ABSTRACT
Data Centers are evolving to adapt to emerging IT trends such as Big Data and Cloud Computing, which push for increased scalability and improved service availability. Among the side effects of this kind of evolution, the proliferation of new security breaches represents a major issue that usually does not get properly addressed since the focus tends to be kept on developing an innovative high-performance technology rather than making it secure. Consequently, new distributed applications deployed on Data Centers turn out to be vulnerable to malicious attacks. This paper analyzes the vulnerabilities of the gossip-based membership protocol used by Cassandra, a well-known distributed NoSQL Database. Cassandra is being widely employed as storage service in applications where very large data volumes have to be managed. An attack exploiting such weaknesses is presented, which impacts on Cassandra's availability by affecting both the latency and the successful outcome of requests. A lightweight solution is also proposed that prevents this threat from succeeding at the price of a negligible overhead.
- R. Baldoni, S. Bonomi, and A. S. Nezhad. An algorithm for implementing bft registers in distributed systems with bounded churn. In SSS'11, 2011. Google ScholarDigital Library
- R. Baldoni, M. Platania, L. Querzoni, and S. Scipioni. Practical uniform peer sampling under churn. In ISPDC '10, 2010. Google ScholarDigital Library
- R. A. Bazzi. Synchronous byzantine quorum systems. Distributed Computing, 13(1):45--52, Jan. 2000. Google ScholarDigital Library
- E. Bortnikov, M. Gurevich, I. Keidar, G. Kliot, and A. Shraer. Brahms: byzantine resilient random membership sampling. In PODC '08, 2008. Google ScholarDigital Library
- M. Castro and B. Liskov. Practical byzantine fault tolerance and proactive recovery. ACM Trans. Comput. Syst., 20(4):398--461, Nov. 2002. Google ScholarDigital Library
- Cisco Systems. Cisco Annual Security Report, 2013. Available: http://www.cisco.com/en/US/prod/vpndevc/annual_security_report.html.Google Scholar
- DataStax. Case Study: Adobe, 2011. Available: http://www.datastax.com/wp-content/uploads/2012/11/DataStax-CS-Adobe.pdf.Google Scholar
- J. R. Douceur. The sybil attack. In First International Workshop on Peer-to-Peer Systems, IPTPS '01, pages 251--260, London, UK, UK, 2002. Springer-Verlag. Google ScholarDigital Library
- G. P. Jesi, A. Montresor, and M. van Steen. Secure peer sampling. Computer Networks, 2010. Google ScholarDigital Library
- A. Lakshman and P. Malik. Cassandra: structured storage system on a p2p network. In PODC '09, 2009. Google ScholarDigital Library
- D. Malkhi and M. Reiter. Byzantine quorum systems. Distributed Computing, 11(4):203--213, Oct. 1998. Google ScholarDigital Library
- Netflïx. Astyanax, Cassandra Java client, 2012. Project Homepage: https://github.com/Netflix/astyanax.Google Scholar
- L. Okman, N. Gal-Oz, Y. Gonen, E. Gudes, and J. Abramov. Security issues in nosql databases. In TRUSTCOM '11, 2011. Google ScholarDigital Library
- F. B. Schneider. Implementing fault-tolerant services using the state machine approach: a tutorial. ACM Computing Surveys, 22(4):299--319, Dec. 1990. Google ScholarDigital Library
- P. Sousa, A. Bessani, M. Correia, N. Neves, and P. Verissimo. Highly available intrusion-tolerant services with proactive-reactive recovery. Parallel and Distributed Systems, IEEE Transactions on, 2010. Google ScholarDigital Library
- Symantec Corporation. State of the Data Center Survey, Global Results, 2012. Available: http://bit.ly/OHGNw0.Google Scholar
- Assessing data availability of Cassandra in the presence of non-accurate membership
Recommendations
Cassandra: a decentralized structured storage system
Cassandra is a distributed storage system for managing very large amounts of structured data spread out across many commodity servers, while providing highly available service with no single point of failure. Cassandra aims to run on top of an ...
Comments