Final Report Workshop in Information Security – Distributed Databases Project Access Control Security vs. Performance By: Yosi Barad, Ainat Chervin and.

Slides:

Advertisements

Similar presentations

The following 10 questions test your knowledge of Internet-based client management in Configuration Manager Configuration Manager 2007 Internet-Based.

Advertisements

Live CDs. What is a Live CD? Prerak Parikh What is a Live CD? CD or DVD containing bootable CD-ROM disk that loads and boots an OS Instead of using the.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

Module 1: Installing Windows XP Professional

15.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.

Milestone 1 Workshop in Information Security – Distributed Databases Project Access Control Security vs. Performance By: Yosi Barad, Ainat Chervin and.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

Administering Active Directory

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

Getting Started with Web Servers, PHP, and the Eclipse PDT Appendix I DAVID M. KROENKE and DAVID J. AUER DATABASE CONCEPTS, 6 th Edition.

Cambodia-India Entrepreneurship Development Centre - : :.... :-:-

Maintaining and Updating Windows Server 2008

Copyright Anthony K. Holden, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

 Contents 1.Introduction about operating system. 2. What is 32 bit and 64 bit operating system. 3. File systems. 4. Minimum requirement for Windows 7.

Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.

Module 2: Planning to Install SQL Server. Overview Hardware Installation Considerations SQL Server 2000 Editions Software Installation Considerations.

OPERATING SYSTEMS AND SYSTEMS SOFTWARE. SYSTEMS SOFTWARE Systems software consists of the programs that control the operations of the computer and its.

Passage Three Introduction to Microsoft SQL Server 2000.

System Design/Implementation and Support for Build 2 PDS Management Council Face-to-Face Mountain View, CA Nov 30 - Dec 1, 2011 Sean Hardman.

Microsoft ® Official Course Module 9 Configuring Applications.

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

Fundamentals of Networking Discovery 1, Chapter 2 Operating Systems.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

Introduction to Group Policy

New roles in Technology Migration issues – Rule of PO 2.7(b)1.

XP New Perspectives on Microsoft Office Access 2003 Tutorial 12 1 Microsoft Office Access 2003 Tutorial 12 – Managing and Securing a Database.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 5: Managing File Access.

Performance Concepts Mark A. Magumba. Introduction Research done on 1058 correspondents in 2006 found that 75% OF them would not return to a website that.

Module 1: Installing and Upgrading to Exchange Server 2003.

Milestone 2 Workshop in Information Security – Distributed Databases Project Access Control Security vs. Performance By: Yosi Barad, Ainat Chervin and.

Step By Step Windows Server 2003 Installation Guide Step By Step Windows Server 2003 Installation Guide.

Otasuke GP-EX! Chapter 11 GP-Viewer EX

1. Chapter 25 Protecting and Preparing Documents.

Block1 Wrapping Your Nugget Around Distributed Processing.

Module 5: Upgrading to SQL Server 7.0. Overview Planning an Upgrade Preparing to Upgrade Verifying the Upgrade Setting a Compatibility Level.

1 Administering Shared Folders Understanding Shared Folders Planning Shared Folders Sharing Folders Combining Shared Folder Permissions and NTFS Permissions.

Visualizing Technology© 2012 Pearson Education, Inc. Publishing as Prentice Hall1 PowerPoint Presentation To Accompany Chapter 6 System Software.

Week #3 Objectives Partition Disks in Windows® 7 Manage Disk Volumes Maintain Disks in Windows 7 Install and Configure Device Drivers.

Diagnostic Pathfinder for Instructors. Diagnostic Pathfinder Local File vs. Database Normal operations Expert operations Admin operations.

Maintaining and Updating Windows Server Monitoring Windows Server It is important to monitor your Server system to make sure it is running smoothly.

Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.

11 CLUSTERING AND AVAILABILITY Chapter 11. Chapter 11: CLUSTERING AND AVAILABILITY2 OVERVIEW  Describe the clustering capabilities of Microsoft Windows.

© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls.

CHAPTER 7 CLUSTERING SERVERS. CLUSTERING TYPES There are 2 types of clustering ; Server clusters Network Load Balancing (NLB) The difference between the.

DATABASE REPLICATION DISTRIBUTED DATABASE. O VERVIEW Replication : process of copying and maintaining database object, in multiple database that make.

Page 1 of 38 Lenovo Confidential Lenovo Confidential Lenovo Confidential Lenovo Confidential Lenovo Confidential Please Note: Information contained in.

© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 6 Today’s Windows Windows Vista and Windows 7 McGraw-Hill.

Features Of SQL Server 2000: 1. Internet Integration: SQL Server 2000 works with other products to form a stable and secure data store for internet and.

Final Implementation of a High Performance Computing Cluster at Florida Tech P. FORD, X. FAVE, K. GNANVO, R. HOCH, M. HOHLMANN, D. MITRA Physics and Space.

 Distributed Database Concepts  Parallel Vs Distributed Technology  Advantages  Additional Functions  Distribution Database Design  Data Fragmentation.

1 Chapter Overview Monitoring Access to Shared Folders Creating and Sharing Local and Remote Folders Monitoring Network Users Using Offline Folders and.

David M. Kroenke and David J. Auer Database Processing Fundamentals, Design, and Implementation Appendix I: Getting Started with Web Servers, PHP and the.

2: Operating Systems Networking for Home & Small Business.

Chapter 5 Managing Multi-user Databases 1. Multi-User Issues Database Administration Concurrency Control Database Security Database Recovery Page 307.

John Samuels October, Why Now?  Vista Problems  New Features  >4GB Memory Support  Experience.

 Project Team: Suzana Vaserman David Fleish Moran Zafir Tzvika Stein  Academic adviser: Dr. Mayer Goldberg  Technical adviser: Mr. Guy Wiener.

Maintaining and Updating Windows Server 2008 Lesson 8.

COMP1321 Digital Infrastructure Richard Henson March 2016.

Cofax Scalability Document Version Scaling Cofax in General The scalability of Cofax is directly related to the system software, hardware and network.

Network and Server Basics. Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server network.

INTRODUCTION TO DESKTOP SUPPORT

CT1503 Network Operating System

Apache Ignite Data Grid Research Corey Pentasuglia.

Welcome © GTM Software. Welcome © GTM Software.

5.0 : Windows Operating System

Content Management Systems

Kaspersky Antivirus Customer Service. Steps to Install Kaspersky Antivirus  Download the installer from the Kaspersky Lab website or use the link in.

Chapter 2: The Linux System Part 1

How to install and manage exchange server 2010 OP Saklani.

Presentation transcript:

Final Report Workshop in Information Security – Distributed Databases Project Access Control Security vs. Performance By: Yosi Barad, Ainat Chervin and Ilia Oshmiansky 1 Project web site:

Final Report 2 Our Plan: Expand Cassandra and Accumulo set-ups to the local hard drives. Run benchmark tests on the local configuration Compare the local test results to the results of our initial tests Compare our implementation performance against the Cassandra and Accumulo performance.

Final Report 3 Our Plan: Improve our implementation- Creating a new column for the ACL to be stored in Cassandra Compare our implementations Upgrade from YCSB to YCSB++ benchmark tool.

Measure the security holes that may exist due to the inconsistency of the ACLs Improve the security through stronger consistency between Cassandra nodes Final Report 4 Our Plan:

Plan Step 1: 5 Expand Cassandra and Accumulo set-ups to the local hard drives. We extended the configuration of the following databases to local drives: 1.Cassandra configuration included:  1 cluster containing 1 node.  1 cluster containing 3 nodes. 2.Our Cassandra ACL configuration included:  1 cluster containing 1 node.  1 cluster containing 3 nodes. 3.Accumulo configuration included:  1 cluster containing 1 node.  Hadoop and Zookeeper installed and configured on the Accumulo node.

Plan Step 2: 6 Run benchmark tests on the local configuration We ran the benchmark test on the local hard disks. This time we got better results:  More stable  Achieved higher performance (in terms of throughput)

Plan Step 3: 7 Compare the local test results to the results of our initial tests Network drive configuration Local disks configuration

Plan Step 4: 8 Compare our implementation performance against the Cassandra original performance. We measured Cassandra original performance using only values. We measured our implementation performance as we increased the number entries in the ACLs each time.

Plan Step 5: 9 Creating a new column for the ACL to be stored in Cassandra database We modified Cassandra behavior:  for each column insertion we saved another column which maintained the ACL.  Once a user tries to retrieve or delete a column from the database we invoke the corresponding ACL column.  If the user has read or write permission on that ACL – the according operation is approved.  Otherwise the operation is denied and a message is prompt to the user.

Plan Step 6: 10 Compare our implementations We have implemented 2 version of Cassandra ACL:  Cassandra Acl v1.1 (Code, JavaDoc): Cassandra Acl v1.1CodeJavaDoc The Acl saved within the value in the database.  Cassandra Acl v1.2 (Code, JavaDoc): Cassandra Acl v1.2CodeJavaDoc The Acl saved in a new column in the database. We ran benchmark tests on both of them. Version 1.1 has better performance (greater throughput). Version 1.2 provides better security (doesn’t hold the value in the memory as it traverse on the ACLs).

Plan Step 7: 11 Upgrade from YCSB to YCSB++ benchmark tool Once we installed YCSB++:  We were able to measure the Read after writes in the database. We used Zookeeper to synchronize the operations of the producer and the consumer activated by YCSB++. We edited YCSB++ code:  So we could measure the read after update in the database.  Since It may simulate a change applied to the ACLs.

Plan Step 8: 12 Measure the security holes that may exist due to the inconsistency of the ACLs We ran the test among computers in the lab. The inconsistency windows we obtained were very small (using same LAN). In order to obtain more durable time lags we tried to:  Extend the number of clusters - up to 6 Cassandra clusters.  Introduced a new Wi-Fi cluster among the other clusters. We Installed our implementation on a laptop connected to network. This time our tests obtained more concrete time lags which implied on a larger inconsistency windows.  We simulated latency on the network between the nodes.

Plan Step 8: 13 Measure the security holes that may exist due to the inconsistency of the ACLs

Plan Step 8: 14 Measure the security holes that may exist due to the inconsistency of the ACLs

Plan Step 9: 15 Improve the security through stronger consistency between Cassandra nodes We tried to obtain a consistent state among the nodes in order to reduce the inconsistency windows We configured the consistency level of the read/write to ALL. Tradeoffs between consistency and latency are tunable in Cassandra. One can achieve stronger consistency with an increased latency. Write consistency level – ALL preserves a consistence state. Read consistency level – ALL preserves a consistence state. Recommendation:  Mostly read operations – set write consistency level to ALL.  Mostly write operations – set read consistency level to ALL.

Progress Compared to Plan: Final Report 16 Plan StepStatus Expand Cassandra and Accumulo set-ups to the local hard drives Run benchmark tests on the local configuration Compare the local test results to the results of our initial tests Compare our implementation performance against the Cassandra and Accumulo performance. Improve our implementation- Creating a new column for the ACL to be stored in Cassandra Compare our implementations Upgrade from YCSB to YCSB++ benchmark tool. Measure the security holes that may exist due to the inconsistency of the ACLs Improve the security through stronger consistency between Cassandra nodes

Final Report 17 Overall We implemented two versions of Cassandra ACL. We tested and benchmarked our implementation versus the original Cassandra and Accumulo. We measured the security holes created due to inconsistency windows. We try to improve the security through configuration of a consistent state between cassandra nodes which reduce the inconsistency windows. You may find all of our work, implementation, Javadoc, documentation on our websites:  

Final Report 18 Questions?