Practice talks for the SSRC Retreat, each talk is 20 minutes with 10 minutes of feedback

1. Alex Nelson, Geolocation in Post-Mortem Digital Forensics

Many of today's personal electronics announce or track the owner's location, with and without prompting. Though announcing one's location to a social networking site is optional, some prefer or need to maintain location privacy. However, using a networked device may reveal and record one's location in subtle manners, contrary to any location privacy desires.

We investigate location discovery on storage devices that are, and have been for quite some time, offline. Performing this analysis in a "Post-mortem," or offline, setting presents various challenges. First, we do not have the opportunity for live network feedback, as done with online geolocation tools such as IP address locators. For IP addresses we do find, we have to consider their age to avoid the time-shift problem inherent in address re-allocation. Second, location names completely unrelated to the actual locations appear frequently, flooding text-search geolocation analysis with potential false positives. Third, we may not have an intact file system present to search for location giveaways like the believed owner's address book. In this talk we discuss hard drive artifacts and characteristics of accurate location indicators.

2. Yan Li, Horus

Data used in high-performance computing (HPC) applications is often sensitive, necessitating protection against both physical compromise of the storage media and “rogue” computation nodes. Existing approaches to security may require trusting storage nodes and are vulnerable to a single computation node gathering keys that can unlock all of the data used in the entire computation. Our approach, Horus, encrypts petabyte- scale files using a keyed hash tree to generate different keys for each region of the file, supporting much finer-grained security. A client can only access a file region for which it has a key, and the tree structure allows keys to be generated for large and small regions as needed. Horus can be integrated into a file system or layered between applications and existing file systems, simplifying deployment. Keys can be distributed in several ways, including the use of a small stateless key cluster that strongly limits the size of the system that must be secured against attack. The system poses no added demand on the metadata cluster or the storage devices, and little added demand on the clients beyond the unavoidable need to encrypt and decrypt data, making it highly suitable for protecting data in HPC systems.

3. Joel Frank, Archival Usage and Data Migration in a Long Term Supercomputing System

Tracking archival usage and data migration in a long term supercomputing system is critical to understanding not only how users’ needs and habits have changed over time, but also how the archive itself evolves in response to these external factors. Yet this type of study has not previously been performed. To address this need, we conducted an in-depth comparison of file migration activity on the mass storage system (MSS) at the National Center for Atmospheric Research (NCAR) during two periods, one in the early 1990s, and another nearly twenty years later. In addition to confirming earlier findings, our analysis turned up three surprising results. First, the read:write ratio went from 2:1 in the earlier trace to 1:2 in the later trace, a reduction of a factor of four in reads relative to writes. Second, only 30% of the current archive was accessed during the three year period of the study, in stark contrast to the 80% seen in the 1992 trace analysis. Third, access latency to the first byte of data actually got slower despite much faster computers and storage devices. These findings indicate that archival behavior has shifted towards a write-heavy workload, and that future archives can be more optimized for write activity than previously believed. Furthermore it may be worth considering the value of data being archived when it is stored, since later retrieval is increasingly less likely.