Devising Secure Sockets Layer-Based Distributed Systems: A Performance-Aware Approach Norman Lim, Shikharesh Majumdar,Vineet Srivastava, Dept. of Systems.

Slides:

Advertisements

Similar presentations

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST

Advertisements

EE:450 – Computer Networks

Adders Used to perform addition, subtraction, multiplication, and division (sometimes) Half-adder adds rightmost (least significant) bit Full-adder.

Institute for Cyber Security

Dynamic Power Redistribution in Failure-Prone CMPs Paula Petrica, Jonathan A. Winter * and David H. Albonesi Cornell University *Google, Inc.

Cognitive Radio Communications and Networks: Principles and Practice By A. M. Wyglinski, M. Nekovee, Y. T. Hou (Elsevier, December 2009) 1 Chapter 12 Cross-Layer.

1 Chapter 40 - Physiology and Pathophysiology of Diuretic Action Copyright © 2013 Elsevier Inc. All rights reserved.

Reconsidering Reliable Transport Protocol in Heterogeneous Wireless Networks Wang Yang Tsinghua University 1.

eClassifier: Tool for Taxonomies

1 Probability and the Web Ken Baclawski Northeastern University VIStology, Inc.

1 RXQ Customer Drop Submitted by Supplier Process Flow Diagram Customer Supplier Distribution Company Supplier sends Drop Request to Distribution.

REQ Drop from Demand Response Programs Process Flow Retail Customer Demand Response Service Provider (DRSP) Distribution Company 1 Drop Request.

Energy-Efficient Distributed Algorithms for Ad hoc Wireless Networks Gopal Pandurangan Department of Computer Science Purdue University.

and 6.855J Cycle Canceling Algorithm. 2 A minimum cost flow problem , $4 20, $1 20, $2 25, $2 25, $5 20, $6 30, $

1 The Case for Heterogeneous Wireless MACs Chun-cheng Chen Haiyun Luo Dept. of Computer Science, UIUC.

Designing Services for Grid-based Knowledge Discovery A. Congiusta, A. Pugliese, Domenico Talia, P. Trunfio DEIS University of Calabria ITALY

ALGEBRAIC EXPRESSIONS

DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

MULTIPLYING MONOMIALS TIMES POLYNOMIALS (DISTRIBUTIVE PROPERTY)

ADDING INTEGERS 1. POS. + POS. = POS. 2. NEG. + NEG. = NEG. 3. POS. + NEG. OR NEG. + POS. SUBTRACT TAKE SIGN OF BIGGER ABSOLUTE VALUE.

MULTIPLICATION EQUATIONS 1. SOLVE FOR X 3. WHAT EVER YOU DO TO ONE SIDE YOU HAVE TO DO TO THE OTHER 2. DIVIDE BY THE NUMBER IN FRONT OF THE VARIABLE.

SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION

MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

1 9 Moving to Design Lecture Analysis Objectives to Design Objectives Figure 9-2.

Xia Zhou*, Stratis Ioannidis ♯, and Laurent Massoulié + * University of California, Santa Barbara ♯ Technicolor Research Lab, Palo Alto + Technicolor Research.

Multipath Routing for Video Delivery over Bandwidth-Limited Networks S.-H. Gary Chan Jiancong Chen Department of Computer Science Hong Kong University.

Evaluating Window Joins over Unbounded Streams Author: Jaewoo Kang, Jeffrey F. Naughton, Stratis D. Viglas University of Wisconsin-Madison CS Dept. Presenter:

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

SIMS-201 The Telephone System Wired and Wireless.

Pushing the limits of CAN - Scheduling frames with offsets provides a major performance boost Nicolas NAVET INRIA / RealTime-at-Work

1 RAID Overview n Computing speeds double every 3 years n Disk speeds cant keep up n Data needs higher MTBF than any component in system n IO.

HyLog: A High Performance Approach to Managing Disk Layout Wenguang Wang Yanping Zhao Rick Bunt Department of Computer Science University of Saskatchewan.

Foundations of Chapter M A R K E T I N G Copyright © 2003 by Nelson, a division of Thomson Canada Limited. Understanding Pricing 13.

INTRODUCTION TO SIMULATION WITH OMNET++ José Daniel García Sánchez ARCOS Group – University Carlos III of Madrid.

1 Sizing the Streaming Media Cluster Solution for a Given Workload Lucy Cherkasova and Wenting Tang HPLabs.

O X Click on Number next to person for a question.

ICS 434 Advanced Database Systems

1 Directed Depth First Search Adjacency Lists A: F G B: A H C: A D D: C F E: C D G F: E: G: : H: B: I: H: F A B C G D E H I.

A Comparison of HTTP and HTTPS Performance Arthur Goldberg, Robert Buff, Andrew Schmitt [artg, buff, Computer Science Department Courant.

On Construction of Rate-Compatible Low-Density Parity-Check (RC-LDPC) Codes by Mohammadreza Yazdani and Amir H. Banihashemi Department of Systems and Computer.

Routing and Congestion Problems in General Networks Presented by Jun Zou CAS 744.

A Graduate Course on Multimedia Technology 3. Multimedia Communication © Wolfgang Effelsberg Media Scaling and Media Filtering Definition of.

Past Tense Probe. Past Tense Probe Past Tense Probe – Practice 1.

Submission doc.: IEEE 11-14/0868r0 July 2014 Johan Söder, Ericsson ABSlide 1 UL & DL DSC and TPC MAC simulations Date: Authors:

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

Addition 1’s to 20.

25 seconds left…...

EC-111 Algorithms & Computing Lecture #11 Instructor: Jahan Zeb Department of Computer Engineering (DCE) College of E&ME NUST.

Test B, 100 Subtraction Facts

11 = This is the fact family. You say: 8+3=11 and 3+8=11

Chapter 10: The Traditional Approach to Design

Systems Analysis and Design in a Changing World, Fifth Edition

11 Simple Things You Can Do Next Week to Make More Money Selling SSL Bob Angus, VeriSign.

O X Click on Number next to person for a question.

Software-supported Development of Optical Components Matthias Haupt Software-supported Development of Optical Components 2007 AutoOptics Short Course at.

A Non-Blocking Join Achieving Higher Early Result Rate with Statistical Guarantees Shimin Chen* Phillip B. Gibbons* Suman Nath + *Intel Labs Pittsburgh.

Excel Lesson 16 Protecting, Tracking, and Sharing Workbooks Microsoft Office 2010 Advanced Cable / Morrison 1.

Hydrological information systems Svein Taksdal Head of section, Section for Hydroinformatics Hydrology department Norwegian Water Resources and Energy.

Company LOGO F OUNTAIN C ODES, LT C ODES AND R APTOR C ODES Susmita Adhikari Eduard Mustafin Gökhan Gül.

Traversing symmetric NAT with predictable port allocation function SIN 2014 Dušan Klinec, Vashek Matyáš Faculty of Informatics, Masaryk University.

Delay Analysis and Optimality of Scheduling Policies for Multihop Wireless Networks Gagan Raj Gupta Post-Doctoral Research Associate with the Parallel.

Peter Key, Laurent Massoulie, Don Towsley Infocom 07 presented by Park HoSung 1 Path selection and multipath congestion control.

HEALTHCARE INFORMATION SERVICES TESTBED THROUGH CONTENT CENTRIC NETWORK: A PROTOTYPE Advisor: Asst.Prof.Dr.Panjai Tantatsanawong Presented by: Prasertsak.

Quickest path and Quickest routing: A dynamic routing method Research Topic: Jiang, XidongMS candidate in computer science at California State University,

1 Secure Cooperative MIMO Communications Under Active Compromised Nodes Liang Hong, McKenzie McNeal III, Wei Chen College of Engineering, Technology, and.

Multimedia Retrieval Architecture Electrical Communication Engineering, Indian Institute of Science, Bangalore – , India Multimedia Retrieval Architecture.

Hybrid Cloud Architecture for Software-as-a-Service Provider to Achieve Higher Privacy and Decrease Securiity Concerns about Cloud Computing P. Reinhold.

Presentation transcript:

Devising Secure Sockets Layer-Based Distributed Systems: A Performance-Aware Approach Norman Lim, Shikharesh Majumdar,Vineet Srivastava, Dept. of Systems and Computer Engineering,Cistech Limited, Carleton University,Ottawa, Canada Ottawa, Canada

Presentation Outline  Motivation and Proposed Solution  Additional Performance Optimizations –PO1: Multiple Channels –PO2: Batching  Performance Evaluation  Conclusions and Future Work 2 Department of Systems and Computer Engineering

Motivation  In a distributed environment, exchanging documents containing sensitive information is common.  The state of the art: Transmit the entire document over a secure channel.  Problem: Can result in long document transmission times due to CPU-intensive operations (e.g. encryption/decryption) used by security protocols.  However, some documents can contain both sensitive and non-sensitive components –E.g., Document containing a patient’s medical history –Secure components (that can identify the person) –Non-Secure components 3 Department of Systems and Computer Engineering

Proposed Solution Department of Systems and Computer Engineering 4  A performance enhancement technique called Security Sieve, is proposed.  Security sieve uses selective security which is based on two performance optimization principles: –Processing vs. Frequency principle –Centering principle

MS Word Macro Department of Systems and Computer Engineering

Additional Performance Optimizations  Along with basic security sieve, two other performance optimizations (POs) are introduced:  PO1: Adds multiple channels to achieve concurrent data transmission –Based on parallel processing principle  PO2: Batches multiple document transfer requests that have the same destination –Based on batching principle 6 Department of Systems and Computer Engineering

Split/Combine Algorithms 7 Department of Systems and Computer Engineering  Even Split/Combine (ES) –Evenly divides data among the channels  Segment Split/Combine (SS) –Distributes entire text segments

Combining PO1 and PO2  Combining PO1 and PO2, requires dividing the batch data lists (containing data for multiple files) into multiple sub-batch data lists.  Batch File Split/Combine (BFS)  Batch Even Split/Combine (BES)  Batch Segment Split/Combine (BSS) Department of Systems and Computer Engineering 8

Performance Analysis of Security Sieve: Sample Results  Performance Metric: Total Time: –Data transfer Time (Response Time) –Sieving and integration Times  Effect of P –Proportion of data corresponding to the secure components  When P is less than approximately 95% the security sieve system starts outperforming the secure-only system. 9 Department of Systems and Computer Engineering

Evaluation of PO1: Multiple Channels  For the 1MB file, the mean total time increases, as the number of channels increases.  For the 10MB file, the lowest total time is achieved when using two channels. 10

Comparison of ES and SS Algorithm  The ES algorithm starts to outperform the SS algorithm when proportion of non- secure data is less than 40%  For all other values, the SS- based system has slightly lower response times because the split/combine times are lower. Department of Systems and Computer Engineering 11

Evaluation of PO2: Batching  PO2 is evaluated when a stream of file transfer requests arrives (following a Poisson process).  At higher λ, batching becomes more effective.  At low λ, system without batching displays higher performance. Department of Systems and Computer Engineering 12

Conclusions  Security sieve, a performance enhancement technique for improving the performance of transferring documents containing both sensitive and non-sensitive components  Performance measurements made on the prototype demonstrates the effectiveness of the security sieve technique.  Evaluation of PO1: Using multiple channels is effective in reducing response times but only when enough data is transferred  Evaluation of PO2: Batching is most effective at higher arrival rates. 13 Department of Systems and Computer Engineering

Future Work  Development of a tool that searches a document and automatically marks the confidential data warrant further investigation.  Such a technique can be based on a user provided list of keywords and/or phrases that are associated with confidential information. 14 Department of Systems and Computer Engineering

Evaluation of Combining PO1 and PO2  When using the BSS and BES algorithm we observe that the mean total times are nearly identical.  When the BFS algorithm is used, the mean total time is higher, especially for medium and high values of x. Department of Systems and Computer Engineering 15

Security Sieve Algorithms  Sieve Algorithm 16 Department of Systems and Computer Engineering

Security Sieve Algorithms Cont’d  Integration Algorithm 17 Department of Systems and Computer Engineering

Performance Evaluation  Evaluation of Security Sieve Technique –Effect of changing proportion of classified information, P –Effect of changing the file size, x  Evaluation of PO1 –Single channel vs. Multiple channels –Comparison of ES and SS  Evaluation of PO2 –Batching multiple file transfer requests vs. sending files one at a time  Evaluation of Combining PO1 and PO2 –Comparison of BES, BSS, and BFS 18 Department of Systems and Computer Engineering