Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 6 03/22/2010 Security and Privacy in Cloud Computing.

Slides:



Advertisements
Similar presentations
Revisiting the efficiency of malicious two party computation David Woodruff MIT.
Advertisements

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 3 02/15/2010 Security and Privacy in Cloud Computing.
Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 8 04/04/2011 Security and Privacy in Cloud Computing.
Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 8 04/11/2011 Security and Privacy in Cloud Computing.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Ranking of security controlling strategies driven by quantitative threat analysis. Tavolo 2: "Big data security evaluation" UNIFI-CNR Nicola Nostro, Andrea.
SecureMR: A Service Integrity Assurance Framework for MapReduce Wei Wei, Juan Du, Ting Yu, Xiaohui Gu North Carolina State University, United States Annual.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.
Tamper-Tolerant Software: Modeling and Implementation International Workshop on Security (IWSEC 2009) October 28-30, 2009 – Toyama, Japan Mariusz H. Jakubowski.
Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.
Slide credits: Ragib Hasan, Johns Hopkins University CS573 Data privacy and security in the cloud.
The Sybil Attack in Sensor Networks: Analysis & Defenses J. Newsome, E. Shi, D. Song and A. Perrig IPSN’04.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 10 09/15/2011 Security and Privacy in Cloud Computing.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 10 09/15/2011 Security and Privacy in Cloud Computing.
Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 11 04/25/2011 Security and Privacy in Cloud Computing.
Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.
Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.
Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 7 03/29/2010 Security and Privacy in Cloud Computing.
Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
NP-Complete Problems Reading Material: Chapter 10 Sections 1, 2, 3, and 4 only.
NP-Complete Problems Problems in Computer Science are classified into
Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.
Design Patterns for Efficient Graph Algorithms in MapReduce Jimmy Lin and Michael Schatz University of Maryland Tuesday, June 29, 2010 This work is licensed.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Analysis of Algorithms CS 477/677
Secure routing for structured peer-to-peer overlay networks (by Castro et al.) Shariq Rizvi CS 294-4: Peer-to-Peer Systems.
SubSea: An Efficient Heuristic Algorithm for Subgraph Isomorphism Vladimir Lipets Ben-Gurion University of the Negev Joint work with Prof. Ehud Gudes.
The community-search problem and how to plan a successful cocktail party Mauro SozioAris Gionis Max Planck Institute, Germany Yahoo! Research, Barcelona.
Lecture 8. Why do we need residual networks? Residual networks allow one to reverse flows if necessary. If we have taken a bad path then residual networks.
Authors: Thomas Ristenpart, et at.
Building a Strong Foundation for a Future Internet Jennifer Rexford ’91 Computer Science Department (and Electrical Engineering and the Center for IT Policy)
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2013 Lecture 3 09/03/2013 Security and Privacy in Cloud Computing.
Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 2 02/01/2010 Security and Privacy in Cloud Computing.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 16 10/11/2011 Security and Privacy in Cloud Computing.
Preserving Link Privacy in Social Network Based Systems Prateek Mittal University of California, Berkeley Charalampos Papamanthou.
Sparse Coding for Specification Mining and Error Localization Runtime Verification September 26, 2012 Wenchao Li, Sanjit A. Seshia University of California.
Ahsanul Haque *, Swarup Chandra *, Latifur Khan * and Charu Aggarwal + * Department of Computer Science, University of Texas at Dallas + IBM T. J. Watson.
SecureMR: A Service Integrity Assurance Framework for MapReduce Author: Wei Wei, Juan Du, Ting Yu, Xiaohui Gu Source: Annual Computer Security Applications.
Adaptive CSMA under the SINR Model: Fast convergence using the Bethe Approximation Krishna Jagannathan IIT Madras (Joint work with) Peruru Subrahmanya.
Ahsanul Haque *, Swarup Chandra *, Latifur Khan * and Michael Baron + * Department of Computer Science, University of Texas at Dallas + Department of Mathematical.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 4 09/10/2013 Security and Privacy in Cloud Computing.
Collusion-Resistance Misbehaving User Detection Schemes Speaker: Jing-Kai Lou 2015/10/131.
New Cryptographic Techniques for Active Networks Sandra Murphy Trusted Information Systems March 16, 1999.
Bi-Hadoop: Extending Hadoop To Improve Support For Binary-Input Applications Xiao Yu and Bo Hong School of Electrical and Computer Engineering Georgia.
Scalable Distributed Service Integrity Attestation for Software-as-a-Service Clouds.
Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme
Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)
NP-COMPLETE PROBLEMS. Admin  Two more assignments…  No office hours on tomorrow.
NP-Complete problems.
Exploiting Group Recommendation Functions for Flexible Preferences.
NP-Complete Problems Algorithm : Design & Analysis [23]
Khalid Belhajjame 1, Paolo Missier 2, and Carole A. Goble 1 1 University of Manchester 2 University of Newcastle Detecting Duplicate Records in Scientific.
Privacy Preserving in Social Network Based System PRENTER: YI LIANG.
Onlinedeeneislam.blogspot.com1 Design and Analysis of Algorithms Slide # 1 Download From
1 Using Network Coding for Dependent Data Broadcasting in a Mobile Environment Chung-Hua Chu, De-Nian Yang and Ming-Syan Chen IEEE GLOBECOM 2007 Reporter.
Mapping/Topology attacks on Virtual Machines
TensorFlow– A system for large-scale machine learning
Independent Cascade Model and Linear Threshold Model
Abstract Major Cloud computing companies have started to integrate frameworks for parallel data processing in their product portfolio, making it easy for.
Probabilistic Data Management
IDENTIFICATION OF DENSE SUBGRAPHS FROM MASSIVE SPARSE GRAPHS
Independent Cascade Model and Linear Threshold Model
Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Kriti shreshtha.
Independent Cascade Model and Linear Threshold Model
Presentation transcript:

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 6 03/22/2010 Security and Privacy in Cloud Computing

Verifying Computations in a Cloud 3/22/2010en Spring 2010 Lecture 6 | JHU | Ragib Hasan2 Scenario User sends her data processing job to the cloud. Clouds provide dataflow operation as a service (e.g., MapReduce, Hadoop etc.) Problem: Users have no way of evaluating the correctness of results

DataFlow Operations 3/22/2010en Spring 2010 Lecture 6 | JHU | Ragib Hasan3 Properties High performance, in-memory data processing Each node performs a particular function Nodes are mostly independent of each other Examples MapReduce, Hadoop, System S, Dryad

How do we ensure DataFlow operation results are correct? 3/22/2010en Spring 2010 Lecture 6 | JHU | Ragib Hasan4 Du et al., RunTest: Assuring Integrity of Dataflow Processing in Cloud Computing Infrastructures, AsiaCCS 2010 Goals To determine the malicious nodes in a DataFlow system To determine the nature of their malicious action To evaluate the quality of output data

Possible Approaches Re-do the computation Check memory footprint of code execution Majority voting Hardware-based attestation Run-time attestation 3/22/2010en Spring 2010 Lecture 6 | JHU | Ragib Hasan5

RunTest: Randomized Data Attestation Idea – For some data inputs, send it along multiple dataflow paths – Record and match all intermediate results from the matching nodes in the paths – Build an attestation graph using node agreement – Over time, the graph shows which node misbehave (always or time-to-time) 3/22/2010en Spring 2010 Lecture 6 | JHU | Ragib Hasan6

Attack Model Data model: – Input deterministic DataFlow (i.e., same input to a function will always produce the same output) – Data processing is stateless (e.g., selection, filtering) Attacker: – Malicious or compromised cloud nodes – Can produce bad results always or some time – Can collude with other malicious nodes to provide same bad result 3/22/2010en Spring 2010 Lecture 6 | JHU | Ragib Hasan7

Attack Model (scenarios) Parameters – b_i = probability of providing bad result – c_i = probability of providing the same bad result as another malicious node Attack scenarios – NCAM: b_i = 1, c_i = 0 – NCPM: 0 < b_i <1, c_i = 0 – FTFC: b_i = 1, c_i = 1 – PTFC: 0< b_i < 1, c_i = 0 – PTPC: 0< b_i < 1, 0 < c_i < 1 3/22/2010en Spring 2010 Lecture 6 | JHU | Ragib Hasan8

Integrity Attestation Graph Definition: – Vertices: Nodes in the DataFlow paths – Edges: Consistency relationships. – Edge weight: fraction of consistent output of all outputs generated from same data items 3/22/2010en Spring 2010 Lecture 6 | JHU | Ragib Hasan9

Consistency Clique Complete subgraph of an attestation graph which has – 2 or more nodes – All nodes always agree with each other (i.e., all edge weights are 1) 3/22/2010en Spring 2010 Lecture 6 | JHU | Ragib Hasan

How to find malicious nodes Intuitions – Honest nodes will always agree with each other to produce the same outputs, given the same data – Number of malicious nodes is less than half of all nodes 3/22/2010en Spring 2010 Lecture 6 | JHU | Ragib Hasan11

Finding Consistency Cliques: BK Algorithm Goal: find the maximal clique in the attestation graph Technique: Apply Bron-Kerbosch algorithm to find the maximal clique(s) (see better example at Wikipedia) Any node not in a maximal clique of size k/2 is a malicious node 3/22/2010en Spring 2010 Lecture 6 | JHU | Ragib Hasan12 Note: BK algorithm is NP-Hard Authors proposed 2 optimizations to make it run quicker

Identifying attack patterns 3/22/2010en Spring 2010 Lecture 6 | JHU | Ragib Hasan13 NCAM PTFC FTFC PTFC/NCPM

Inferring data quality Quality = 1 – (c/n) – where n = total number of unique data items c = total number of duplicated data with inconsistent results 3/22/2010en Spring 2010 Lecture 6 | JHU | Ragib Hasan14

Evaluation Extended IBM System S Experiments: – Detection rate – Sensitivity to parameters – Comparison with majority voting 3/22/2010en Spring 2010 Lecture 6 | JHU | Ragib Hasan15

Evaluation 3/22/2010en Spring 2010 Lecture 6 | JHU | Ragib Hasan16 NCPM (b=0.2, c=0) Different misbehavior probabilities

Discussion Threat model High cost of Bron-Kerbosch algorithm (O(3 n/3 )) Results are for building attestation graphs per function Scalability Experimental evaluation 3/22/2010en Spring 2010 Lecture 6 | JHU | Ragib Hasan17

3/22/201018en Spring 2010 Lecture 6 | JHU | Ragib Hasan Further Reading TPM Reset Attack Halderman et al., Lest We Remember: Cold Boot Attacks on Encryption Keys, USENIX Security 08,

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.