MoSAIC Meeting at Eurecom, February 15th, 2005
The first section below summarizes the discussions held on February the 15th. The next section lists the discussions held during the next two days.
This section summarizes the main discussions held on February the 15th.
The meeting started at 10am with a talk of Ludovic Courtès presenting works in the area of collaborative backup over the Internet, as well as the result of several brainstorming sessions at LAAS regarding MoSAIC's desirable features and overall design. The slides of the talk are available online at http://www.laas.fr/mosaic/papers.html. The talk basically summarizes the contributions of various Internet-based cooperative backup systems such as Pastiche, and PeerStore [5,3,2,7].
The talk also sketched the ``mailbox'' or ``repository'' abstraction which has been thought of in previous meetings at LAAS. The mailbox or repository is basically a mechanism allowing for asynchronous data retrieval. A data saver ultimately sends backed up data to their owner's repository. The owner may eventually access its repository in order to restore his/her data. This abstraction fits both the push and pull models presented in the MPAC paper , depending on whether the repository is close to the owner or close to the data saver.
Yves Roudier then had a talk describing his plans with respect to the implementation of both cooperation incentives and trust establishment in MoSAIC, following the ideas expressed in the project proposal (the slides are also available from the website). His proposal for cooperation incentives is to have data owners `pay' data savers for whenever they want to store data for a certain time. Transactions could be made safe thanks to tamper-proof hardware and in particular smart-cards that should be used on both the owner-side and the saver-side. Additionally, Yves proposes that a trusted third-party (TTP) implements a reputation service online. The goal of this service would be to allow any participant to know whether a given participant is dishonest. Therefore, if one cheats (e.g. by unexpectedly aborting a transaction), others can eventually learn about it when they connect to the TTP.
Yves went on describing the first implementation of these mechanisms students have been working on. It uses JavaCards and a USB smart-card reader device.
In the afternoon, the attendees discussed the choice of a development platform. On one hand, several people emphasized the fact that the use of PDAs was seemingly on the decline while smartphones are becoming increasingly widespread. This yielded the questioning of the point in having such fully connected devices perform ad hoc cooperative backup when they could simply use the infrastructure. Several arguments were given in favor of the cooperative approach:
On the other hand, people at LAAS explained that GNU/Linux was considered a good choice as a first implementation platform for MoSAIC during previous meetings, notably because it is portable and already available on a wide range of hardware architectures (15 as of today). However, while there are GNU/Linux PDAs (such as Sharp's Zaurus) there are still few GNU/Linux-based smart-phones. However, several vendors announced the availability of such smart-phones shortly. Therefore, the choice of GNU/Linux as the main implementation platform will likely not prevent eventual experiments or demos on smart-phones.
Several relevant use cases of the cooperative backup system we envision were discussed.
This scenario looks like the most common use case. In such a scenario, a mobile device usually backs up its data using opportunistic ad hoc connections. Data may then be restored online, using the Internet.
In this scenario, both the back up and restoration processes are initiated using the ad hoc network. Ad hoc routing may optionally be used in order to allow for multi-hop communications. David Powell suggested that in such scenario, data owners may want to emphasize data locality by having back-up copies of their data kept by data savers available in their vicinity; data savers leaving an owner's vicinity may then be able to discard its data. Alternatively, there may be a chain of contributors (data savers) that contributed to the transport of a node's data all the way to the Internet.
This section summarizes the various discussions and brainstorming sessions that took place on Feb. the 16th and 17th with Y. Roudier, M-O. Killijian, L. Courtès and other people.
This section summarizes a brainstorming session held on Feb. 16th with Pietro Michiardi. The discussions tried to address the cooperation enforcement techniques that may be considered in MoSAIC. Pietro noted that, in order to protect from Sybil attacks (where the attacker benefits from the community-supported services by constantly renewing its identity), there must be no interest for an attacker in changing its identity. In other words, the reputation of a newcomer must be the lowest possible reputation so that a wrongdoer cannot wash its history by simply changing identities.
Cooperation may be enforced using some sort of ``reward''. This raised the question of when this rewarding should take place. Marc-Olivier and Pietro noted that there are four places where a contributor (a data saver) can be rewarded for its service:
Ernst Biersack, from Eurecom, is currently working on a Microsoft-supported cooperative backup system for local area networks. He noted that Microsoft is already working on such a system, called BitVault. Ernst mentioned the contribution of works such as Venti  in the area of fragmentation, dissemination, and data sharing with secrecy, all of which are relevant to cooperative backup.
In an attempt to try and define a generic programming interface between the backup subsystem and the "security" subsystems, Y. Roudier, M-O. Killijian and L. Courtès discussed the various mechanisms that may be used to solve MoSAIC's security concerns.
There are basically two security-related problems that need to be solved in systems that leverage cooperation among nodes with no prior trust relationship:
For this reason, Yves Roudier proposed the use of a reputation mechanism to help participating nodes know which nodes are trustworthy and which are not. Reputation information for each node would be updated by each node dealing with it, and then maintained and broadcasted by an online trusted third party (TTP).
In this scheme, both mechanisms are needed to fulfill the cooperation and trust requirements. However, M-O. Killijian and L. Courtès questioned the usefulness of a full-blown credit mechanism when a reputation mechanism is still needed. The idea is that good trust relationships may yield a good level of cooperation. For example, one may never refuse to cooperate with a good friend; however, collaborating with a stranger or a famous wrongdoer may obviously be much less systematic. Also, the more one interacts or cooperates with someone, the more one gets to trust or distrust him. Finally, the decision of whether to cooperate with someone is a function of both one's trust in the other and one's current situation: when one has lots of resources available, one does not mind cooperating with strangers since the risk is limited anyway; however, in times or resource scarcity, one may refuse to spend resources on behalf of a stranger.
Several papers discuss the use of a trust relationship or reputation model as a cooperation incentive [1,4]. These options look interesting, especially in the absence of a reachable central authority (TTP) as is the case in pure ad hoc mode. We agreed on the need to study related works more thoroughly.
|||C. Grothoff -- An Excess-Based Economic Model for Resource Allocation in Peer-to-Peer Networks -- Wirtschaftsinformatik, 3-2003June, 2003.|
|||E. Sit, J. Cates, R. Cox -- A DHT-based Backup System -- MIT Laboratory for Computer Science, August, 2003.|
|||J. Cooley, C. Taylor, A. Peacock -- ABS: The Apportioned Backup System -- MIT Laboratory for Computer Science, 2004.|
|||K. Lai, M. Feldman, J. Chuang, I. Stoica -- Incentives for Cooperation in Peer-to-Peer Networks -- Workshop on Economics of Peer-to-Peer Systems, 2003.|
|||L. P. Cox, B. D. Noble -- Pastiche: Making Backup Cheap and Easy -- Fifth USENIX Symposium on Operating Systems Design and Implementation, Boston, MA, USA, December, 2002, pp. 285--298.|
|||M-O. Killijian, D. Powell, M. Banâtre, P. Couderc, Y. Roudier -- Collaborative Backup for Dependable Mobile Applications -- Proceedings of 2nd International Workshop on Middleware for Pervasive and Ad-Hoc Computing (Middleware 2004), Toronto, Ontario, Canada, October, 2004, pp. 146--149.|
|||M. Landers, H. Zhang, K-L. Tan -- PeerStore: Better Performance by Relaxing in Peer-to-Peer Backup -- Proceedings of the Fourth International Conference on Peer-to-Peer Computing, Zurich, Switzerland, August, 2004, pp. 72--79.|
|||S. Quinlan, S. Dorward -- Venti: A New Approach to Archival Storage -- Proceedings of the First USENIX Conference on File and Storage Technologies, Monterey,CA, 2002, pp. 89--101.|
This HTML page was produced by Skribilo.
Last update: Wed Oct 25 15:30:22+0200 2006