4

I'm curious what cloud storage systems offer an append only mode, especially open source ones. In particular, would any cloud storage systems support the following workflow :

  • Anonymous users may upload messages/files into identifiable locations which we'll call buckets.
  • All users should have read access to all messages/files, but no anonymous user should have permissions to modify or delete them.
  • Buckets have associated public keys which a moderator uses to authenticate approvals or deletions of uploads.
  • Unapproved messages/files are eventually culled by the system to save space.

There was some discussion about adding append-only access to mutable files (append-caps) to Tahoe-LAFS, but afaik nobody has implemented this yet.

Jeff Burdges
  • 837
  • 5
  • 9

1 Answers1

2

I don't know of any system that already implements this, but it should be pretty straightforward to build it yourself on top of existing cloud providers. You just need to implement the logic to perform the append, read, and moderator operations. If you implement the logic yourself, the backing store could be any existing cloud storage system.

If you also want a way to audit the storage system and (partially) verify its correct operation, you could use various cryptographic techniques. For instance, you could use timestamping and hash chaining methods to enforce the append-only requirement (while nothing can prevent violations of the append-only requirement, timestamping methods offer a way that clients can potentially detect any violations that may occur). Roughly speaking, timestamping methods work as follows: each message includes a hash of the state of the bucket at the time the message was appended to the bucket, and clients remember the latest bucket-hash they've seen. This lets clients efficiently verify that nothing was removed from the bucket compared to the last time they queried its bucket-hash.

P.S. I'm not sure what the last requirement relating to "unapproved messages/files" refers to. I didn't see where you explained how approval works, so I don't know whether there are any ways to externally audit the storage provider's correct implementation of approval functionality.

D.W.
  • 98,420
  • 30
  • 267
  • 572
  • Amusingly FTP provides this solution because it respects unix file permissions, including the sticky bit. lol I'd envisioned something both cryptographically secure and more cloud oriented though, like append-caps for Tahoe-LAFS. – Jeff Burdges Dec 06 '11 at 22:00