Parametric and Probabilistic Model Checking of Confidentiality in Data Dispersal Algorithms (Extended Version)

TL;DR

This paper introduces a unified probabilistic model checking framework to evaluate confidentiality in data dispersal algorithms within distributed cloud storage, analyzing different attacker models and their impact on system security.

Contribution

It presents a novel approach combining parametric and probabilistic model checking to assess confidentiality in dispersal algorithms against various attacker models.

Findings

High confidentiality against slice intruders regardless of storage nodes

Low confidentiality against provider intruders in small networks

Framework enables exhaustive security analysis of dispersal algorithms

Abstract

Recent developments in cloud storage architectures have originated new models of online storage as cooperative storage systems and interconnected clouds. Such distributed environments involve many organizations, thus ensuring confidentiality becomes crucial: only legitimate clients should recover the information they distribute among storage nodes. In this work we present a unified framework for verifying confidentiality of dispersal algorithms against probabilistic models of intruders. Two models of intruders are given, corresponding to different types of attackers: one aiming at intercepting as many slices of information as possible, and the other aiming at attacking the storage providers in the network. Both try to recover the original information, given the intercepted slices. By using probabilistic model checking, we can measure the degree of confidentiality of the system exploring exhaustively all possible behaviors. Our experiments suggest that dispersal algorithms ensure a high degree of confidentiality against the slice intruder, no matter the number of storage providers in the system. On the contrary, they show a low level of confidentiality against the provider intruder in networks with few storage providers (e.g. interconnected cloud storage solutions).