1. Milestone 1 Workshop in Information Security – Distributed Databases Project Access Control Security vs. Performance By: Yosi Barad, Ainat Chervin and Ilia Oshmiansky 1 Project web site: http://infosecdd.yolasite.comhttp://infosecdd.yolasite.com

2. Milestone 1: 2 Install and run CassandraInstall and run YCSB++Initial testing of CassandraRun benchmark testsInstall Accumulo Our Plan:

3. We have installed Cassandra on the lab computers Plan Step: 3 Install and run Cassandra

4. Cassandra database is configured and capable to run in 2 different modes: 1) One cluster consisting of one node which manages all the keys and values in the database. 2) One cluster consisting of two nodes which share the keys values and they manage and store 50% of the database each. Plan Step: 4 Install and run Cassandra

5. We have installed and built the YCSB++ source code We used YCSB++ with the "basic" database configuration supplied,in order to test the benchmark framework Plan Step: 5 Install and run YCSB++

6. We used Cassandra client shell in order to create keyspaces, column families, add a column within a family and for storing and retrieving key names and values. Cassandra supplies statistics for these manual operations so we could get the idea of how much time each operation consumes. Plan Step: 6 Initial testing of Cassandra

7. We used Cassandra-10 client binding supplied by the YCSB++ database in order to connect to the Cassandra database. We ran some core benchmark tests and the results are further detailed later on in this document. Plan Step: 7 Connect YCSB++ to Cassandra and run benchmark tests

8. First we ran the tests from one client pc to a Cassandra server consisting of a single node. Next we added another Cassandra node and re-conducted the same tests. Plan Step: 8 Connect YCSB++ to Cassandra and run benchmark tests

9. We ran the tests for these reasons: 1.Establish a baseline by which future results (post implementation of cell level ACL) will be judged. 2.Establish the maximal throughput of Cassandra on a single node. 3.Compare the performance of a Cassandra with one node to Cassandra with two node. Plan Step: 9 Connect YCSB++ to Cassandra and run benchmark tests

10. We created several scripts to automate the test. For example script that would: 1) run all the different workloads YCSB++ offers with different numbers of threads 2) Create an output file with the relevant results Plan Step: 10 Automate the testing procedure

11. Plan Step: 11 Automate the testing procedure

12. We used the core workloads that are included with the YCSB installation and ran them all 8 times each. Each time we increased the number of threads. Workload A: Update heavy workload - mix of 50/50 reads and writes. Plan Step: 12

13. Workload B: Read mostly workload – This workload has a 95/5 reads/write mix. Plan Step: 13

14. Workload C: Read only - This workload is 100% read. Plan Step: 14

15. Workload D: Read latest workload - In this workload, new records are inserted, and the most recently inserted records are the most popular. Plan Step: 15

16. Workload E: Short ranges - In this workload, short ranges of records are queried, instead of individual records. Plan Step: 16

17. Workload F: Read-modify-write - In this workload, the client will read a record, modify it, and write back the changes. Plan Step: 17

18. We noticed a general degradation in performance regarding the Cassandra 2 nodes configuration We assume it is due to the synchronization overhead between the two nodes. More work has to be done in order to explain these results. (see plans ahead) Plan Step: 18 Connect YCSB++ to Cassandra and run benchmark tests

19. We have installed, configured and ran - apache Zookeeper and apache Hadoop as they are prerequisites for the Accumulo database. We made sure it works by performing several basic operations using the client shell Plan Step: 19 Install Accumulo

20. Progress Compared to Plan: Milestone 1 20 Plan StepStatus Install and run Cassandra Complete Install and run YCSB++ Complete Run some initial manual testing of Cassandra Complete Connect YCSB++ to Cassandra and run benchmark tests Complete Install Accumulo Complete

21. Milestone 1 21 1. Extend our Accumulo and Cassandra setups to include several clusters- This stage is critical in order to get real meaningful test results and for finding security holes in the later stages. Plans for ahead

22. Milestone 1 22 2. Improve our testing environment- This stage includes the following: a)Write our own workloads (with ACL) b)Run several clients simultaneously c)Edit the test configurations according to our test plan (technical details) Plans for ahead

23. Milestone 1 23 d)Run diverse tests to understand the limiting factors in each test (might be the testing equipment, CPU-time, disk I/O, network limitations, synchronization overhead between nodes and much more). and if possible - change the setup to eliminate this limiting factor. e)Analyze the CPU and disk usage of the machines to understand the results better. Plans for ahead

24. Milestone 1 24 3. Get into the Cassandra code and start the cell-level ACL implementation- There are two main options: a)Sending JSON strings as part of the HTTP requests then storing them in Cassandra. Plans for ahead

25. Milestone 1 25 b)Adding simple strings like: "(Alice, rx) (Bob, rwxo) (Charlie, rx)..." we can store in Cassandra as is and when Alice will try to read a file from Cassandra we will check that the ACL allows her to do so. Plans for ahead

26. We managed to complete the milestone as planned Moreover, we succeeded in extending the system to two nodes. This is quite a breakthrough given the difficulties we experienced with the installations. And it brings us that much closer to achieving the goal in milestone#2, which is running a system consisting of several clusters. Milestone 1 26 Overall