- To what degree should security and access control be built into the RAMCloud system?
- What level of network security is needed?
- Should every packet be encrypted?
- Can assume that all packets originate and terminate with in the same datacenter
- This issue relates closely to the multi-tenancy issue: there may be applications from mutually-distrustful companies executing in the same datacenter.
- Who are the principals?
- Individual server machine (but BFT too expensive)
- Data servers as a group
- Clients
- Should clients trust data servers?
...
- Probably want access control based on structure of keys. E.g.,
keys could be <application-id, opaque-bits>, where each
application-id has an ACL of addresses allowed access.
- Probably want access control based on structure of keys. E.g.,
- But that makes it hard to change permissions at a fine granularity
- Might also want delegation--I.e., this third party app can read or
write some of my facebook settings, but this seems much harder to
do without cryptography.
- Might also want delegation--I.e., this third party app can read or
- Also, quotas probably very important in multi-tenancy situation
- Limit amount of space, number of queries, etc.
- When customer goes away, need to delete all of its data--or
possibly archive somewhere then delete.
- When customer goes away, need to delete all of its data--or