A Probabilistic Small Model Theorem to Assess Confidentiality of Dispersed Cloud Storage

  • Marco Baldi
  • Ezio Bartocci
  • Franco Chiaraluce
  • Alessandro Cucchiarelli
  • Linda Senigagliesi
  • Luca Spalazzi
  • Francesco SpegniEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10503)


Recent developments in cloud architectures have originated new models of online storage clouds based on data dispersal algorithms. According to these algorithms the data is divided into several slices that are distributed among remote and independent storage nodes. Ensuring confidentiality in this context is crucial: only legitimate users should access any part of information they distribute among storage nodes.

To the best of our knowledge, the security analysis and assessment of existing solutions always assume homogeneous networks and honest-but-curious nodes as attacker model. We analyze more complex scenarios with heterogeneous network topologies and a passive attacker eavesdropping the channel between user and storage nodes.

We use parameterized Markov Decision Processes to model such a class of systems and Probabilistic Model Checking to assess the likelihood of breaking the confidentiality. Even if, generally speaking, the parameterized model checking is undecidable, in this paper, however, we proved a Small Model Theorem that makes such a problem decidable for the class of models adopted in this work. We discovered that confidentiality is highly affected by parameters such as the number of slices and the number of write and read requests. At design-time, the presented methodology helps to determine the optimal values of parameters affecting the likelihood of a successful attack to confidentiality.



This work is part of the project FCloSe (Federated Cloud Security) funded by the RSA-B 2015 programme of the Università Politecnica delle Marche. Ezio Bartocci is supported by the Austrian National Research Network (nr. S 11405-N23) SHiNE funded by the Austrian Science Fund (FWF).


  1. 1.
    Aminof, B., Kotek, T., Rubin, S., Spegni, F., Veith, H.: Parameterized model checking of rendezvous systems. In: Baldan, P., Gorla, D. (eds.) CONCUR 2014. LNCS, vol. 8704, pp. 109–124. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44584-6_9 Google Scholar
  2. 2.
    Baier, C., Katoen, J.P.: Principles of Model Checking. Springer, Heidelberg (2008)zbMATHGoogle Scholar
  3. 3.
    Baldi, M., Cucchiarelli, A., Senigagliesi, L., Spalazzi, L., Spegni, F.: Parametric and probabilistic model checking of confidentiality in data dispersal algorithms. In: Proceedings of HPCS 2016: International Conference on High Performance Computing and Simulation, pp. 476–483 (2016)Google Scholar
  4. 4.
    Baldi, M., Maturo, N., Montali, E., Chiaraluce, F.: AONT-LT: a data protection scheme for cloud and cooperative storage systems. In: Proceedings of HPCS 2014: International Conference on High Performance Computing and Simulation, pp. 566–571 (2014)Google Scholar
  5. 5.
    Bartocci, E., Grosu, R., Katsaros, P., Ramakrishnan, C.R., Smolka, S.A.: Model repair for probabilistic systems. In: Abdulla, P.A., Leino, K.R.M. (eds.) TACAS 2011. LNCS, vol. 6605, pp. 326–340. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-19835-9_30 CrossRefGoogle Scholar
  6. 6.
    Basin, D.A., Cremers, C., Meadows, C.A.: Model checking security protocols. In: Handbook of Model Checking. Springer, Heidelberg (2017)Google Scholar
  7. 7.
    Bertrand, N., Fournier, P.: Parameterized verification of many identical probabilistic timed processes. In: Proceedings of FSTTCS 2013: The IARCS Annual Conference on Foundations of Software Technology and Theoretical Computer Science, LIPIcs, vol. 24, pp. 501–513 (2013)Google Scholar
  8. 8.
    Bloem, R., Jacobs, S., Khalimov, A., Konnov, I., Rubin, S., Veith, H., Widder, J.: Decidability in parameterized verification. SIGACT News 47(2), 53–64 (2016)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Bowers, K.D., Juels, A., Oprea, A.: Hail: a high-availability and integrity layer for cloud storage. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 187–198. ACM (2009)Google Scholar
  10. 10.
    Chung, J.Y., Joe-Wong, C., Ha, S., Hong, J.W.K., Chiang, M.: Cyrus: towards client-defined cloud storage. In: Proceedings of the 10th European Conference on Computer Systems, p. 17. ACM (2015)Google Scholar
  11. 11.
    Clarke, E.M., Grumberg, O., Long, D.E.: Model checking and abstraction. ACM Trans. Program. Lang. Syst. 16(5), 1512–1542 (1994)CrossRefGoogle Scholar
  12. 12.
    Desmedt, Y.: Threshold cryptosystems. In: Seberry, J., Zheng, Y. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 1–14. Springer, Heidelberg (1993). doi: 10.1007/3-540-57220-1_47 CrossRefGoogle Scholar
  13. 13.
    Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–207 (1983)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Durumeric, Z., Kasten, J., Adrian, D., Halderman, J.A., Bailey, M., Li, F., Weaver, N., Amann, J., Beekman, J., Payer, M., Paxson, V.: The matter of heartbleed. In: Proceedings of the 2014 Internet Measurement Conference, pp. 475–488. ACM (2014)Google Scholar
  15. 15.
    Escobar, S., Meadows, C.A., Meseguer, J.: A rewriting-based inference system for the NRL protocol analyzer and its meta-logical properties. Theor. Comput. Sci. 367(1–2), 162–202 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Georgiev, M., Iyengar, S., Jana, S., Anubhai, R., Boneh, D., Shmatikov, V.: The most dangerous code in the world: validating SSL certificates in non-browser software. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 38–49 (2012)Google Scholar
  17. 17.
    Johnson, T.T., Mitra, S.: A small model theorem for rectangular hybrid automata networks. In: Giese, H., Rosu, G. (eds.) FMOODS/FORTE-2012. LNCS, vol. 7273, pp. 18–34. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-30793-5_2 CrossRefGoogle Scholar
  18. 18.
    Kwiatkowska, M., Norman, G., Parker, D.: PRISM 4.0: verification of probabilistic real-time systems. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 585–591. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-22110-1_47 CrossRefGoogle Scholar
  19. 19.
    Legay, A., Delahaye, B., Bensalem, S.: Statistical model checking: an overview. In: Barringer, H., et al. (eds.) RV 2010. LNCS, vol. 6418, pp. 122–135. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-16612-9_11 CrossRefGoogle Scholar
  20. 20.
    Lengál, O., Lin, A.W., Majumdar, R., Rümmer, P.: Fair termination for parameterized probabilistic concurrent systems. In: Legay, A., Margaria, T. (eds.) TACAS 2017. LNCS, vol. 10205, pp. 499–517. Springer, Heidelberg (2017). doi: 10.1007/978-3-662-54577-5_29 CrossRefGoogle Scholar
  21. 21.
    Lenzini, G., Mauw, S., Ouchani, S.: Security analysis of socio-technical physical systems. Comput. Electr. Eng. 47, 258–274 (2015)CrossRefGoogle Scholar
  22. 22.
    Li, M., Qin, C., Li, J., Lee, P.P.: CDstore: toward reliable, secure, and cost-efficient cloud storage via convergent dispersal. IEEE Internet Comp. 20(3), 45–53 (2016)CrossRefGoogle Scholar
  23. 23.
    Li, Y., Pang, J.: Formalizing provable anonymity in Isabelle/HOL. Formal Aspects Comput. 27(2), 255–282 (2015)MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    Merani, M.L., Barcellona, C., Tinnirello, I.: Multi-cloud privacy preserving schemes for linear data mining. In: Proceedings of ICC 2015: IEEE International Conference on Communications, pp. 7095–7101 (2015)Google Scholar
  25. 25.
    Ouchani, S., Debbabi, M.: Specification, verification, and quantification of security in model-based systems. Computing 97(7), 691–711 (2015)MathSciNetCrossRefGoogle Scholar
  26. 26.
    Pagliarecci, F., Spalazzi, L., Spegni, F.: Model checking grid security. Fut. Gener. Comput. Syst. 29(3), 811–827 (2013)CrossRefGoogle Scholar
  27. 27.
    Panti, M., Spalazzi, L., Tacconi, S., Valenti, S.: Automatic verification of security in payment protocols for electronic commerce. In: ICEIS 2002, Proceedings of the 4th International Conference on Enterprise Information Systems, pp. 968–974 (2002)Google Scholar
  28. 28.
    Pei, G., Henderson, T.: Validation of OFDM error rate model in ns-3 (2010).
  29. 29.
    Resch, J., Plank, J.: AONT-RS: blending security and performance in dispersed storage systems. In: Proceedings 9th FAST Conference (2011)Google Scholar
  30. 30.
    Seidel, S.Y., Rappaport, T.S.: 914 MHz path loss prediction models for indoor wireless communications in multifloored buildings. IEEE Trans. Microwave Theory Tech. 40(2), 202–217 (1992)CrossRefGoogle Scholar
  31. 31.
    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRefzbMATHGoogle Scholar
  32. 32.
    Shen, L., Feng, S., Sun, J., Li, Z., Wang, G., Liu, X.: CloudS: a multi-cloud storage system with multi-level security. In: Wang, G., Zomaya, A., Perez, G.M., Li, K. (eds.) ICA3PP 2015. LNCS, vol. 9530, pp. 703–716. Springer, Cham (2015). doi: 10.1007/978-3-319-27137-8_51 CrossRefGoogle Scholar
  33. 33.
    Shmatikov, V.: Probabilistic analysis of an anonymity system. J. Comput. Secur. 12(3–4), 355–377 (2004)CrossRefzbMATHGoogle Scholar
  34. 34.
    Spalazzi, L., Spegni, F.: Parameterized model-checking of timed systems with conjunctive guards. In: Giannakopoulou, D., Kroening, D. (eds.) VSTTE 2014. LNCS, vol. 8471, pp. 235–251. Springer, Cham (2014). doi: 10.1007/978-3-319-12154-3_15 Google Scholar
  35. 35.
    Strunk, A., Mosch, M., Groß, S., Thoß, Y., Schill, A.: Building a flexible service architecture for user controlled hybrid clouds. In: Proceedings of the 2012 Seventh International Conference on Availability, Reliability and Security (ARES), pp. 149–154. IEEE (2012)Google Scholar
  36. 36.
    Tang, H., Liu, F., Shen, G., Jin, Y., Guo, C.: Unidrive: synergize multiple consumer cloud storage services. In: Proceedings of the 16th Annual Middleware Conference, pp. 137–148. ACM (2015)Google Scholar
  37. 37.
    Yang, F., Yang, G., Hao, Y.: The modeling library of eavesdropping methods in quantum cryptography protocols by model checking. Int. J. Theor. Phys. 55(7), 3414–3427 (2016)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Marco Baldi
    • 1
  • Ezio Bartocci
    • 2
  • Franco Chiaraluce
    • 1
  • Alessandro Cucchiarelli
    • 1
  • Linda Senigagliesi
    • 1
  • Luca Spalazzi
    • 1
  • Francesco Spegni
    • 1
    Email author
  1. 1.Università Politecnica delle MarcheAnconaItaly
  2. 2.TU WienViennaAustria

Personalised recommendations