|Autor:||K. Jünemann||Links:||PDF-Version der DissertationDissertation bestellen|
|Quelle:||Dissertation, ISBN 978-3-7315-0328-6 , KIT Scientific Publishing, 2014|
A Multi-Party System is a distributed system in which not all components are controlled by the same party. Instead, multiple independent parties are involved, such as private companies or individual persons. With the advent of the cloud computing paradigm, today many, if not most large-scale IT systems are designed as Multi-Party Systems. For instance, renting storage, computing capacity, or services allows to reduce costs, to increase scalability, or to make the system easier to manage. As a result, a company often has to outsource their IT in order to stay competitive. With the recent publication of more and more commercial Peer-to-Peer (P2P) based applications, fully decentralized Multi-Party Systems are furthermore starting to leave their "piracy-driven" past behind. Despite their great advantages, Multi-Party Systems are plagued by issues caused by the lack of trust and control over individual components. Often, these issues have to be resolved in order to leverage the inherent strengths of Multi-Party Systems. It is thus essential to understand how one can cope with the lack of trust and control in Multi-Party Systems. In this thesis, we cover this question for two classes of Multi-Party Systems. The first part of this thesis covers a Database-as-a-Service scenario in which a database containing sensitive information should be outsourced to a not fully trusted storage provider while not only protecting data confidentiality but also allowing the storage provider to evaluate queries. To tackle this problem, the Securus approach is presented. Securus is able to provide hard confidentiality guarantees that match a profile of confidentiality and access requirements defined by the user in the domain specific language Securus-Latin. Securus satisfies this profile by selecting and combining a set of security mechanisms. To solve this optimization problem, it is transformed into an Integer Linear Programming (ILP) instance. As the user is not required to understand any of the eventually employed security mechanisms, Securus externalizes security knowledge and makes it applicable by non-security experts. The second part of this thesis covers public Distributed Hash Tables (DHTs). A DHT is a P2P network that allows to store and retrieve key/value pairs. Recently, public DHTs have established themselves as attractive platforms for fully decentralized applications. However, as public peers are not centrally controlled they are notoriously unreliable and have the potential to severely affect the DHT's performance. The second part of this thesis focuses on characterizing and dealing with this problem. In a first step, an in-depth characterization of the largest public DHT, the BitTorrent Mainline DHT (MDHT) is provided, including an analysis of the DHT's key operation, the lookup. Our characterization is based on a long-term measurement study covering more than four years. As key findings we not only identify that most properties of the MDHT slowly change over time but also that the MDHT is subject to sudden, drastic shifts that can be caused by seemingly insignificant problems, such as the unavailability of a single server. In order to allow developers of decentralized applications to better assess the impact of changing DHT characteristics on their application's performance, we developed KadSim, a simulation model of the MDHT. KadSim is capable of simulating the MDHT in its entirety. In our validation, the performance of twelve tested lookup algorithm variants could be predicted with sound accuracy. In order to also allow clients to cope better with unforeseeable sudden shifts in the DHT, an approach called Simulation-based Runtime Adaptation (SRA) is presented. It optimizes lookup performance dynamically by measuring the performance of a large number of alternative lookup algorithm configurations directly at run-time, using a full-factorial experimental design. The overhead of the approach has been reduced drastically by ``replaying'' repeatedly initiated requests in a simulation environment. Our evaluation confirms that the approach is not only very effective but also comes at low costs.