Data Centers are evolving to adapt to emerging IT trends such as Big Data and Cloud Computing, which push for increased scalability and improved service availability. Among the side effects of this kind of evolution, the proliferation of new security breaches represents a major issue that usually does not get properly addressed since the focus tends to be kept on developing an innovative high-performance technology rather than making it secure. Consequently, new distributed applications deployed on Data Centers turn out to be vulnerable to malicious attacks. This paper analyzes the vulnerabilities of the gossip-based membership protocol used by Cassandra, a well-known distributed NoSQL Database. Cassandra is being widely employed as storage service in applications where very large data volumes have to be managed. An attack exploiting such weaknesses is presented, which impacts on Cassandra's availability by affecting both the latency and the successful outcome of requests. A lightweight solution is also proposed that prevents this threat from succeeding at the price of a negligible overhead. Copyright 2013 ACM.
Assessing data availability of cassandra in the presence of non-accurate membership / Aniello, Leonardo; Bonomi, Silvia; Marta, Breno; Baldoni, Roberto. - ELETTRONICO. - (2013), pp. 1-6. (Intervento presentato al convegno 2nd International Workshop on Dependability Issues in Cloud Computing, DISCCO 2013 tenutosi a Braga nel 30 September 2013 through 30 September 2013) [10.1145/2506155.2506157].
Assessing data availability of cassandra in the presence of non-accurate membership
ANIELLO, LEONARDO;BONOMI, Silvia;BALDONI, Roberto
2013
Abstract
Data Centers are evolving to adapt to emerging IT trends such as Big Data and Cloud Computing, which push for increased scalability and improved service availability. Among the side effects of this kind of evolution, the proliferation of new security breaches represents a major issue that usually does not get properly addressed since the focus tends to be kept on developing an innovative high-performance technology rather than making it secure. Consequently, new distributed applications deployed on Data Centers turn out to be vulnerable to malicious attacks. This paper analyzes the vulnerabilities of the gossip-based membership protocol used by Cassandra, a well-known distributed NoSQL Database. Cassandra is being widely employed as storage service in applications where very large data volumes have to be managed. An attack exploiting such weaknesses is presented, which impacts on Cassandra's availability by affecting both the latency and the successful outcome of requests. A lightweight solution is also proposed that prevents this threat from succeeding at the price of a negligible overhead. Copyright 2013 ACM.| File | Dimensione | Formato | |
|---|---|---|---|
|
VE_2013_11573-528722.pdf
solo gestori archivio
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
837.02 kB
Formato
Adobe PDF
|
837.02 kB | Adobe PDF | Contatta l'autore |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
