Assessing data availability of Cassandra in the presence of non-accurate membership

Authors:
Leonardo Aniello;Silvia Bonomi;Marta Breno;Roberto Baldoni
Affiliations:
University of Rome "La Sapienza", Rome, Italy;University of Rome "La Sapienza", Rome, Italy;University of Rome "La Sapienza", Rome, Italy;University of Rome "La Sapienza", Rome, Italy
Venue:
Proceedings of the 2nd International Workshop on Dependability Issues in Cloud Computing
Year:
2013

Citing 12
Cited 0

Implementing fault-tolerant services using the state machine approach: a tutorial

ACM Computing Surveys (CSUR)
Practical byzantine fault tolerance and proactive recovery

ACM Transactions on Computer Systems (TOCS)
The Sybil Attack

IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
Synchronous Byzantine quorum systems

Distributed Computing
Byzantine quorum systems

Distributed Computing
Brahms: byzantine resilient random membership sampling

Proceedings of the twenty-seventh ACM symposium on Principles of distributed computing
Cassandra: structured storage system on a P2P network

Proceedings of the 28th ACM symposium on Principles of distributed computing
Highly Available Intrusion-Tolerant Services with Proactive-Reactive Recovery

IEEE Transactions on Parallel and Distributed Systems
Secure peer sampling

Computer Networks: The International Journal of Computer and Telecommunications Networking
Practical Uniform Peer Sampling under Churn

ISPDC '10 Proceedings of the 2010 Ninth International Symposium on Parallel and Distributed Computing
An algorithm for implementing BFT registers in distributed systems with bounded churn

SSS'11 Proceedings of the 13th international conference on Stabilization, safety, and security of distributed systems
Security Issues in NoSQL Databases

TRUSTCOM '11 Proceedings of the 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Data Centers are evolving to adapt to emerging IT trends such as Big Data and Cloud Computing, which push for increased scalability and improved service availability. Among the side effects of this kind of evolution, the proliferation of new security breaches represents a major issue that usually does not get properly addressed since the focus tends to be kept on developing an innovative high-performance technology rather than making it secure. Consequently, new distributed applications deployed on Data Centers turn out to be vulnerable to malicious attacks. This paper analyzes the vulnerabilities of the gossip-based membership protocol used by Cassandra, a well-known distributed NoSQL Database. Cassandra is being widely employed as storage service in applications where very large data volumes have to be managed. An attack exploiting such weaknesses is presented, which impacts on Cassandra's availability by affecting both the latency and the successful outcome of requests. A lightweight solution is also proposed that prevents this threat from succeeding at the price of a negligible overhead.