Check out the new USENIX Web site. next up previous
Next: Background Up: POST: A secure, resilient, Previous: POST: A secure, resilient,


Introduction

Messaging systems like traditional email and news, as well as instant messaging, shared calendars and bulletin boards, are among the most successful and widely used distributed applications. Today, these services are implemented in the client-server model. Messages are stored on and routed through dedicated servers, each hosting a set of user accounts. This partial centralization limits availability, because a failure or attack on a server denies service to the users it supports. Also, substantial infrastructure, maintenance and administration costs are required to scale to large numbers of users. This is true in particular for semantically rich, complex messaging systems like Microsoft Exchange and Lotus Notes.

POST is a cooperative infrastructure that utilizes the untapped resources of users' desktops to provide messaging services. Unlike server-based systems, POST is self-scaling: the addition of new user desktops and periodic upgrades of existing desktops implicitly add more resources, thus balancing increased demands on the service due to additional users and new features. POST does not present a single point of failure or attack, and is thus potentially more resilient than server-based systems. Finally, the self-organizing properties of POST promise reduced system administration costs.

POST provides three basic services to applications: (1) persistent single-copy message storage, (2) metadata based on single-writer logs, and (3) event notification. A wide range of messaging applications can be constructed on top of POST using these services.

POST is built upon a structured p2p overlay network, providing it scalability, resilience and self-organization. Users contribute resources to the POST system (CPU, disk space, network bandwidth), and in return, they are able to utilize its services. POST assumes that participating nodes can suffer byzantine failures. Stronger failure assumptions may be unrealistic, even in scenarios where participating hosts belong to a single organization, because a single compromised node could disrupt critical messaging services or disclose confidential messages.

In this paper, we sketch the design of POST, and then describe how a cooperative, secure email system can be built using POST. Unlike conventional email services, our ePOST system provides secure email services by default and requires no dedicated servers. Furthermore, due to its strong sender authentication, ePOST makes efficient spam defense easier. We chose email as the initial application for POST because it is well understood, and because its high availability, reliability and security demands make it a challenging driver for POST and p2p systems in general.

The remainder of this paper is organized as follows. Section 2 provides background information on Pastry, PAST, and Scribe. Section 3 sketches the design of the POST infrastructure. In Section 4, we sketch the design of a cooperative email system as an example POST application. Section  5 discusses integrating ePOST with existing email systems. Section 6 outlines related work, and Section 7 concludes.


next up previous
Next: Background Up: POST: A secure, resilient, Previous: POST: A secure, resilient,