Person:
Liu,
Ling
Liu,
Ling
Permanent Link
Associated Organization(s)
Organizational Unit
ORCID
ArchiveSpace Name Record
4 results
Publication Search Results
Now showing
1 - 4 of 4
-
ItemEfficient and Secure Search of Enterprise File Systems(Georgia Institute of Technology, 2007) Singh, Aameek ; Srivatsa, Mudhakar ; Liu, LingWith fast paced growth of enterprise data, quickly locating relevant content has become a critical IT capability. Research has shown that nearly 85% of enterprise data lies in flat filesystems [12] that allow multiple users and user groups with different access privileges to underlying data. Any search tool for such large scale systems needs to be efficient and yet cognizant of the access control semantics imposed by the underlying filesystem. Current multiuser enterprise search techniques use two disjoint search and access-control components by creating a single system-wide index and simply filtering search results for access control. This approach is ineffective as the index and query statistics subtly leak private information. The other available approach of using separate indices for each user is undesirable as it not only increases disk consumption due to shared files, but also increases the overheads of updating the indices whenever a file changes. We propose a distributed approach that couples search and access-control into a unified framework and provides secure multiuser search. Our scheme (logically) divides data into independent access-privileges based chunks, called access-control barrels (ACB). ACBs not only manage security but also improve overall efficiency as they can be indexed and searched in parallel by distributing them to multiple enterprise machines. We describe the architecture of ACBs based search framework and propose two optimization technique that ensure the scalability of our approach. We also discuss other useful features of our approach – seamless integration with desktop search and an extenstion to provide secure search in untrusted storage service provider environments. We validate our approach with a detailed evaluation using industry benchmarks and real datasets. Our initial experiments show secure search with 38% improved indexing efficiency and low overheads for ACB processing.
-
ItemScalable Access Control in Content-Based Publish-Subscribe Systems(Georgia Institute of Technology, 2006) Srivatsa, Mudhakar ; Liu, LingContent-based publish-subscribe (pub-sub) systems are an emerging paradigm for building a large number of distributed systems. Access control in a pub-sub system refers to secure distribution of events to clients subscribing to those events without revealing its secret attributes to the unauthorized subscribers. To provide confidentiality guarantees the secret attributes in an event is encrypted so that only authorized subscribers can read them. However, in a content-based pub-sub system, every event can potentially have a different set of authorized subscribers. In the worst case, for NS subscribers, there are 2^NS subgroups, and each event can potentially go to a different subgroup. Hence, efficient key management is a big challenge for implementing access control in pub-sub systems. In this paper, we describe efficient and scalable key management algorithms for securely implementing access control rules in pub-sub systems. We ensure that the key management cost is linear in the number of subscriptions and completely independent of the number of subscribers NS. We present a concrete implementation of our proposal on an operational pub-sub system. An experimental evaluation of our prototype shows that our proposal meets the security requirements while maintaining the scalability and performance of the pub-sub system.
-
ItemCountering Targeted File Attacks Using Location Keys(Georgia Institute of Technology, 2004) Srivatsa, Mudhakar ; Liu, LingServerless distributed computing has received significant attention from both the industry and research community. One of its typical applications is wide area network file systems like CFS [1], Farsite [2] and OceanStore [3]. A unique feature of these file systems is that they are serverless. They store files on a large collection of untrusted nodes that form an overlay network. They use cryptographic techniques to secure files from malicious nodes. However, most of these distributed file systems are vulnerable to targeted file attacks, wherein an adversary attempts to attack a small (chosen) set of files in the system. This paper presents location keys as a technique for countering targeted file attacks. Location keys can be used to not only provide traditional cryptographic guarantees like file confidentiality and integrity, but also (i) mitigate Denial-of-Service (DoS) and host compromise attacks, (ii) construct an efficient file access control mechanism, and (iii) add almost zero performance overhead and very minimal storage overhead to the system. We also study several potential inference attacks on location keys and present solutions that guard the file system from such attacks.
-
ItemImproving Peer to Peer Search With Multi-Tier Capability-Aware Overlay Topologies(Georgia Institute of Technology, 2003) Srivatsa, Mudhakar ; Gedik, Bugra ; Liu, LingThe P2P model has many potential advantages (e.g., large scale, fault-tolerance, low cost of administration and maintenance) due to the design flexibility of overlay networks and the decentralized management of cooperative sharing of information and resources. However, the mismatch between the randomly constructed overlay network topology (combined with its broadcast-style message forwarding infrastructure) and the underlying packet routing introduces difficult performance problems, exemplified by the Short-Cut Effect. This paper presents two peer-to-peer (P2P) system-level facilities to address the problems. First, we propose a capability-aware mechanism to structure the overlay topology in the form of layers that takes peer heterogeneity into account. Second, we develop a Probabilistic Broadening search technique, empowered with capability-sensitive query forwarding scheme which integrates gracefully with result caching techniques to improve the search performance of a P2P! system. We believe that efforts on bridging the gap (mismatch) between overlay networks and underlying Internet will bring P2P services beyond pure ``best effort'' and closer to serious applications with quality of service requirements.