| In this thesis we show how the security of replicated objects in distributed systems, in terms of either the objects' confidentiality or availability, can be improved through the placement of objects' replicas so as to carefully manage the nodes on which objects' replicas overlap.;In the first part of this thesis we present StopWatch, a system that defends against timing-based side-channel attacks that arise from coresidency of victims and attackers in infrastructure-as-a-service clouds and threaten confidentiality of victims' data. StopWatch triplicates each cloudresident guest virtual machine (VM) and places replicas so that the three replicas of a guest VM are coresident with nonoverlapping sets of (replicas of) other VMs. StopWatch uses the timing of I/O events at a VM's replicas collectively to determine the timings observed by each one or by an external observer, so that observable timing behaviors are similarly likely in the absence of any other individual, coresident VM. We detail the design and implementation of StopWatch in Xen, evaluate the factors that influence its performance, demonstrate its advantages relative to alternative defenses against timing side-channels with commodity hardware, and address the problem of placing VM replicas in a cloud under the constraints of StopWatch so as to still enable adequate cloud utilization.;We then explore the problem of placing object replicas on nodes in a distributed system to maximize the number of objects that remain available when node failures occur. In our model, failing (the nodes hosting) a given threshold of replicas is sufficient to disable each object, and the adversary selects which nodes to fail to minimize the number of objects that remain available. We specifically explore placement strategies based on combinatorial structures called t-packings; provide a lower bound for the object availability they offer; show that these placements offer availability that is c-competitive with optimal; and propose an efficient algorithm for computing combinations of t-packings that maximize their availability lower bound. We compare the availability offered by our approach to that of random replica placement, owing to the popularity of the latter approach in previous work. After quantifying the availability offered by random replica placement in our model, we show that our combinatorial strategy yields placements with better availability than random replica placement for many realistic parameter values. Finally, we provide parameter selection strategies to concretely instantiate our schemes for different system sizes. |
