SecureMR: A Service Integrity Assurance Framework for MapReduce Wei Wei, Juan Du, Ting Yu, Xiaohui Gu North Carolina State University, United States Annual.

Slides:

Advertisements

Similar presentations

Network Security Chapter 1 - Introduction.

Advertisements

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

MapReduce Online Created by: Rajesh Gadipuuri Modified by: Ying Lu.

MapReduce Online Veli Hasanov Fatih University.

Developing a MapReduce Application – packet dissection.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 10 09/15/2011 Security and Privacy in Cloud Computing.

TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P Systems Aameek Singh and Ling Liu Presented by: Korporn Panyim.

Chapter 1 – Introduction

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Sec final project A Preposition Secret Sharing Scheme for Message Authentication in Broadcast Networks 王怡君.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.

8.1 Learning Objectives To become familiar with the range of security threats faced by networked and distributed systems (DSs); To examine various cryptographic.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Applied Cryptography for Network Security

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Introduction (Pendahuluan)  Information Security.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]

Advanced Topics: MapReduce ECE 454 Computer Systems Programming Topics: Reductions Implemented in Distributed Frameworks Distributed Key-Value Stores Hadoop.

Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus

Cryptanalysis of Two Dynamic ID-based Authentication

Cryptography and Network Security

Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 6 03/22/2010 Security and Privacy in Cloud Computing.

Location-aware MapReduce in Virtual Cloud 2011 IEEE computer society International Conference on Parallel Processing Yifeng Geng1,2, Shimin Chen3, YongWei.

Yongzhi Wang, Jinpeng Wei VIAF: Verification-based Integrity Assurance Framework for MapReduce.

SecureMR: A Service Integrity Assurance Framework for MapReduce Author: Wei Wei, Juan Du, Ting Yu, Xiaohui Gu Source: Annual Computer Security Applications.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Shambhu Upadhyaya 1 Ad Hoc Networks Routing Security Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 19)

Optimizing Cloud MapReduce for Processing Stream Data using Pipelining 作者 :Rutvik Karve ， Devendra Dahiphale ， Amit Chhajer 報告 : 饒展榕.

Security Mechanisms for Distributed Computing Systems A9ID1007, Xu Ling Kobayashi Laboratory GSIS, TOHOKU UNIVERSITY 2011/12/15 1.

Cryptography and Network Security (CS435) Part One (Introduction)

Bi-Hadoop: Extending Hadoop To Improve Support For Binary-Input Applications Xiao Yu and Bo Hong School of Electrical and Computer Engineering Georgia.

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.

Optimizing Cloud MapReduce for Processing Stream Data using Pipelining 2011 UKSim 5th European Symposium on Computer Modeling and Simulation Speker : Hong-Ji.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

1 Security for distributed wireless sensor nodes Ingrid Verbauwhede Department of Electrical Engineering University of California Los Angeles

MROrder: Flexible Job Ordering Optimization for Online MapReduce Workloads School of Computer Engineering Nanyang Technological University 30 th Aug 2013.

Dynamic Slot Allocation Technique for MapReduce Clusters School of Computer Engineering Nanyang Technological University 25 th Sept 2013 Shanjiang Tang,

1 Privacy Aware Incentive Mechanism to Collect Mobile Data While Preventing Duplication Junggab Son*, Donghyun Kim*, Rasheed Hussain**, Sung-Sik Kwon*,

Security Issues in Distributed Sensor Networks Yi Sun Department of Computer Science and Electrical Engineering University of Maryland, Baltimore County.

IBM Research ® © 2007 IBM Corporation Introduction to Map-Reduce and Join Processing.

SOSP 2007 © 2007 Andreas Haeberlen, MPI-SWS 1 Practical accountability for distributed systems Andreas Haeberlen MPI-SWS / Rice University Petr Kuznetsov.

CSE 548 Advanced Computer Network Security Trust in MobiCloud using Hadoop Framework Updates Sayan Kole Jaya Chakladar Group No: 1.

TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P System Aameek Singh, Ling Liu College of Computing, Georgia Tech International.

Network Security Introduction

INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

Network Security Celia Li Computer Science and Engineering York University.

MapReduce Basics Chapter 2 Lin and Dyer & /tutorial/

1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.

International Conference Security in Pervasive Computing(SPC’06) MMC Lab. 임동혁.

Security Review Q&A Session May 1. Outline  Class 1 Security Overview  Class 2 Security Introduction  Class 3 Advanced Security Constructions  Class.

By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.

Key Generation Protocol in IBC Author ： Dhruti Sharma and Devesh Jinwala 論文報告 2015/12/24 董晏彰 1.

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

By: Joel Dominic and Carroll Wongchote 4/18/2012.

Presentation transcript:

SecureMR: A Service Integrity Assurance Framework for MapReduce Wei Wei, Juan Du, Ting Yu, Xiaohui Gu North Carolina State University, United States Annual Computer Security Applications Conference

Outline 1. Introduction 2. Background 3. System Model 4. System Design 5. Analysis 6. Evaluation 7. Conclusion and Future Work 2

1. Introduction  about MapReduce  A parallel data processing model  about communication security threats  Eavesdropping attacks  Replay attacks  Denial of Service (DoS) attacks  about Replication-based techniques 3

1. Introduction (cont.)  about SecureMR  A decentralized replication-based integrity verification scheme  Ensuring the integrity of MapReduce in open systems  A prototype of SecureMR based on Hadoop 4

2. Background  The data processing model of MapReduce is composed of three types of entities: a distributed file system (DFS), a master and workers.  MapReduce can be divided into two phases: i) a map phase ii) a reduce phase 5

2. Background (cont.) 6

3. System Model  MapReduce in Open Systems  The entities in MapReduce come from different domains  The communications and data transferred among entities are through public networks  SecureMR focus on protecting the service integrity for MapReduce 7

3. System Model (cont.)  Assumptions 1. A public/private key pair associated with a unique worker identifier 2. The master is trusted, but workers are not necessarily trusted 3. A good worker is honest and always returns the correct result for its task 4. The DFS for MapReduce provides data integrity protection 5. If a worker is good, then others cannot tamper its data 8

3. System Model (cont.)  Attack Models  Giving a wrong result without computation or tamper the intermediate result to mess up the final result  DoS, Replay attacks, Eavesdropping  Non-collusive malicious behavior  Collusive malicious behavior 9

4. System Design  Architecture Design 10

4. System Design (cont.)  Communication Design 11

Signed and Encrypts  Public-key cryptography from wikipediawikipedia 12

4. System Design (cont.)  Commitment Protocol 13

4. System Design (cont.)  Verification Protocol 14

4. System Design (cont.)  SecureMR Extension  An additional phase called Verify phase 15

5. Analysis  Security Analysis  An inconsistency between results returned by different mappers that are assigned the same task  An inconsistency between the commitment and the result generated by a mapper 16

5. Analysis (cont.)  No False Alarm  For any inconsistency detected by SecureMR, it must happen between good and bad mappers, between bad mappers or on a bad mapper  Non-Repudiation  For any inconsistency that can be observed by a good reducer or the master, SecureMR can detect it and present evidence to prove it 17

5. Analysis (cont.)  Attacker Behavior Analysis  Periodical Attackers  Strategic Attackers  Definition  D rate, detection rate  l, jobs  one master, n workers, m malicious workers (m < n)  b, number of blocks  p b, the percentage of blocks that will be duplicated in each job  b · p b, the number of duplicated blocks 18

5. Analysis (cont.)  Periodical attackers without collusion 19

5. Analysis (cont.)  Periodical attackers with collusion  P(B i ) denote the probability that a block will be duplicated i times  P(D) denote the probability that the inconsistency caused by the misbehavior of a malicious mapper will be detected. 20

5. Analysis (cont.)  Strategic attackers  P(F) denote the probability that the intermediate result that reducers receive is tampered 21

5. Analysis (cont.)  Naive task scheduling algorithm  Commitment-based task scheduling algorithm  Launching the duplicates of a task only after the task has been committed. 22

6. Evaluation  Experiment Setup  14 hosts provided by Virtual Computing Lab  Hadoop Distributed File System (HDFS) is also deployed  11 hosts as workers that offer MapReduce services and one host as a master  HDFS uses 13 nodes, not including the master host  2.66GHz Intel Intel(R) Core(TM) 2 Duo, Ubuntu Linux 8.04, Sun JDK 6 and Hadoop 0.19  Hadoop WordCount application 23

6. Evaluation (cont.)  Performance Analysis 24

6. Evaluation (cont.) 25

6. Evaluation (cont.) 26

7. Conclusion and Future Work  SecureMR, a practical service integrity assurance framework for MapReduce.  It is impossible to detect any inconsistency when all duplicated tasks are processed by a collusive group 27