How to Subvert LOCKSS and What the LOCKSSmith Can Do About It

Bryan Parno

Abstract

The LOCKSS (Lots Of Copies Keep Stuff Safe) project allows libraries to store and preserve electronic journals and other archival information through a system of inexpensive computers arranged in an ad-hoc peer-to-peer network. We develop a more accurate view of how the system will perform over time by simulating the system’s behavior using a dynamic model in which peers can be subverted and repaired. This reveals certain systemic vulnerabilities not apparent in our static simulations, so we propose and evaluate countermeasures. One technique, Ripple Healing, performs remarkably well. We also propose and evaluate an alternate model based on the system administrators in the system. Finally, we develop a mathematical model of the stealth-modification adversary’s attempts to modify system content while avoiding detection. This model allows us to improve our predictions of his behavior and analyze methods for thwarting his success.

Details

Publication typeMiscellaneous
> Publications > How to Subvert LOCKSS and What the LOCKSSmith Can Do About It