DOCSLIB.ORG

Keypad: an Auditing File System for Theft-Prone Devices

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Keypad: an Auditing File System for Theft-Prone Devices Keypad: An Auditing File System for Theft-Prone Devices Roxana Geambasu John P. John Steven D. Gribble Tadayoshi Kohno Henry M. Levy University of Washington roxana, jjohn, gribble, yoshi, [email protected] Abstract annually in U.S. airports alone [Ponemon Institute 2008], This paper presents Keypad, an auditing file system for theft- and dry cleaners in the U.K. found over 4,000 USB sticks prone devices, such as laptops and USB sticks. Keypad pro- in pockets in 2009 [Sorrel 2010]. The loss of such devices vides two important properties. First, Keypad supports fine- is most concerning for organizations and individuals storing grained file auditing: a user can obtain explicit evidence that confidential information, such as medical records, social se- no files have been accessed after a device’s loss. Second, curity numbers (SSNs), and banking information. a user can disable future file access after a device’s loss, Conventional wisdom suggests that standard encryption even in the absence of device network connectivity. Key- systems, such as BitLocker, PGP Whole Disk Encryption, pad achieves these properties by weaving together encryp- and TrueCrypt, can protect confidential information. Un- tion and remote key storage. By encrypting files locally but fortunately, encryption alone is sometimes insufficient to storing encryption keys remotely, Keypad requires the in- meet users’ needs, for two reasons. First, traditional en- volvement of an audit server with every protected file access. cryption systems can and do fail in the world of real users. By alerting the audit server to refuse to return a particular As described in the seminal paper “Why Johnny Can’t En- file’s key, the user can prevent new accesses after theft. crypt” [Whitten 1999], security and usability are often at We describe the Keypad architecture, a prototype imple- odds. Users find it difficult to create, remember, and manage mentation on Linux, and our evaluation of Keypad’s perfor- passphrases or keys. As an example, a password-protected mance and auditing fidelity. Our results show that Keypad USB stick containing private medical information about overcomes the challenges posed by slow networks or discon- prison inmates was lost along with a sticky note revealing nection, providing clients with usable forensics and control its password [Savage 2009]. Encrypted file systems often for their (increasingly) missing mobile devices. rely on a locally stored key that is protected by a user’s passphrase. User passphrases are known to be insecure; a Categories and Subject Descriptors D.4.6 [Operating Sys- recent study of consumer Web passwords found the most tems]: Security and Protection common one to be “123456” [Imperva 2010]. Finally, in the hands of a motivated data thief, devices are open to physical General Terms design, performance, security attacks on memory or cold-boot attacks [Halderman 2008] Keywords Keypad, auditing, file system, theft-prone to retrieve passphrases or keys. Even physical attacks on TPMs and “tamper-resistant” hardware are possible [Ander- 1. Introduction son 1996, Robertson 2010]. Second, when encryption fails, it fails silently; an attacker Laptops, USB memory sticks, and other mobile comput- might circumvent the encryption without the data owner ever ing devices greatly facilitate on-the-go productivity and the learning of the access. The use of conventional encryption transport, storage, sharing, and mobile use of information. can therefore lead mobile device owners into a false sense Unfortunately, their mobile nature and small form factors of protection. For example, a hospital losing a laptop with also make them highly susceptible to loss or theft. As ex- encrypted patient information might not notify patients of ample statistics, one in ten laptops is lost or stolen within its loss, even if the party finding the device has circumvented a year of purchase [Nusca 2009], 600,000 laptops are lost the encryption and accessed that information. This paper presents the design, implementation, and eval- uation of Keypad, a file system for loss- and theft-prone Permission to make digital or hard copies of all or part of this work for personal or mobile devices that addresses these concerns. The principal classroom use is granted without fee provided that copies are not made or distributed goal of Keypad is to provide explicit evidence that protected for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute data in a lost device either has or has not been exposed af- to lists, requires prior specific permission and/or a fee. ter loss. Specifically, someone who obtains a lost or stolen EuroSys’11, April 10–13, 2011, Salzburg, Austria. Keypad device cannot read or write files on the device with- Copyright c 2011 ACM 978-1-4503-0634-8/11/04. $10.00 1 out triggering the creation of access log entries on a remote techniques from cryptography, including identity-based en- server. This property holds even if the person finding the de- cryption [Boneh 2001, Shamir 1985]. vice also finds a note with the device’s encryption password. We begin with a description of Keypad’s motivation and Keypad’s forensic logs are detailed and fine grained. For goals in the following section. Keypad’s architecture is pre- example, a curious individual who finds a laptop at the cof- sented in Section 3 and its implementation in Section 4. Sec- fee shop and seeks to learn its owner might register audit tion 5 provides a detailed evaluation of our prototype and records for files in the home directory, but not for unaccessed Section 6 discusses its security. Section 7 reviews related confidential medical records also stored on the device. How- work and we conclude in Section 8. ever, the professional data thief will register accesses to all of the specific confidential medical files that they view. Fur- 2. Motivation and Goals thermore, Keypad lets device owners disable access to files Keypad is designed to increase assurances offered to owners on the mobile devices once they realize their devices have of lost or stolen mobile devices. The mobile devices might been lost or stolen, even if the devices have no network con- have computational capabilities (e.g., laptops and phones) or nectivity, such as USB memory sticks (in contrast to systems might be simple storage devices (e.g., USB sticks). We view like Apple’s MobileMe). Keypad as particularly valuable to users storing personal or Keypad’s basic technique is simple yet powerful: it tightly corporate documents, banking information, SSNs, medical entangles the process of file access with logging on a remote records, and other highly sensitive data. auditing server. To do this, Keypad encrypts protected files with file-specific keys whose corresponding decryption keys Examples. We provide two brief motivating examples. Al- are located on the server. Users never learn Keypad’s de- ice is a businesswoman who carries a corporate laptop that cryption keys and thus they cannot choose weak passwords stores documents containing trade secrets. Alice’s IT depart- or accidentally reveal them; it is therefore computationally ment installs Keypad on the laptop, configuring it to track all infeasible for an attacker to decrypt a file without leaving ev- accesses to files in her “corporate documents” folder. After idence in the log. When a file operation is invoked, Keypad returning to her hotel from a two-hour dinner, Alice notices logs the file operation remotely, temporarily downloads the that her laptop is missing. She immediately reports the loss key to access the file, and securely erases it shortly thereafter. to her IT department, which disables any future access to Keypad is implemented on top of a traditional encrypted file files in the corporate documents folder. The IT department system; obviously users should choose strong passwords (or also produces an audit log of all files accessed within the use secure tokens, etc.) for that underlying file system, but two-hour window since she last controlled her laptop, con- Keypad provides a robust forensic trail of files accessed even firming that no sensitive files were accessed. if users choose weak passwords or the traditional system’s As a second example, at tax preparation time, Bob scans keys are otherwise compromised. all of his tax documents, places them on a USB stick, en- While conceptually simple, making this vision practical crypts it with a password, and physically hands the stick and presents significant technical challenges and difficult trade- password to his accountant. A few weeks later, Bob can no offs. For example, neither the user nor Keypad can pre- longer find his thumb drive and can’t remember whether his dict when a device will be lost or stolen. As a result, the accountant kept it or whether he lost it in the intervening system must provide both an accurate fine-grained forensic weeks. Fortunately, Bob’s stick was protected with Keypad record, which is critical after loss, and acceptable perfor- and Bob uses a Web service provided by his drive manufac- mance, which is critical prior to loss. turer to view an audit log of all accesses to the drive. He sees The tension between performance and forensics is per- that there were many accesses to his tax files over the pre- vasive. As an example, consider the creation of a file. For vious week and he learns the IP addresses from which those forensic purposes, a na¨ıve Keypad architecture might first accesses were made. Bob therefore places fraud alerts on his pre-register newly created files and their corresponding keys financial accounts and notifies the appropriate authorities. with the remote server prior to writing any new data to those In these scenarios, users benefit from additional advan- files.
Load more

Recommended publications
  • Globalfs: a Strongly Consistent Multi-Site File System
    GlobalFS: A Strongly Consistent Multi-Site File System Leandro Pacheco Raluca Halalai Valerio Schiavoni University of Lugano University of Neuchatelˆ University of Neuchatelˆ Fernando Pedone Etienne Riviere` Pascal Felber University of Lugano University of Neuchatelˆ University of Neuchatelˆ Abstract consistency, availability, and tolerance to partitions. Our goal is to ensure strongly consistent file system operations This paper introduces GlobalFS, a POSIX-compliant despite node failures, at the price of possibly reduced geographically distributed file system. GlobalFS builds availability in the event of a network partition. Weak on two fundamental building blocks, an atomic multicast consistency is suitable for domain-specific applications group communication abstraction and multiple instances of where programmers can anticipate and provide resolution a single-site data store. We define four execution modes and methods for conflicts, or work with last-writer-wins show how all file system operations can be implemented resolution methods. Our rationale is that for general-purpose with these modes while ensuring strong consistency and services such as a file system, strong consistency is more tolerating failures. We describe the GlobalFS prototype in appropriate as it is both more intuitive for the users and detail and report on an extensive performance assessment. does not require human intervention in case of conflicts. We have deployed GlobalFS across all EC2 regions and Strong consistency requires ordering commands across show that the system scales geographically, providing replicas, which needs coordination among nodes at performance comparable to other state-of-the-art distributed geographically distributed sites (i.e., regions). Designing file systems for local commands and allowing for strongly strongly consistent distributed systems that provide good consistent operations over the whole system.
    [Show full text]
  • Using the Andrew File System on *BSD [email protected], Bsdcan, 2006 Why Another Network Filesystem
    Using the Andrew File System on *BSD [email protected], BSDCan, 2006 why another network filesystem 1-slide history of Andrew File System user view admin view OpenAFS Arla AFS on OpenBSD, FreeBSD and NetBSD Filesharing on the Internet use FTP or link to HTTP file interface through WebDAV use insecure protocol over vpn History of AFS 1984: developed at Carnegie Mellon 1989: TransArc Corperation 1994: over to IBM 1997: Arla, aimed at Linux and BSD 2000: IBM releases source 2000: foundation of OpenAFS User view <1> global filesystem rooted at /afs /afs/cern.ch/... /afs/cmu.edu/... /afs/gorlaeus.net/users/h/hugo/... User view <2> authentication through Kerberos #>kinit <username> obtain krbtgt/<realm>@<realm> #>afslog obtain afs@<realm> #>cd /afs/<cell>/users/<username> User view <3> ACL (dir based) & Quota usage runs on Windows, OS X, Linux, Solaris ... and *BSD Admin view <1> <cell> <partition> <server> <volume> <volume> <server> <partition> Admin view <2> /afs/gorlaeus.net/users/h/hugo/presos/afs_slides.graffle gorlaeus.net /vicepa fwncafs1 users hugo h bram <server> /vicepb Admin view <2a> /afs/gorlaeus.net/users/h/hugo/presos/afs_slides.graffle gorlaeus.net /vicepa fwncafs1 users hugo /vicepa fwncafs2 h bram Admin view <3> servers require KeyFile ~= keytab procedure differs for Heimdal: ktutil copy MIT: asetkey add Admin view <4> entry in CellServDB >gorlaeus.net #my cell name 10.0.0.1 <dbserver host name> required on servers required on clients without DynRoot Admin view <5> File locking no databases on AFS (requires byte range locking)
    [Show full text]
  • Filesystems HOWTO Filesystems HOWTO Table of Contents Filesystems HOWTO
    Filesystems HOWTO Filesystems HOWTO Table of Contents Filesystems HOWTO..........................................................................................................................................1 Martin Hinner < [email protected]>, http://martin.hinner.info............................................................1 1. Introduction..........................................................................................................................................1 2. Volumes...............................................................................................................................................1 3. DOS FAT 12/16/32, VFAT.................................................................................................................2 4. High Performance FileSystem (HPFS)................................................................................................2 5. New Technology FileSystem (NTFS).................................................................................................2 6. Extended filesystems (Ext, Ext2, Ext3)...............................................................................................2 7. Macintosh Hierarchical Filesystem − HFS..........................................................................................3 8. ISO 9660 − CD−ROM filesystem.......................................................................................................3 9. Other filesystems.................................................................................................................................3
    [Show full text]
  • A Persistent Storage Model for Extreme Computing Shuangyang Yang Louisiana State University and Agricultural and Mechanical College
    Louisiana State University LSU Digital Commons LSU Doctoral Dissertations Graduate School 2014 A Persistent Storage Model for Extreme Computing Shuangyang Yang Louisiana State University and Agricultural and Mechanical College Follow this and additional works at: https://digitalcommons.lsu.edu/gradschool_dissertations Part of the Computer Sciences Commons Recommended Citation Yang, Shuangyang, "A Persistent Storage Model for Extreme Computing" (2014). LSU Doctoral Dissertations. 2910. https://digitalcommons.lsu.edu/gradschool_dissertations/2910 This Dissertation is brought to you for free and open access by the Graduate School at LSU Digital Commons. It has been accepted for inclusion in LSU Doctoral Dissertations by an authorized graduate school editor of LSU Digital Commons. For more information, please [email protected]. A PERSISTENT STORAGE MODEL FOR EXTREME COMPUTING A Dissertation Submitted to the Graduate Faculty of the Louisiana State University and Agricultural and Mechanical College in partial fulfillment of the requirements for the degree of Doctor of Philosophy in The Department of Computer Science by Shuangyang Yang B.S., Zhejiang University, 2006 M.S., University of Dayton, 2008 December 2014 Copyright © 2014 Shuangyang Yang All rights reserved ii Dedicated to my wife Miao Yu and our daughter Emily. iii Acknowledgments This dissertation would not be possible without several contributions. It is a great pleasure to thank Dr. Hartmut Kaiser @ Louisiana State University, Dr. Walter B. Ligon III @ Clemson University and Dr. Maciej Brodowicz @ Indiana University for their ongoing help and support. It is a pleasure also to thank Dr. Bijaya B. Karki, Dr. Konstantin Busch, Dr. Supratik Mukhopadhyay at Louisiana State University for being my committee members and Dr.
    [Show full text]
  • Comparative Analysis of Distributed and Parallel File Systems' Internal Techniques
    Comparative Analysis of Distributed and Parallel File Systems’ Internal Techniques Viacheslav Dubeyko Content 1 TERMINOLOGY AND ABBREVIATIONS ................................................................................ 4 2 INTRODUCTION......................................................................................................................... 5 3 COMPARATIVE ANALYSIS METHODOLOGY ....................................................................... 5 4 FILE SYSTEM FEATURES CLASSIFICATION ........................................................................ 5 4.1 Distributed File Systems ............................................................................................................................ 6 4.1.1 HDFS ..................................................................................................................................................... 6 4.1.2 GFS (Google File System) ....................................................................................................................... 7 4.1.3 InterMezzo ............................................................................................................................................ 9 4.1.4 CodA .................................................................................................................................................... 10 4.1.5 Ceph.................................................................................................................................................... 12 4.1.6 DDFS ..................................................................................................................................................
    [Show full text]
  • Using the Andrew File System with BSD
    Using the Andrew File System with BSD H. Meiland May 4, 2006 Abstract Since the beginning of networks, one of the basic idea’s has been sharing of files; even though with the Internet as advanced as today, simple platform independent file sharing is not common. Why is the closest thing we use WebDAV, a ’neat trick over http’, instead of a real protocol? In this paper the Andrew File System will be described which has been (and is) the file sharing core of many universities and companies world- wide. Also the reason for it’s relative unawareness in the community will be answered, and it’s actual features and performance in comparison with alternative network filesystems. Finally some information will be given on how to use it with our favorite OS: BSD. 1 History • 1984 Carnegie Mellon University, first release • 1989 TransArc Corporation formed by part of original team members • 1994 TransArc purchased by IBM • 1997 Start of Arla development at stacken.kth.se • 2000 IBM releases AFS in opensource (IBM License) • 2000 http://www.OpenAFS.org • 2006 good support for lot’s of platforms, many new features etc. 1 2 Overview 2.1 User point of view 2.1.1 Global namespace While discussing global filesystem, it is easy to dive into a organization, and explain wonderfull features like having replicas of often accessed data in branch-offices, and moving home-directories to local fileservers when mov- ing employees between departments. An essential feature of AFS is often overlooked: a common root as accesspoint of all AFS stored data.
    [Show full text]
  • Zfs-Ascalabledistributedfilesystemusingobjectdisks
    zFS-AScalableDistributedFileSystemUsingObjectDisks Ohad Rodeh Avi Teperman [email protected] [email protected] IBM Labs, Haifa University, Mount Carmel, Haifa 31905, Israel. Abstract retrieves the data block from the remote machine. zFS also uses distributed transactions and leases, instead of group- zFS is a research project aimed at building a decentral- communication and clustering software. We intend to test ized file system that distributes all aspects of file and stor- and show the effectiveness of these two features in our pro- age management over a set of cooperating machines inter- totype. connected by a high-speed network. zFS is designed to be zFS has six components: a Front End (FE), a Cooper- a file system that scales from a few networked computers to ative Cache (Cache), a File Manager (FMGR), a Lease several thousand machines and to be built from commodity Manager (LMGR), a Transaction Server (TSVR), and an off-the-shelf components. Object Store (OSD). These components work together to The two most prominent features of zFS are its coop- provide applications/users with a distributed file system. erative cache and distributed transactions. zFS integrates The design of zFS addresses, and is influenced by, issues the memory of all participating machines into one coher- of fault tolerance, security and backup/mirroring. How- ent cache. Thus, instead of going to the disk for a block ever, in this article, we focus on the zFS high-level archi- of data already in one of the machine memories, zFS re- tecture and briefly describe zFS’s fault tolerance character- trieves the data block from the remote machine.
    [Show full text]
  • Performance and Extension of User Space File Introduction (1 of 2) Introduction (2 of 2) Introduction
    4/15/2014 Introduction (1 of 2) Performance and Extension of • Developing in-kernel file systems challenging User Space File – Understand and deal with kernel code and data structures – Steep learning curve for kernel development Aditya Raigarhia and Ashish Gehani • No memory protection Stanford and SRI • No use of debuggers • Must be in C • No standard C library • ACM Symposium on Applied Computing (SAC) In-kernel implementations not so great Sierre, Switzerland, March 22-26, 2010 – Porting to other flavors of Unix can be difficult – Needs root to mount – tough to use/test on servers Introduction (2 of 2) Introduction - FUSE • • Modern file system research adds functionality File system in USEr space (FUSE) – framework for Unix- like OSes over basic systems, rather than designing low- • level systems Allows non-root users to develop file systems in user space – Ceph [37] – distributed file system for performance • and reliability – uses client in users space API for interface with kernel, using fs-type operations • • Programming in user space advantages Many different programming language bindings • FUSE file systems can be mounted by non-root users – Wide range of languages • Can compile without re-compiling kernel – Use of 3 rd party tools/libraries • – Fewer kernel quirks (although still need to couple user Examples code to kernel system calls) – WikipediaFS [2] lets users view/edit Wikipedia articles as if local files – SSHFS access via SFTP protocol 1 4/15/2014 Problem Statement Outline • Prevailing view – user space file systems
    [Show full text]
  • The Evolution of File Systems
    The Evolution of File Systems Thomas Rivera, Hitachi Data Systems Craig Harmer, April 2011 SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individuals may use this material in presentations and literature under the following conditions: Any slide or slides used must be reproduced without modification The SNIA must be acknowledged as source of any material used in the body of any document containing material from these presentations. This presentation is a project of the SNIA Education Committee. Neither the Author nor the Presenter is an attorney and nothing in this presentation is intended to be nor should be construed as legal advice or opinion. If you need legal advice or legal opinion please contact an attorney. The information presented herein represents the Author's personal opinion and current understanding of the issues involved. The Author, the Presenter, and the SNIA do not assume any responsibility or liability for damages arising out of any reliance on or use of this information. NO WARRANTIES, EXPRESS OR IMPLIED. USE AT YOUR OWN RISK. The Evolution of File Systems 2 © 2012 Storage Networking Industry Association. All Rights Reserved. 2 Abstract The File Systems Evolution Over time additional file systems appeared focusing on specialized requirements such as: data sharing, remote file access, distributed file access, parallel files access, HPC, archiving, security, etc. Due to the dramatic growth of unstructured data, files as the basic units for data containers are morphing into file objects, providing more semantics and feature- rich capabilities for content processing This presentation will: Categorize and explain the basic principles of currently available file system architectures (e.g.
    [Show full text]
  • Extension Framework for File Systems in User Space
    Extension Framework for File Systems in User space Ashish Bijlani and Umakishore Ramachandran, Georgia Institute of Technology https://www.usenix.org/conference/atc19/presentation/bijlani This paper is included in the Proceedings of the 2019 USENIX Annual Technical Conference. July 10–12, 2019 • Renton, WA, USA ISBN 978-1-939133-03-8 Open access to the Proceedings of the 2019 USENIX Annual Technical Conference is sponsored by USENIX. Extension Framework for File Systems in User space Ashish Bijlani Umakishore Ramachandran Georgia Institute of Technology Georgia Institute of Technology Abstract space. This design offers flexibility to developers to easily implement their functionality and apply custom optimizations, User file systems offer numerous advantages over their in- but also incurs a high overhead due to frequent user-kernel kernel implementations, such as ease of development and bet- switching and data copying. For example, despite several ter system reliability. However, they incur heavy performance recent optimizations, even a simple passthrough FUSE file penalty. We observe that existing user file system frameworks system can introduce up to 83% overhead on an SSD [50]. are highly general; they consist of a minimal interposition As a result, some FUSE file systems have been replaced by layer in the kernel that simply forwards all low-level requests alternative implementations in production [8, 22, 24]. to user space. While this design offers flexibility, it also severely degrades performance due to frequent kernel-user There have been attempts to address performance issues context switching. of user file system frameworks, for example, by eliminating user-kernel switching in FUSE under certain scenarios [28, This work introduces EXTFUSE, a framework for develop- ing extensible user file systems that also allows applications 34].
    [Show full text]
  • ZEA, a Data Management Approach for SMR
    ZEA, A Data Management Approach for SMR Adam Manzanares Co-Authors • Western Digital Research – Cyril Guyot, Damien Le Moal, Zvonimir Bandic • University of California, Santa Cruz – Noah Watkins, Carlos Maltzahn ©2016 Western Digital Corporation or affiliates. All rights reserved. 2 Why SMR ? • HDDs are not going away – Exponential growth of data still exists – $/TB vs. Flash is still much lower – We want to continue this trend! • Traditional Recording (PMR) is reaching scalability limits – SMR is a density enhancing technology being shipped right now. • Future recording technologies may behave like SMR – Write constraint similarities – HAMR ©2016 Western Digital Corporation or affiliates. All rights reserved. 3 Flavors of SMR • SMR Constraint – Writes must be sequential to avoid data loss • Drive Managed – Transparent to the user – Comes at the cost of predictability and additional drive resources • Host Aware – Host is aware of SMR working model – If user does something “wrong” the drive will fix the problem internally • Host Managed – Host is aware of SMR working model – If user does something “wrong” the drive will reject the IO request ©2016 Western Digital Corporation or affiliates. All rights reserved. 4 SMR Drive Device Model • New SCSI standard Zoned Block Commands (ZBC) – SATA equivalent ZAC • Drive described by zones and their restrictions Type Write Intended Use Con Abbreviation Restriction Conventional None In-place updates Increased CZ Resources Sequential None Mostly sequential Variable SPZ Preferred writes Performance Sequential Sequential Write Only sequential SRZ Required writes • Our user space library (libzbc) queries zone information from the drive – https://github.com/hgst/libzbc ©2016 Western Digital Corporation or affiliates.
    [Show full text]
  • Making a Case for Distributed File Systems at Exascale
    Making a Case for Distributed File Systems at Exascale 1,2Ioan Raicu, 2,3,4Ian T. Foster, 2,3,5Pete Beckman 1 Department of Computer Science, Illinois Institute of Technology, Chicago, IL, USA 2 Mathematics and Computer Science Division, Argonne National Laboratory, Argonne, IL, USA 3 Computation Institute, University of Chicago, Chicago, IL, USA 4 Department of Computer Science, University of Chicago, Chicago, IL, USA 5 Exascale Technology and Computing Institute, Argonne National Laboratory, Argonne, IL, USA [email protected], [email protected], [email protected] ABSTRACT 1. INTRODUCTION Exascale computers will enable the unraveling of significant Today’s science is generating datasets that are increasing scientific mysteries. Predictions are that 2019 will be the year of exponentially in both complexity and volume, making their exascale, with millions of compute nodes and billions of threads analysis, archival, and sharing one of the grand challenges of the of execution. The current architecture of high-end computing 21st century. Seymour Cray once said – “a supercomputer is a systems is decades-old and has persisted as we scaled from device for turning compute-bound problems into I/O-bound gigascales to petascales. In this architecture, storage is problems” – which addresses the fundamental shift in bottlenecks completely segregated from the compute resources and are as supercomputers gain more parallelism at exponential rates [1], connected via a network interconnect. This approach will not the storage infrastructure performance is increasing at a scale several orders of magnitude in terms of concurrency and significantly lower rate. This implies that the data management throughput, and will thus prevent the move from petascale to and data flow between the storage and compute resources is exascale.
    [Show full text]