As computers become pervasive, an increasing number of information rich applications will be deployed in environments that include the home and community. Such applications will create, store and access sensitive and critical information. An enabling service that can be used to store and access such information will have to meet both security and performance requirements. For example, confidentiality will be most important for certain sensitive data objects whereas fast access to others in an emergency situation will be of paramount importance. The security and performance requirements will have to be met even when some nodes that implement the storage service are compromised or when some clients behave maliciously. Our approach to addressing the information storage and access needs of future applications includes a number of novel techniques. First, we are developing a flexible, agile and practical architecture for a distributed store that allows applications to specify and dynamically adapt their desired security and performance levels. Second, the agile nature of the service monitors potential compromises and reacts to them by adapting protocols and their parameters to respond to the suspected attacks. Finally, by exploring a variety of ubiquitous applications that need to access sensitive information, we are quantifying the overheads that are inherent when the conflicting goals of security and performance have to be reconciled.

The research project is designing, implementing and evaluating an integrated and agile architecture that will allow us to characterize the tradeoffs that are inherent in the operation of a secure storage service. Although techniques such as replication and secret sharing have been developed to address availability, performance or confidentiality requirements, a practical approach that integrates both with mechanisms such as asynchronous dissemination, periodic share renewal, and quorum systems poses many new challenges. Furthermore, we require that the overheads incurred by protocols that are developed to overcome such challenges must depend on the level of attacks or malicious activity. Such agility for the protocols can be driven by novel fault diagnosis and intrusion detection techniques that we are exploring in the context of a distributed storage service. Our fault diagnosis protocols detect compromised server nodes that implement the store. Intrusion detection is being used to detect malicious activity of client nodes that use the store. Our goal is to develop an architecture that provides the highest level of performance when no or few attacks are detected or suspected. As the number of compromised nodes increases or malicious attacks from clients are detected, our agile store protocols continue to maintain the security levels for sensitive data with potentially degraded levels of performance.

The results of our research will have broad impact on important classes of applications that will be deployed in the future. For example, we are working with a research group in the Aware Home project that is addressing future pervasive computing applications in the context of home and community to improve the quality of life for our citizens. This project is exploring how future homes can help older residents stay in their homes longer before they must move to assisted communities. Secure storage services that can be used to store and access sensitive and private information will be essential for enabling such applications.

The concepts described above have been implemented within a prototype file system, referred to as AgileFS. This file system incorporates secret sharing, Byzantine quorum systems, dissemination, failure and intrusion detection, reconfiguration, and adaptive protocol execution in an NSF environment. The file system further provides strong consistency for critical meta data, and authentication and authorization services. AgileFS is transparent to user applications and works by redirecting NFS calls on a client to a special AgileFS client agent. Preliminary performance results on Emulab show that AgileFS performance scales linearly with the number of data servers in the store while providing Byzantine fault-tolerant and confidential storage and retrieval of file metadata and data.