Ramya Prabhakar, Seung Woo Son, Christina Patrick, Sri Hari Krishna Narayanan, Mahmut Kandemir Pennsylvania State University 4th International IEEE Security.

Slides:

Advertisements

Similar presentations

Devising Secure Sockets Layer-Based Distributed Systems: A Performance-Aware Approach Norman Lim, Shikharesh Majumdar,Vineet Srivastava, Dept. of Systems.

Advertisements

An Adaptable Benchmark for MPFS Performance Testing A Master Thesis Presentation Yubing Wang Advisor: Prof. Mark Claypool.

QUANTITATIVE DATA ANALYSIS

Jointly Optimal Transmission and Probing Strategies for Multichannel Systems Saswati Sarkar University of Pennsylvania Joint work with Sudipto Guha (Upenn)

1 COMP 206: Computer Architecture and Implementation Montek Singh Mon., Sep 5, 2005 Lecture 2.

Distributed Cluster Repair for OceanStore Irena Nadjakova and Arindam Chakrabarti Acknowledgements: Hakim Weatherspoon John Kubiatowicz.

PPA 415 – Research Methods in Public Administration Lecture 4 – Measures of Dispersion.

A Hybrid Caching Strategy for Streaming Media Files Jussara M. Almeida Derek L. Eager Mary K. Vernon University of Wisconsin-Madison University of Saskatchewan.

Central Tendency & Variability Dec. 7. Central Tendency Summarizing the characteristics of data Provide common reference point for comparing two groups.

As with averages, researchers need to transform data into a form conducive to interpretation, comparisons, and statistical analysis measures of dispersion.

September 12, 2006IEEE PIMRC 2006, Helsinki, Finland1 On the Packet Header Size and Network State Tradeoff for Trajectory-Based Routing in Wireless Networks.

BCOR 1020 Business Statistics Lecture 20 – April 3, 2008.

BCOR 1020 Business Statistics

1 Exploring Data Reliability Tradeoffs in Replicated Storage Systems NetSysLab The University of British Columbia Abdullah Gharaibeh Matei Ripeanu.

Chapter 8 Physical Database Design. McGraw-Hill/Irwin © 2004 The McGraw-Hill Companies, Inc. All rights reserved. Outline Overview of Physical Database.

Customized Dynamic Load Balancing for a Network of Workstations Taken from work done by: Mohammed Javeed Zaki, Wei Li, Srinivasan Parthasarathy Computer.

On Self Adaptive Routing in Dynamic Environments -- A probabilistic routing scheme Haiyong Xie, Lili Qiu, Yang Richard Yang and Yin Yale, MR and.

1 Exploring Data Reliability Tradeoffs in Replicated Storage Systems NetSysLab The University of British Columbia Abdullah Gharaibeh Advisor: Professor.

VIRTUAL BUSINESS RETAILING

Efficient Scheduling of Heterogeneous Continuous Queries Mohamed A. Sharaf Panos K. Chrysanthis Alexandros Labrinidis Kirk Pruhs Advanced Data Management.

1 Telematics/Networkengineering Confidential Transmission of Lossless Visual Data: Experimental Modelling and Optimization.

Defining Anomalous Behavior for Phase Change Memory

Lecture Presentation Software to accompany Investment Analysis and Portfolio Management Seventh Edition by Frank K. Reilly & Keith C. Brown Chapter 7.

1 Chapter 24 Developing Efficient Algorithms. 2 Executing Time Suppose two algorithms perform the same task such as search (linear search vs. binary search)

Yongzhi Wang, Jinpeng Wei VIAF: Verification-based Integrity Assurance Framework for MapReduce.

Aggregation in Sensor Networks

Unit 2: Engineering Design Process

ROBUST RESOURCE ALLOCATION OF DAGS IN A HETEROGENEOUS MULTI-CORE SYSTEM Luis Diego Briceño, Jay Smith, H. J. Siegel, Anthony A. Maciejewski, Paul Maxwell,

Classification of scheduling policies Preemptive methods (typical representative: RR) Non-preemptive methods (typical representative: FCFS) Preemption.

A Framework for Elastic Execution of Existing MPI Programs Aarthi Raveendran Graduate Student Department Of CSE 1.

Chapter 2 Risk Measurement and Metrics. Measuring the Outcomes of Uncertainty and Risk Risk is a consequence of uncertainty. Although they are connected,

Scheduling policies for real- time embedded systems.

Evaluating FERMI features for Data Mining Applications Masters Thesis Presentation Sinduja Muralidharan Advised by: Dr. Gagan Agrawal.

The Owner Share scheduler for a distributed system 2009 International Conference on Parallel Processing Workshops Reporter: 李長霖.

MGS3100_04.ppt/Sep 29, 2015/Page 1 Georgia State University - Confidential MGS 3100 Business Analysis Regression Sep 29 and 30, 2015.

Autonomic scheduling of tasks from data parallel patterns to CPU/GPU core mixes Published in: High Performance Computing and Simulation (HPCS), 2013 International.

VGreen: A System for Energy Efficient Manager in Virtualized Environments G. Dhiman, G Marchetti, T Rosing ISLPED 2009.

A Passive Approach to Sensor Network Localization Rahul Biswas and Sebastian Thrun International Conference on Intelligent Robots and Systems 2004 Presented.

Opportunistic Traffic Scheduling Over Multiple Network Path Coskun Cetinkaya and Edward Knightly.

Doc.: IEEE r0 Amin Jafarian, Newracom 1 CCA Revisit May 2015 NameAffiliationsAddressPhone Amin

Lecture 4 TTH 03:30AM-04:45PM Dr. Jianjun Hu CSCE569 Parallel Computing University of South Carolina Department of.

1 Iterative Integer Programming Formulation for Robust Resource Allocation in Dynamic Real-Time Systems Sethavidh Gertphol and Viktor K. Prasanna University.

Software solutions for challenges in embedded systems Sri Hari Krishna Narayanan, The Pennsylvania State University, USA, Theme While.

Using Loop Invariants to Detect Transient Faults in the Data Caches Seung Woo Son, Sri Hari Krishna Narayanan and Mahmut T. Kandemir Microsystems Design.

Lecture 2a: Performance Measurement. Goals of Performance Analysis The goal of performance analysis is to provide quantitative information about the performance.

Chapter 8 Physical Database Design. Outline Overview of Physical Database Design Inputs of Physical Database Design File Structures Query Optimization.

The IEEE International Conference on Cluster Computing 2010

Answering Descriptive Questions in Multivariate Research When we are studying more than one variable, we are typically asking one (or more) of the following.

Outline of Today’s Discussion 1.Displaying the Order in a Group of Numbers: 2.The Mean, Variance, Standard Deviation, & Z-Scores 3.SPSS: Data Entry, Definition,

Effective Anomaly Detection with Scarce Training Data Presenter: 葉倚任 Author: W. Robertson, F. Maggi, C. Kruegel and G. Vigna NDSS

1 Ch.19 Divide and Conquer. 2 BIRD’S-EYE VIEW Divide and conquer algorithms Decompose a problem instance into several smaller independent instances May.

Dynamics of Binary Search Trees under batch insertions and deletions with duplicates ╛ BACKGROUND The complexity of many operations on Binary Search Trees.

Sunpyo Hong, Hyesoon Kim

Collecting and Processing Information Foundations of Technology Collecting and Processing Information © 2013 International Technology and Engineering Educators.

Presentation subtitle: 20pt Arial Regular, green R223 | G255 | B102 Recommended maximum length: 2 lines Confidentiality/date line: 13pt Arial Regular,

Load Balancing : The Goal Given a collection of tasks comprising a computation and a set of computers on which these tasks may be executed, find the mapping.

LESSON 5 - STATISTICS & RESEARCH STATISTICS – USE OF MATH TO ORGANIZE, SUMMARIZE, AND INTERPRET DATA.

1 Performance Impact of Resource Provisioning on Workflows Gurmeet Singh, Carl Kesselman and Ewa Deelman Information Science Institute University of Southern.

Pouya Ostovari and Jie Wu Computer & Information Sciences

Market-Risk Measurement

Ioannis E. Venetis Department of Computer Engineering and Informatics

Parallel Programming By J. H. Wang May 2, 2017.

STRONGBOX: CONFIDENTIALITY, INTEGRITY, AND PERFORMANCE USING STREAM CIPHERS FOR FULL-DISK ENCRYPTION Bernard Dickens III.

Adaptive Code Unloading for Resource-Constrained JVMs

Using statistics to evaluate your test Gerard Seinhorst

Workshop on Empirical Methods for the Analysis of Algorithms

Exploratory Data Analysis, Frequency Distributions and Percentiles

Parallel Programming in C with MPI and OpenMP

Exercise 1 Use Transform  Compute variable to calculate weight lost by each person Calculate the overall mean weight lost Calculate the means and standard.

Presentation transcript:

Ramya Prabhakar, Seung Woo Son, Christina Patrick, Sri Hari Krishna Narayanan, Mahmut Kandemir Pennsylvania State University 4th International IEEE Security in Storage Workshop ‘07 27 th September, 2007 Securing Disk-Resident Data through Application Level Encryption Ramya Prabhakar

Outline Motivation Motivation for Application Level Encryption Re-Use Evaluate a reuse distance oriented approach for selective encryption of disk-resident data Profiling A profile-guided approach that approximates the behavior of the reuse distance oriented approach Analysis Quantitative analysis of the trade-offs between confidentiality and performance Conclusion Summarize the major observations and results

Motivation File System based approaches The performance impact can be a showstopper File-level encryption solutions have course granularity Data-Access characteristics of Applications Frequent reuse Volatile and disk resident data

Data Reuse in Applications Eg. Matrix – Matrix Multiplication A X B = C Matrix B is read every time an element of C is computed = X

Reuse Potential Reuse potential is a measure of amount of data read/written repeatedly by the application Different applications have different reuse potentials

The Two Extremes… Always Encrypt/DecryptNever Encrypt/Decrypt Minimum Vulnerability Factor Maximum security Maximum I/O Time Significant Performance overhead Minimum I/O Time Significant Performance improvement Maximum exposure Maximum Vulnerability Factor

Reuse oriented approach write_encrypt (…, offset) write_encrypt (…, offset) read_decrypt (…, offset) read_decrypt (…, offset) read_decrypt (…, offset) write_encrypt (…, offset) read_decrypt (…, offset) read_decrypt (…, offset) Reuse distance( δ ) δ threshold plain_write(…, offset) plain_read(…, offset)

Distribution of Reuse

Metrics of Interest I/O Time (IOT) I/O latency when encryption/ decryption is included. Normalized to base version Vulnerability Factor (VF) percentage of data stored in plain text during execution Two variants: Average Vulnerability Factor (AVF) Maximum Vulnerability Factor (MVF) Ideal case reduce both IOT and VF

Metrics Vs Reuse Distance NED DES scheme reduces IOT over AED DES by 74% NED DES scheme reduces IOT over AED DES by 26%

But… Reuse oriented approach is idealistic Analysis is perfect; derives maximum benefit Requires knowledge of future references Not possible to implement

Profile Guided Approach Profiling Collect statistical information Obtain dynamic behavior of each static call An implementable method to approximate reuse- oriented approach Static I/O call results in many dynamic instances of the same call

Profile Guided Approach

Profiler inserts hints to every static call Three types of static calls: Group I Always interpreted as read_decrypt / write_encrypt Group II Always interpreted as plain_read / plain_write Group III Decision varies dynamically. Non-deterministic

Profile Guided Approach Distribution of static I/O calls among groups

I/O Call Splitting

Group III references optimized in two ways Performance oriented approach (PO) Profiles with higher δ threshold Performance is favored in the tradeoff Security oriented approach (SO) Profiles with higher δ threshold Performance is favored in the tradeoff

Results Variation of IOT(DES) with different approaches

Results Variation of IOT(AES) with different approaches

Results Variation of AVF with different approaches

Results Variation of MVF with different approaches

Guidelines for suitable δthreshold Performance ratio for δk is IOT for lowest δ divided by IOT for δk Security ratio for δk is portion of secure data at δk divided by portion of secure data for highest δ Combined metric is Performance ratio divided by security ratio At δk represents unit gain in performance for unit loss in security CM is less than, equal to or greater than 1

Conclusion Quantitative analysis of performance and confidentiality tradeoff Disk resident data remains secured Encryption/decryption overheads significantly reduced 46.5% with 3-DES 30.63% with AES

IO Time contribution to overall execution latency is between 64.2% and 96.6%. The absolute IOT values measured for base version are , , , and msec for swim, mgrid, lu, mxm and tsf respectively.

Characteristics of Applications