[Back] [PDF]

Security-Aware Cache Management for Cluster Storage Systems

 

Mais Nijim, Xiao Qin, Ziliang Zong, Xiaojun Ruan, Kiranmai Bellam

 

Computer Science, School of Computing

The University of Southern Mississippi, Hattiesburg, MS 39406

{Mais.nijim, ahmed.abukmail}@usm.edu

 

Computer Science and Software Engineering

Auburn University, Auburn, AL  36849

{xqin, zz0003,xruan}@eng.auburn.edu

 

 Cluster storage systems have emerged as high-performance and cost-effective storage infrastructures for large-scale data-intensive applications. Although a large number of cluster storage systems have been implemented, the existing cluster storage systems lack a means to optimize quality of security in dynamically changing environments. We solve this problem by developing a security-aware cache management mechanism (or CaPaS for short) for cluster storage systems. CaPaS aims at achieving high security and desired performance for data-intensive applications running on clusters. CaPaS is used in combination with a security control mechanism that can adapt to changing security requirements and workload conditions, thereby providing high quality of security for cluster storage systems. CaPaS is comprised of a cache partitioning scheme, a response-time estimator, and an adaptive security quality controller. These three components help in increasing quality of security of cluster storage systems while allowing disk requests to be finished before their desired response times. To prove the efficiency of CaPaS, we simulate a cluster storage system into which CaPaS, eight cryptographic, and seven integrity services are integrated. Empirical results show that CaPaS significantly improves overall performance over two baseline strategies by up to 73% (with an average of 52%).

This paper appeared in the Proceedings of the 17th IEEE International Conference on Computer Communications and Networks (ICCCN), St. Thomas, Virgin Islands, Aug. 2008.

Corresponding author. http://www.eng.auburn.edu/~xqin

 

Acknowledgments: The work reported in this paper was supported by the US National Science Foundation under Grants No. CCF-0742187 and No. CNS-0713895, Auburn University under a startup grant, and the Intel Corporation under Grant No. 2005-04-070.