventional sequential-access R-trees, and optimize established kNN search algorithms. We also propose a novel use of histograms for guiding the search and derive analytical results on maximum queue size and node access count. In addition, we discuss the effects of different broadcast organizations on search performance and challenge the traditional use of Depth-First (dfs) organization. We also extend our mechanisms to support kNN search with non-spatial constraints. While we demonstrate our ideas using a broadcast index, they are equally applicable to any kind of sequential access medium like tertiary tape storage. We validate our mechanims through an extensive experimental analysis and present our findings.
-
ItemAgyaat: Providing Mutually Anonymous Services over Structured P2P Networks(Georgia Institute of Technology, 2004-03-23) Singh, Aameek ; Liu, LingIn the modern era of ubiquitous computing, privacy is one of the most critical user concerns. To prevent their privacy, users typically, try to remain anonymous to the service provider. This is especially true for decentralized Peer-to-Peer (P2P) systems, where common users act both as clients and as service providers. Preserving privacy in such cases requires mutual anonymity, which shields the users at both ends. Most unstructured P2P systems like Gnutella, Kazaa provide a certain level of anonymity through the use of a random overlay topology and a flooding based routing protocol, but suffer from the lack of guaranteed lookup of data. In contrast, most structured P2P systems like Chord, are Distributed Hash Table (DHT) based systems and provide guarantees that any stored data item can be found within a bounded number of hops. However, none of the existing DHT systems provide any mutual anonymity. In this paper, we present Agyaat - a decentralized P2P system that has the desired properties of privacy-preserving mutual anonymity and still accomplishes the performance benefits of scalable and guaranteed lookups. A unique characteristic of its design is its low-cost, yet highly effective approach to support mutual anonymity. Instead of adding explicit anonymity services to the network, Agyaat advocates the utilization of unstructured topologies, referred as clouds, over structured DHT overlays. Cloud topologies have an important feature of local query termination, which is critical to facilitate mutual anonymity. To overcome the drawbacks of typical Gnutella like systems, Agyaat introduces a number of novel mechanisms that enhance the scalability and efficiency of routing. Compared with existing pure DHT based systems, Agyaat provides mutual anonymity while ensuring similar routing performance (differing only by constants) in terms of both number of hops and aggregate messaging costs. We validate the Agyaat solution in two steps. First, we conduct a set of experiments to analyze the system performance and compare it with other popular pure DHT based systems. Second, we perform a thorough security (anonymity) analysis under the passive logging model. We discuss possible privacy compromising attacks and their impact, and propose various defenses to thwart such attacks.
-
ItemA Hybrid Access Model for Storage Area Networks(Georgia Institute of Technology, 2004) Singh, Aameek ; Voruganti, Kaladhar ; Gopisetty, Sandeep ; Pease, David ; Liu, LingWe present HSAN - a hybrid storage area network, which uses both in-band (like NFS) and out-of-band virtualization (like SAN FS) access models. Using hybrid servers that can serve as both metadata and NAS servers, HSAN intelligently decides the access model per each request, based on the characteristics of requested data. This hybrid model is implemented using low overhead cache-admission and cache-replacement schemes and aims to improve overall response times for a wide variety of workloads. Preliminary analysis of the hybrid model indicates performance improvements over both models.
-
ItemSecurity vs Performance: Tradeoffs using a Trust Framework(Georgia Institute of Technology, 2004) Singh, Aameek ; Voruganti, Kaladhar ; Gopisetty, Sandeep ; Pease, David ; Duyanovich, Linda ; Liu, LingWe present an architecture of a trust framework that can be utilized to intelligently tradeoff between security and performance in a SAN file system. The primary idea is to differentiate between various clients in the system based on their trustworthiness and provide them with different levels of security/performance. Client trustworthiness is evaluated dynamically using a customizable trust model by online monitoring of the client's behavior. We also describe the interface of the trust framework with a block level security solution for an out-of-band virtualization based SAN file system (SAN FS). The proposed framework can also be easily extended to provide differential treatment based on data sensitivity, using a configurable parameter of the trust model.