On the Optimal Placement of Secure Data Objects over Internet

Secret sharing algorithms have been used for intrusion tolerance, which ensure the confidentiality, integrity and availability of critical information. However, dynamically changing the number of shares in secret sharing schemes can be costly. To achieve performance goals in data accesses, secret sharing can be combined with dynamic replication in a distributed system with varying client access patterns. In this paper, we investigate the problem of optimal allocation of secure data objects that are secret shared and possibly replicated. The system topology we consider consists of two layers. In the upper layer, multiple clusters form a network topology that can be represented by a general graph. The nodes within each cluster also have a topology represented by a general graph. We decompose the share replica allocation problem into two sub-problems, the resident set problem which allocates a subset of shares to clusters, and the -intra-cluster allocation problem which determines the number of share replicas to be allocated and their placements. We develop two different heuristic algorithms for the two sub-problems. The algorithm for the optimal resident set problem has a time complexity of O(n^2 ). An O(n^3 ) algorithm is presented for the intra-cluster allocation problem.