SlideShare una empresa de Scribd logo

Securing Sharded Networks with Swarm

Fluence Labs
Fluence Labs

Dmitry Kurinskiy @ Swarm Summit May 24, 2019 – Madrid

Software
1 de 27
Descargar para leer sin conexión
Securing Sharded Networks 
 with Swarm Dmitry Kurinskiy twitter.com/@name_alari
Agenda 1. Decentralized databases 2. Security considerations for decentralized databases 3. Hybrid approach to low-redundancy shard security
What is Fluence? A permissionless decentralized database platform One-click deployment for SQL and NoSQL databases (think Redis or SQLite)
? are computationally 
 bound do not support 
 sophisticated queries Decentralized database gap
Approach #1: transfer data to the client need to transfer too much data
Approach #2: use a blockchain excessive redundancy
Redundancy in the cloud environment • Database replicas: ~2×-5× • Backup storage: ~3×
Goal: decentralize opensource DBs • Cloud databases: • AWS RDS: MySQL & PostgreSQL • AWS ElastiCache: Memcached & Redis • Database = Storage + Computations • Apply built-in and user-defined 
 functions to data • Bulk updates • Stored procedures
How to make miniature shards secure?
Sharding on a budget Assuming that we have a budget for just 5× to 10× redundancy, can we simply have a 7-nodes shard with a BFT consensus?
 
 Well, there are security threats
Isolated shard security • Permissioned BFT consensus (such as Tendermint) can 
 tolerate k out of 3k+1 malicious nodes
 • If 2k+1 (two thirds) of the nodes are malicious, 
 they can "tolerate" honest ones
How to deal with a malicious shard? With 10% malicious nodes in the network, 
 we have a 0.017% chance of 7-nodes shard takeover Can we do better... ...with the same budget?
Shared verifier pool • A shard should be secured 
 not only by its own nodes
 • But how to transfer transaction history to the verifier pool?
Swarm to the rescue • A shard uploads a block to Swarm and provides a proof of upload • Rotated validators pick data from Swarm w/o overloading the shard • Fishermen download different fragments of transaction history • Fishermen can be picked at random
Shared verifier pool with Swarm
• Ethereum holds the registry of deployed databases • BFT consensus-based replication between DB nodes • Direct frontend <–> database interaction • Transaction history is uploaded to Swarm
 Tendermint WebAssembly Real-time shards
Tendermint blocks
Blocks uploaded to Swarm
Swarm as a chain storage • Store Swarm receipts in Swarm, organize the data 
 into a chain to fetch them all
 • Once in a while, the pointer to the last Swarm-uploaded block 
 can be checkpointed to Ethereum
 • In between, keep the manifests chain in the interim storage
 Why not Swarm MRU? Due to possible forks
Preventing forks
Verifications Composition: • Transaction history is verified segment by segment • Segments are sequentially verified by several fishermen Fishermen: • Are randomly selected from the shared network pool • Verify that preceding validations were autonomous • Do not know if there will be a subsequent validation
1. Download the old state from Swarm 2. Download the transaction history segment 
 from Swarm 3. Replay the transaction history 4. Reach the new state 5. Upload the new state to Swarm 6. Drop the transaction history segment Verification
Verification game • Any database transaction may be disputed • Verification game narrows the dispute to a single WebAssembly instruction • Ethereum smart contract repeats the instruction
Hybrid approach Speed layer
 Real-time validators Security layer
 Shared fishermen pool Data availability layer
 Swarm Dispute resolution layer
 Ethereum
Sharding on a budget • For a misbehaviour to go unnoticed, the shard must be taken and all the fishermen must be malicious • 4 validator nodes in a shard, 3 fishermen nodes: 
 0.00037% risk of shard takeover
 2 orders of magnitude lower than with a naive approach 25
Bottomline Real-time validators are stateful and contain only few workers: + Low response latencies + cost efficiency
 – Cartels are possible
 Fishermen are stateless and independent: + Fishermen cartels are not possible
 – Takes time to reach finality
 Swarm decouples the Block Producer from the Finality Gadget: + Independent decentralized storage with data availability guarantees
 + Cost-efficient: no need to store the data forever, redundancy is limited
That's all folks! dash.fluence.network

Recomendados

DNS DDoS Attack and Risk
DNS DDoS Attack and RiskDNS DDoS Attack and Risk
DNS DDoS Attack and RiskSukbum Hong
 
DDoS mitigation EPIC FAIL collection - 32C3
DDoS mitigation EPIC FAIL collection - 32C3DDoS mitigation EPIC FAIL collection - 32C3
DDoS mitigation EPIC FAIL collection - 32C3Moshe Zioni
 
Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017Suzanne Aldrich
 
What's New in Go Crypto - Gotham Go
What's New in Go Crypto - Gotham GoWhat's New in Go Crypto - Gotham Go
What's New in Go Crypto - Gotham GoNick Sullivan
 
Low level java programming
Low level java programmingLow level java programming
Low level java programmingPeter Lawrey
 
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlareSurviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlareCloudflare
 
Chronicle accelerate building a digital currency
Chronicle accelerate building a digital currencyChronicle accelerate building a digital currency
Chronicle accelerate building a digital currencyPeter Lawrey
 
Post quantum cryptography in vault (hashi talks 2020)
Post quantum cryptography in vault (hashi talks 2020)Post quantum cryptography in vault (hashi talks 2020)
Post quantum cryptography in vault (hashi talks 2020)Mitchell Pronschinske
 

Recomendados

DNS DDoS Attack and Risk
DNS DDoS Attack and RiskDNS DDoS Attack and Risk
DNS DDoS Attack and RiskSukbum Hong
 
DDoS mitigation EPIC FAIL collection - 32C3
DDoS mitigation EPIC FAIL collection - 32C3DDoS mitigation EPIC FAIL collection - 32C3
DDoS mitigation EPIC FAIL collection - 32C3Moshe Zioni
 
Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017Suzanne Aldrich
 
What's New in Go Crypto - Gotham Go
What's New in Go Crypto - Gotham GoWhat's New in Go Crypto - Gotham Go
What's New in Go Crypto - Gotham GoNick Sullivan
 
Low level java programming
Low level java programmingLow level java programming
Low level java programmingPeter Lawrey
 
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlareSurviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlareCloudflare
 
Chronicle accelerate building a digital currency
Chronicle accelerate building a digital currencyChronicle accelerate building a digital currency
Chronicle accelerate building a digital currencyPeter Lawrey
 
Post quantum cryptography in vault (hashi talks 2020)
Post quantum cryptography in vault (hashi talks 2020)Post quantum cryptography in vault (hashi talks 2020)
Post quantum cryptography in vault (hashi talks 2020)Mitchell Pronschinske
 
NATS for Modern Messaging and Microservices
NATS for Modern Messaging and MicroservicesNATS for Modern Messaging and Microservices
NATS for Modern Messaging and MicroservicesApcera
 
Cassandra Summit 2015: Real World DTCS For Operators
Cassandra Summit 2015: Real World DTCS For OperatorsCassandra Summit 2015: Real World DTCS For Operators
Cassandra Summit 2015: Real World DTCS For OperatorsJeff Jirsa
 
Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140) Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140) Bangladesh Network Operators Group
 
Dockertaipei 20150528-dockerswarm
Dockertaipei 20150528-dockerswarmDockertaipei 20150528-dockerswarm
Dockertaipei 20150528-dockerswarmWei-Ting Kuo
 
Running a Robust DNS Infrastructure with CloudFlare Virtual DNS
Running a Robust DNS Infrastructure with CloudFlare Virtual DNSRunning a Robust DNS Infrastructure with CloudFlare Virtual DNS
Running a Robust DNS Infrastructure with CloudFlare Virtual DNSCloudflare
 
An analysis of TLS handshake proxying
An analysis of TLS handshake proxyingAn analysis of TLS handshake proxying
An analysis of TLS handshake proxyingNick Sullivan
 
Microservices for performance - GOTO Chicago 2016
Microservices for performance - GOTO Chicago 2016Microservices for performance - GOTO Chicago 2016
Microservices for performance - GOTO Chicago 2016Peter Lawrey
 
Introducing Docker Swarm - the orchestration tool by Docker
Introducing Docker Swarm - the orchestration tool by DockerIntroducing Docker Swarm - the orchestration tool by Docker
Introducing Docker Swarm - the orchestration tool by DockerRamit Surana
 
Cassandra compaction
Cassandra compactionCassandra compaction
Cassandra compactionKazutaka Tomita
 
CCNxCon2012: Session 5: Object Sizes in Named Data Networking
CCNxCon2012: Session 5: Object Sizes in Named Data NetworkingCCNxCon2012: Session 5: Object Sizes in Named Data Networking
CCNxCon2012: Session 5: Object Sizes in Named Data NetworkingPARC, a Xerox company
 
Bringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the MainstreamBringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the MainstreamNick Sullivan
 
Cassandra Day London 2015: Securing Cassandra and DataStax Enterprise
Cassandra Day London 2015: Securing Cassandra and DataStax EnterpriseCassandra Day London 2015: Securing Cassandra and DataStax Enterprise
Cassandra Day London 2015: Securing Cassandra and DataStax EnterpriseDataStax Academy
 
NATS Connect Live | NATS as a Service Mesh
NATS Connect Live | NATS as a Service MeshNATS Connect Live | NATS as a Service Mesh
NATS Connect Live | NATS as a Service MeshNATS
 
Introducing SciaaS @ Sanger
Introducing SciaaS @ SangerIntroducing SciaaS @ Sanger
Introducing SciaaS @ SangerPeter Clapham
 
KubeConEU - NATS Deep Dive
KubeConEU - NATS Deep DiveKubeConEU - NATS Deep Dive
KubeConEU - NATS Deep Divewallyqs
 
Docker Swarm Introduction
Docker Swarm IntroductionDocker Swarm Introduction
Docker Swarm Introductionrajdeep
 
Анализ телеметрии при масштабировании, Theo Schlossnagle (Circonus)
Анализ телеметрии при масштабировании, Theo Schlossnagle (Circonus)Анализ телеметрии при масштабировании, Theo Schlossnagle (Circonus)
Анализ телеметрии при масштабировании, Theo Schlossnagle (Circonus)Ontico
 
NATS + Docker meetup talk Oct - 2016
NATS + Docker meetup talk Oct - 2016NATS + Docker meetup talk Oct - 2016
NATS + Docker meetup talk Oct - 2016wallyqs
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSSuzanne Aldrich
 
BADCamp 2017 - Anatomy of DDoS
BADCamp 2017 - Anatomy of DDoSBADCamp 2017 - Anatomy of DDoS
BADCamp 2017 - Anatomy of DDoSSuzanne Aldrich
 
Presentazione VMware @ VMUGIT UserCon 2015
Presentazione VMware @ VMUGIT UserCon 2015Presentazione VMware @ VMUGIT UserCon 2015
Presentazione VMware @ VMUGIT UserCon 2015VMUG IT
 
Using galera replication to create geo distributed clusters on the wan
Using galera replication to create geo distributed clusters on the wanUsing galera replication to create geo distributed clusters on the wan
Using galera replication to create geo distributed clusters on the wanCodership Oy - Creators of Galera Cluster
 

Más contenido relacionado

La actualidad más candente

NATS for Modern Messaging and Microservices
NATS for Modern Messaging and MicroservicesNATS for Modern Messaging and Microservices
NATS for Modern Messaging and MicroservicesApcera
 
Cassandra Summit 2015: Real World DTCS For Operators
Cassandra Summit 2015: Real World DTCS For OperatorsCassandra Summit 2015: Real World DTCS For Operators
Cassandra Summit 2015: Real World DTCS For OperatorsJeff Jirsa
 
Dockertaipei 20150528-dockerswarm
Dockertaipei 20150528-dockerswarmDockertaipei 20150528-dockerswarm
Dockertaipei 20150528-dockerswarmWei-Ting Kuo
 
Running a Robust DNS Infrastructure with CloudFlare Virtual DNS
Running a Robust DNS Infrastructure with CloudFlare Virtual DNSRunning a Robust DNS Infrastructure with CloudFlare Virtual DNS
Running a Robust DNS Infrastructure with CloudFlare Virtual DNSCloudflare
 
An analysis of TLS handshake proxying
An analysis of TLS handshake proxyingAn analysis of TLS handshake proxying
An analysis of TLS handshake proxyingNick Sullivan
 
Microservices for performance - GOTO Chicago 2016
Microservices for performance - GOTO Chicago 2016Microservices for performance - GOTO Chicago 2016
Microservices for performance - GOTO Chicago 2016Peter Lawrey
 
Introducing Docker Swarm - the orchestration tool by Docker
Introducing Docker Swarm - the orchestration tool by DockerIntroducing Docker Swarm - the orchestration tool by Docker
Introducing Docker Swarm - the orchestration tool by DockerRamit Surana
 
CCNxCon2012: Session 5: Object Sizes in Named Data Networking
CCNxCon2012: Session 5: Object Sizes in Named Data NetworkingCCNxCon2012: Session 5: Object Sizes in Named Data Networking
CCNxCon2012: Session 5: Object Sizes in Named Data NetworkingPARC, a Xerox company
 
Bringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the MainstreamBringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the MainstreamNick Sullivan
 
Cassandra Day London 2015: Securing Cassandra and DataStax Enterprise
Cassandra Day London 2015: Securing Cassandra and DataStax EnterpriseCassandra Day London 2015: Securing Cassandra and DataStax Enterprise
Cassandra Day London 2015: Securing Cassandra and DataStax EnterpriseDataStax Academy
 
NATS Connect Live | NATS as a Service Mesh
NATS Connect Live | NATS as a Service MeshNATS Connect Live | NATS as a Service Mesh
NATS Connect Live | NATS as a Service MeshNATS
 
Introducing SciaaS @ Sanger
Introducing SciaaS @ SangerIntroducing SciaaS @ Sanger
Introducing SciaaS @ SangerPeter Clapham
 
KubeConEU - NATS Deep Dive
KubeConEU - NATS Deep DiveKubeConEU - NATS Deep Dive
KubeConEU - NATS Deep Divewallyqs
 
Docker Swarm Introduction
Docker Swarm IntroductionDocker Swarm Introduction
Docker Swarm Introductionrajdeep
 
Анализ телеметрии при масштабировании, Theo Schlossnagle (Circonus)
Анализ телеметрии при масштабировании, Theo Schlossnagle (Circonus)Анализ телеметрии при масштабировании, Theo Schlossnagle (Circonus)
Анализ телеметрии при масштабировании, Theo Schlossnagle (Circonus)Ontico
 
NATS + Docker meetup talk Oct - 2016
NATS + Docker meetup talk Oct - 2016NATS + Docker meetup talk Oct - 2016
NATS + Docker meetup talk Oct - 2016wallyqs
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSSuzanne Aldrich
 
BADCamp 2017 - Anatomy of DDoS
BADCamp 2017 - Anatomy of DDoSBADCamp 2017 - Anatomy of DDoS
BADCamp 2017 - Anatomy of DDoSSuzanne Aldrich
 

La actualidad más candente (20)

NATS for Modern Messaging and Microservices
NATS for Modern Messaging and MicroservicesNATS for Modern Messaging and Microservices
NATS for Modern Messaging and Microservices
 
Cassandra Summit 2015: Real World DTCS For Operators
Cassandra Summit 2015: Real World DTCS For OperatorsCassandra Summit 2015: Real World DTCS For Operators
Cassandra Summit 2015: Real World DTCS For Operators
 
Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140) Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140)
 
Dockertaipei 20150528-dockerswarm
Dockertaipei 20150528-dockerswarmDockertaipei 20150528-dockerswarm
Dockertaipei 20150528-dockerswarm
 
Running a Robust DNS Infrastructure with CloudFlare Virtual DNS
Running a Robust DNS Infrastructure with CloudFlare Virtual DNSRunning a Robust DNS Infrastructure with CloudFlare Virtual DNS
Running a Robust DNS Infrastructure with CloudFlare Virtual DNS
 
An analysis of TLS handshake proxying
An analysis of TLS handshake proxyingAn analysis of TLS handshake proxying
An analysis of TLS handshake proxying
 
Microservices for performance - GOTO Chicago 2016
Microservices for performance - GOTO Chicago 2016Microservices for performance - GOTO Chicago 2016
Microservices for performance - GOTO Chicago 2016
 
Introducing Docker Swarm - the orchestration tool by Docker
Introducing Docker Swarm - the orchestration tool by DockerIntroducing Docker Swarm - the orchestration tool by Docker
Introducing Docker Swarm - the orchestration tool by Docker
 
Cassandra compaction
Cassandra compactionCassandra compaction
Cassandra compaction
 
CCNxCon2012: Session 5: Object Sizes in Named Data Networking
CCNxCon2012: Session 5: Object Sizes in Named Data NetworkingCCNxCon2012: Session 5: Object Sizes in Named Data Networking
CCNxCon2012: Session 5: Object Sizes in Named Data Networking
 
Bringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the MainstreamBringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the Mainstream
 
Cassandra Day London 2015: Securing Cassandra and DataStax Enterprise
Cassandra Day London 2015: Securing Cassandra and DataStax EnterpriseCassandra Day London 2015: Securing Cassandra and DataStax Enterprise
Cassandra Day London 2015: Securing Cassandra and DataStax Enterprise
 
NATS Connect Live | NATS as a Service Mesh
NATS Connect Live | NATS as a Service MeshNATS Connect Live | NATS as a Service Mesh
NATS Connect Live | NATS as a Service Mesh
 
Introducing SciaaS @ Sanger
Introducing SciaaS @ SangerIntroducing SciaaS @ Sanger
Introducing SciaaS @ Sanger
 
KubeConEU - NATS Deep Dive
KubeConEU - NATS Deep DiveKubeConEU - NATS Deep Dive
KubeConEU - NATS Deep Dive
 
Docker Swarm Introduction
Docker Swarm IntroductionDocker Swarm Introduction
Docker Swarm Introduction
 
Анализ телеметрии при масштабировании, Theo Schlossnagle (Circonus)
Анализ телеметрии при масштабировании, Theo Schlossnagle (Circonus)Анализ телеметрии при масштабировании, Theo Schlossnagle (Circonus)
Анализ телеметрии при масштабировании, Theo Schlossnagle (Circonus)
 
NATS + Docker meetup talk Oct - 2016
NATS + Docker meetup talk Oct - 2016NATS + Docker meetup talk Oct - 2016
NATS + Docker meetup talk Oct - 2016
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoS
 
BADCamp 2017 - Anatomy of DDoS
BADCamp 2017 - Anatomy of DDoSBADCamp 2017 - Anatomy of DDoS
BADCamp 2017 - Anatomy of DDoS
 

Similar a Securing Sharded Networks with Swarm

Presentazione VMware @ VMUGIT UserCon 2015
Presentazione VMware @ VMUGIT UserCon 2015Presentazione VMware @ VMUGIT UserCon 2015
Presentazione VMware @ VMUGIT UserCon 2015VMUG IT
 
different consensus protocols in blockchian.pptx
different consensus protocols in blockchian.pptxdifferent consensus protocols in blockchian.pptx
different consensus protocols in blockchian.pptxmeena466141
 
Using galera replication to create geo distributed clusters on the wan
Using galera replication to create geo distributed clusters on the wanUsing galera replication to create geo distributed clusters on the wan
Using galera replication to create geo distributed clusters on the wanSakari Keskitalo
 
Using galera replication to create geo distributed clusters on the wan
Using galera replication to create geo distributed clusters on the wanUsing galera replication to create geo distributed clusters on the wan
Using galera replication to create geo distributed clusters on the wanSakari Keskitalo
 
Security Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloudSecurity Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloudNeelkamal Gaharwar
 
CloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWestCloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWestke4qqq
 
The impact of cloud NSBCon NY by Yves Goeleven
The impact of cloud NSBCon NY by Yves GoelevenThe impact of cloud NSBCon NY by Yves Goeleven
The impact of cloud NSBCon NY by Yves GoelevenParticular Software
 
Instrumenting the real-time web: Node.js in production
Instrumenting the real-time web: Node.js in productionInstrumenting the real-time web: Node.js in production
Instrumenting the real-time web: Node.js in productionbcantrill
 
Authentication in manet
Authentication in manetAuthentication in manet
Authentication in manetmmubashirkhan
 
Integrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureIntegrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureHui Cheng
 
Pandora FMS: VMware Enterprise Plugin
Pandora FMS: VMware Enterprise PluginPandora FMS: VMware Enterprise Plugin
Pandora FMS: VMware Enterprise PluginPandora FMS
 
FIWARE Tech Summit - Docker Swarm Secrets for Creating Great FIWARE Platforms
FIWARE Tech Summit - Docker Swarm Secrets for Creating Great FIWARE PlatformsFIWARE Tech Summit - Docker Swarm Secrets for Creating Great FIWARE Platforms
FIWARE Tech Summit - Docker Swarm Secrets for Creating Great FIWARE PlatformsFIWARE
 
DCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDocker, Inc.
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stackNitin Mehta
 
Meetup on Apache Zookeeper
Meetup on Apache ZookeeperMeetup on Apache Zookeeper
Meetup on Apache ZookeeperAnshul Patel
 
Cloud Forensics
Cloud ForensicsCloud Forensics
Cloud Forensicssdavis532
 
Docker Swarm secrets for creating great FIWARE platforms
Docker Swarm secrets for creating great FIWARE platformsDocker Swarm secrets for creating great FIWARE platforms
Docker Swarm secrets for creating great FIWARE platformsFederico Michele Facca
 

Similar a Securing Sharded Networks with Swarm (20)

Presentazione VMware @ VMUGIT UserCon 2015
Presentazione VMware @ VMUGIT UserCon 2015Presentazione VMware @ VMUGIT UserCon 2015
Presentazione VMware @ VMUGIT UserCon 2015
 
Using galera replication to create geo distributed clusters on the wan
Using galera replication to create geo distributed clusters on the wanUsing galera replication to create geo distributed clusters on the wan
Using galera replication to create geo distributed clusters on the wan
 
different consensus protocols in blockchian.pptx
different consensus protocols in blockchian.pptxdifferent consensus protocols in blockchian.pptx
different consensus protocols in blockchian.pptx
 
Using galera replication to create geo distributed clusters on the wan
Using galera replication to create geo distributed clusters on the wanUsing galera replication to create geo distributed clusters on the wan
Using galera replication to create geo distributed clusters on the wan
 
Using galera replication to create geo distributed clusters on the wan
Using galera replication to create geo distributed clusters on the wanUsing galera replication to create geo distributed clusters on the wan
Using galera replication to create geo distributed clusters on the wan
 
Security Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloudSecurity Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloud
 
Sidechains introduction
Sidechains introductionSidechains introduction
Sidechains introduction
 
Avalanche-4-pub.pptx
Avalanche-4-pub.pptxAvalanche-4-pub.pptx
Avalanche-4-pub.pptx
 
CloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWestCloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWest
 
The impact of cloud NSBCon NY by Yves Goeleven
The impact of cloud NSBCon NY by Yves GoelevenThe impact of cloud NSBCon NY by Yves Goeleven
The impact of cloud NSBCon NY by Yves Goeleven
 
Instrumenting the real-time web: Node.js in production
Instrumenting the real-time web: Node.js in productionInstrumenting the real-time web: Node.js in production
Instrumenting the real-time web: Node.js in production
 
Authentication in manet
Authentication in manetAuthentication in manet
Authentication in manet
 
Integrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureIntegrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing Infrastructure
 
Pandora FMS: VMware Enterprise Plugin
Pandora FMS: VMware Enterprise PluginPandora FMS: VMware Enterprise Plugin
Pandora FMS: VMware Enterprise Plugin
 
FIWARE Tech Summit - Docker Swarm Secrets for Creating Great FIWARE Platforms
FIWARE Tech Summit - Docker Swarm Secrets for Creating Great FIWARE PlatformsFIWARE Tech Summit - Docker Swarm Secrets for Creating Great FIWARE Platforms
FIWARE Tech Summit - Docker Swarm Secrets for Creating Great FIWARE Platforms
 
DCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at Netflix
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stack
 
Meetup on Apache Zookeeper
Meetup on Apache ZookeeperMeetup on Apache Zookeeper
Meetup on Apache Zookeeper
 
Cloud Forensics
Cloud ForensicsCloud Forensics
Cloud Forensics
 
Docker Swarm secrets for creating great FIWARE platforms
Docker Swarm secrets for creating great FIWARE platformsDocker Swarm secrets for creating great FIWARE platforms
Docker Swarm secrets for creating great FIWARE platforms
 

Último

AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...Jittipong Loespradit
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfayushiqss
 
ManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
Pharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyPharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyAnusha Are
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxBUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxalwaysnagaraju26
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfproinshot.com
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 

Último (20)

AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 
ManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide Deck
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
Pharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyPharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodology
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxBUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 

Securing Sharded Networks with Swarm

  • 1. Securing Sharded Networks 
 with Swarm Dmitry Kurinskiy twitter.com/@name_alari
  • 2. Agenda 1. Decentralized databases 2. Security considerations for decentralized databases 3. Hybrid approach to low-redundancy shard security
  • 3. What is Fluence? A permissionless decentralized database platform One-click deployment for SQL and NoSQL databases (think Redis or SQLite)
  • 4. ? are computationally 
 bound do not support 
 sophisticated queries Decentralized database gap
  • 5. Approach #1: transfer data to the client need to transfer too much data
  • 6. Approach #2: use a blockchain excessive redundancy
  • 7. Redundancy in the cloud environment • Database replicas: ~2×-5× • Backup storage: ~3×
  • 8. Goal: decentralize opensource DBs • Cloud databases: • AWS RDS: MySQL & PostgreSQL • AWS ElastiCache: Memcached & Redis • Database = Storage + Computations • Apply built-in and user-defined 
 functions to data • Bulk updates • Stored procedures
  • 9. How to make miniature shards secure?
  • 10. Sharding on a budget Assuming that we have a budget for just 5× to 10× redundancy, can we simply have a 7-nodes shard with a BFT consensus?
 
 Well, there are security threats
  • 11. Isolated shard security • Permissioned BFT consensus (such as Tendermint) can 
 tolerate k out of 3k+1 malicious nodes
 • If 2k+1 (two thirds) of the nodes are malicious, 
 they can "tolerate" honest ones
  • 12. How to deal with a malicious shard? With 10% malicious nodes in the network, 
 we have a 0.017% chance of 7-nodes shard takeover Can we do better... ...with the same budget?
  • 13. Shared verifier pool • A shard should be secured 
 not only by its own nodes
 • But how to transfer transaction history to the verifier pool?
  • 14. Swarm to the rescue • A shard uploads a block to Swarm and provides a proof of upload • Rotated validators pick data from Swarm w/o overloading the shard • Fishermen download different fragments of transaction history • Fishermen can be picked at random
  • 15. Shared verifier pool with Swarm
  • 16. • Ethereum holds the registry of deployed databases • BFT consensus-based replication between DB nodes • Direct frontend <–> database interaction • Transaction history is uploaded to Swarm
 Tendermint WebAssembly Real-time shards
  • 19. Swarm as a chain storage • Store Swarm receipts in Swarm, organize the data 
 into a chain to fetch them all
 • Once in a while, the pointer to the last Swarm-uploaded block 
 can be checkpointed to Ethereum
 • In between, keep the manifests chain in the interim storage
 Why not Swarm MRU? Due to possible forks
  • 21. Verifications Composition: • Transaction history is verified segment by segment • Segments are sequentially verified by several fishermen Fishermen: • Are randomly selected from the shared network pool • Verify that preceding validations were autonomous • Do not know if there will be a subsequent validation
  • 22. 1. Download the old state from Swarm 2. Download the transaction history segment 
 from Swarm 3. Replay the transaction history 4. Reach the new state 5. Upload the new state to Swarm 6. Drop the transaction history segment Verification
  • 23. Verification game • Any database transaction may be disputed • Verification game narrows the dispute to a single WebAssembly instruction • Ethereum smart contract repeats the instruction
  • 24. Hybrid approach Speed layer
 Real-time validators Security layer
 Shared fishermen pool Data availability layer
 Swarm Dispute resolution layer
 Ethereum
  • 25. Sharding on a budget • For a misbehaviour to go unnoticed, the shard must be taken and all the fishermen must be malicious • 4 validator nodes in a shard, 3 fishermen nodes: 
 0.00037% risk of shard takeover
 2 orders of magnitude lower than with a naive approach 25
  • 26. Bottomline Real-time validators are stateful and contain only few workers: + Low response latencies + cost efficiency
 – Cartels are possible
 Fishermen are stateless and independent: + Fishermen cartels are not possible
 – Takes time to reach finality
 Swarm decouples the Block Producer from the Finality Gadget: + Independent decentralized storage with data availability guarantees
 + Cost-efficient: no need to store the data forever, redundancy is limited