ObliviStore High Performance Oblivious Cloud Storage Emil StefanovElaine Shi

Slides:

Advertisements

Similar presentations

Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,

Advertisements

Serverless Network File Systems. Network File Systems Allow sharing among independent file systems in a transparent manner Mounting a remote directory.

Cache Coherent Distributed Shared Memory. Motivations Small processor count –SMP machines –Single shared memory with multiple processors interconnected.

CS7380: Privacy Aware Computing Oblivious RAM 1. Motivation  Starting from software protection Prevent from software piracy A valid method is using hardware.

EEC-681/781 Distributed Computing Systems Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

OS Fall ’ 02 Performance Evaluation Operating Systems Fall 2002.

University of Pennsylvania 11/21/00CSE 3801 Distributed File Systems CSE 380 Lecture Note 14 Insup Lee.

MetaSync File Synchronization Across Multiple Untrusted Storage Services Seungyeop Han Haichen Shen, Taesoo Kim*, Arvind Krishnamurthy,

RAID-x: A New Distributed Disk Array for I/O-Centric Cluster Computing Kai Hwang, Hai Jin, and Roy Ho.

Take An Internal Look at Hadoop Hairong Kuang Grid Team, Yahoo! Inc

Distributed Data Stores – Facebook Presented by Ben Gooding University of Arkansas – April 21, 2015.

Cloud MapReduce ： a MapReduce Implementation on top of a Cloud Operating System Speaker : 童耀民 MA1G Authors: Huan Liu, Dan Orban Accenture.

Abstract Provable data possession (PDP) is a probabilistic proof technique for cloud service providers (CSPs) to prove the clients' data integrity without.

Computer System Architectures Computer System Software

C-Store: Column Stores over Solid State Drives Jianlin Feng School of Software SUN YAT-SEN UNIVERSITY Jun 19, 2009.

SEDA: An Architecture for Well-Conditioned, Scalable Internet Services

Module 12: Designing High Availability in Windows Server ® 2008.

Oblivious Data Structures Xiao Shaun Wang, Kartik Nayak, Chang Liu, T-H. Hubert Chan, Elaine Shi, Emil Stefanov, Yan Huang 1.

M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.

The HDF Group Multi-threading in HDF5: Paths Forward Current implementation - Future directions May 30-31, 2012HDF5 Workshop at PSI 1.

Course Introduction Andy Wang COP 5611 Advanced Operating Systems.

Identity-Based Secure Distributed Data Storage Schemes.

Enabling Dynamic Data and Indirect Mutual Trust for Cloud Computing Storage Systems.

Chapter 6 Multiprocessor System. Introduction  Each processor in a multiprocessor system can be executing a different instruction at any time.  The.

Building a Parallel File System Simulator E Molina-Estolano, C Maltzahn, etc. UCSC Lab, UC Santa Cruz. Published in Journal of Physics, 2009.

Frontiers in Massive Data Analysis Chapter 3.  Difficult to include data from multiple sources  Each organization develops a unique way of representing.

The Vesta Parallel File System Peter F. Corbett Dror G. Feithlson.

Super computers Parallel Processing By Lecturer: Aisha Dawood.

Fast Crash Recovery in RAMCloud. Motivation The role of DRAM has been increasing – Facebook used 150TB of DRAM For 200TB of disk storage However, there.

CPSC 404, Laks V.S. Lakshmanan1 External Sorting Chapter 13: Ramakrishnan & Gherke and Chapter 2.3: Garcia-Molina et al.

Architecture Models. Readings r Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 m Note: All figures from this book.

Problem-solving on large-scale clusters: theory and applications Lecture 4: GFS & Course Wrap-up.

Privacy Preserving Payments in Credit Networks By: Moreno-Sanchez et al from Saarland University Presented By: Cody Watson Some Slides Borrowed From NDSS’15.

Full and Para Virtualization

Dynamo: Amazon’s Highly Available Key-value Store DAAS – Database as a service.

6.894: Distributed Operating System Engineering Lecturers: Frans Kaashoek Robert Morris

Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud.

Distributed Computing Systems CSCI 6900/4900. Review Definition & characteristics of distributed systems Distributed system organization Design goals.

Load Rebalancing for Distributed File Systems in Clouds.

Using Deduplicating Storage for Efficient Disk Image Deployment Xing Lin, Mike Hibler, Eric Eide, Robert Ricci University of Utah.

Cofax Scalability Document Version Scaling Cofax in General The scalability of Cofax is directly related to the system software, hardware and network.

Taeho Kgil, Trevor Mudge Advanced Computer Architecture Laboratory The University of Michigan Ann Arbor, USA CASES’06.

The Post Windows Operating System

Tom Van Steenkiste Supervisor: Predrag Buncic

Oblivious Parallel RAM: Improved Efficiency and Generic Constructions

Diskpool and cloud storage benchmarks used in IT-DSS

Applying Control Theory to Stream Processing Systems

OblivP2P: An Oblivious Peer-to-Peer Content Sharing System

BD-CACHE Big Data Caching for Datacenters

Hybrid Cloud Architecture for Software-as-a-Service Provider to Achieve Higher Privacy and Decrease Securiity Concerns about Cloud Computing P. Reinhold.

Course Introduction Dr. Eggen COP 6611 Advanced Operating Systems

Andy Wang COP 5611 Advanced Operating Systems

OblivP2P: An Oblivious Peer-to-Peer Content Sharing System

Oblivious RAM: A Dissection and Experimental Evaluation

TaoStore Overcoming Asynchronicity in Oblivious Data Storage

Overview Introduction VPS Understanding VPS Architecture

Unistore: Project Updates

Verifiable Oblivious Storage

CS7380: Privacy Aware Computing

Degree-aware Hybrid Graph Traversal on FPGA-HMC Platform

CLUSTER COMPUTING.

Cooperative Caching, Simplified

Andy Wang COP 5611 Advanced Operating Systems

CS510 - Portland State University

Andy Wang COP 5611 Advanced Operating Systems

DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S

Performance And Scalability In Oracle9i And SQL Server 2000

Database System Architectures

Andy Wang COP 5611 Advanced Operating Systems

Path Oram An Extremely Simple Oblivious RAM Protocol

Presentation transcript:

ObliviStore High Performance Oblivious Cloud Storage Emil StefanovElaine Shi UC Berkeley UMD

Cloud Storage SkyDrive Windows Azure Storage Amazon S3, EBS Dropbox EMC Atmos Mozy iCloud Google Storage

Data Privacy Data privacy is a growing concern. So, many organizations encrypt their data. Encryption is not enough. Access patterns leak sensitive information. E.g., 80% of search queries (Islam et. al)

Oblivious Storage (ORAM) Goal: Conceal access patterns to remote storage. An observer cannot distinguish a sequence of read/write operations from random. Untrusted Cloud Storage Client Read(x) Write(y, data) Read(z)... etc Proposed by Goldreich and Ostrovsky. [GO96, OS97] Recently: [WS08, PR10, GM10, GMOT11, BMP11, SCSL11, SSS12, GMOT12, KLO12, WR12, LPMRS13, … ]

Client ORAM Node Oblivious Load Balancer Hybrid Cloud Private Cloud (trusted) (e.g., corporate cloud) Public Cloud (untrusted) lightweight (stores 0.25% of data) heavyweight (offers scalability)

Client Trusted Hardware in the Cloud few machines with trusted hardware entire storage system untrusted ORAM Node Oblivious Load Balancer networking untrusted

Contributions Built end-to-end oblivious storage system. – Open source code available. Fully asynchronous design – no blocking on I/O – Efficiently handles thousands of simultaneous operations. High performance (throughput & response time) – High throughput over high latency connections. – Much faster than existing systems. Oblivious load balancing technique for distributing the ORAM workload. Optimized for both SSDs and HDDs.

Performance Challenges Untrusted Cloud Client bandwidth cost, response time, block size storage IO cost, seeks Server client storage scalability to multiple servers focus on exact (not asymptotic) performance

Security Challenges Goals: Oblivious asynchronous scheduling. – Scheduling should not leak private information. – Oblivious load balancing across multiple machines. Load distribution should be independent of access pattern. Adversary can: – Observe raw storage locations accessed. – Observe network traffic patterns. – Maliciously delay storage and network IO. – Attempt to corrupt data. – etc.

Overview

Partitioned ORAM

Partition Based on Goldreich- Ostrovsky scheme.

Reading from a Partition Read one block from each level. One of them is the real block. Client Server

Writing to a Partition (shuffling) Shuffle consecutively filled levels. Write into next unfilled level. Server (before) Server (after) Client shuffle blocks

Challenge Parallelism Overlapping reading & shuffling Maintaining low client storage Preserving security

Architecture

Storage Cache Background Shuffler Partitions Server Client Partition Reader Semaphores ORAM Main increment decrement Read (blockId) Write (blockId, block) Eviction Cache ReadPartition(partition, blockId) Fetch(addr) Store(addr, block) CacheIn (addr) CacheOut(addr) Fetch (blockId) Store (partition, block) Fetch(partition) Fetch(addr) CacheIn (addr) Partition States

Storage Cache Background Shuffler Partitions Server Client Partition Reader Semaphores ORAM Main increment decrement Eviction Cache ReadPartition(partition, blockId) Fetch(addr) Store(addr, block) CacheIn (addr) CacheOut(addr) Fetch (blockId) Store (partition, block) Fetch(partition) Fetch(addr) CacheIn (addr) Partition States ORAM Read/Write requests enter the system.

Storage Cache Background Shuffler Partitions Server Client Partition Reader Semaphores ORAM Main increment decrement Read (blockId) Write (blockId, block) Eviction Cache ReadPartition(partition, blockId) Fetch(addr) Store(addr, block) CacheIn (addr) CacheOut(addr) Fetch (blockId) Store (partition, block) Fetch(partition) Fetch(addr) CacheIn (addr) Partition States The requests are then partitioned.

Storage Cache Background Shuffler Partitions Server Client Partition Reader Semaphores ORAM Main increment decrement Read (blockId) Write (blockId, block) Eviction Cache ReadPartition(partition, blockId) Fetch(addr) Store(addr, block) CacheIn (addr) CacheOut(addr) Fetch (blockId) Store (partition, block) Fetch(partition) Fetch(addr) CacheIn (addr) Partition States The partition reader reads levels of the partitions.

Storage Cache Background Shuffler Partitions Server Client Partition Reader Semaphores ORAM Main increment decrement Read (blockId) Write (blockId, block) Eviction Cache ReadPartition(partition, blockId) Fetch(addr) Store(addr, block) CacheIn (addr) CacheOut(addr) Fetch (blockId) Store (partition, block) Fetch(partition) Fetch(addr) CacheIn (addr) Partition States The background shuffler writes and shuffles levels of the partitions.

Storage Cache Background Shuffler Partitions Server Client Partition Reader Semaphores ORAM Main increment decrement Read (blockId) Write (blockId, block) Eviction Cache ReadPartition(partition, blockId) Fetch(addr) Store(addr, block) CacheIn (addr) CacheOut(addr) Fetch (blockId) Store (partition, block) Fetch(partition) Fetch(addr) CacheIn (addr) Partition States Semaphores bound the client memory.

Storage Cache Background Shuffler Partitions Server Client Partition Reader Semaphores ORAM Main increment decrement Read (blockId) Write (blockId, block) Eviction Cache ReadPartition(partition, blockId) Fetch(addr) Store(addr, block) CacheIn (addr) CacheOut(addr) Fetch (blockId) Store (partition, block) Fetch(partition) Fetch(addr) CacheIn (addr) Partition States The storage cache temporarily stores data for the background shuffler and helps ensure consistency.

Pipelined Shuffling

Background Shuffler Each ORAM Read/Write operation creates a shuffling job. beforeafter block to be written (associated with shuffle job)

Without Pipelining Without pipelining it would take over 6 minutes to write a 1 MB file!

Pipelining Across One Job

Asynchronous Shuffling Pipeline start reads complete all reads shuffle locally start writes complete all writes start reads complete all reads shuffle locally start writes complete all writes start reads complete all reads shuffle locally start writes complete all writes Shuffle Job time Reserve memory resources before reading blocks Release memory resources after writing blocks Note: meanwhile, blocks may be read by the partition reader

Semaphores

Carefully designed semaphores – Enforce bound on client memory. – Control de-amortized shuffling speed. – Independent of the access pattern. Eviction – Unshuffled blocks that were recently accessed. Early cache-ins – Blocks read during shuffling of a partition. Shuffling buffer – Blocks currently being shuffled. Shuffling I/O – Pending work for the shuffler.

Security Secure in the malicious model. Adversary only observes (informally): – Behavior of synchronous system i.e., without ObliviStore’s optimizations. Proven secure. – Semaphore values Independent of the access pattern. – Timings Independent of the access pattern. Security proof in full online paper.

Evaluation

Performance 1 node (2x1TB SSD) (300 GB ORAM) (50ms simulated client latency) Speed: 3.2 MB/s

Scalability 10 nodes (2x1TB SSD each) (3 TB ORAM) (50ms simulated client latency) Speed: 31.5 MB/s Response time: 66ms (full load)

HDD “Friendly” 4 to 10 seeks per operation Works well on both SSDs and HDDs

Comparison to other ORAM implementations About 17 times higher throughput than PrivateFS (under a very similar configuration)

Lorch et. al. also implemented ORAM. Built on top of real-world secure processors. Lots of overhead from limitations of secure processors – Very limited I/O bandwidth – Very limited computation capabilities Many other ORAM constructions exist, but not many full end-to-end implementations. Comparison to other ORAM implementations

Conclusion Fully asynchronous. High performance. Full end-to-end implementation (open source). – Already been used for mining biometric data. (Bringer et. al) Thank you!