Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 6 03/22/2010 Security and Privacy in Cloud Computing.

Published bySharlene Simon Modified over 9 years ago

Similar presentations

Presentation on theme: "Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 6 03/22/2010 Security and Privacy in Cloud Computing."— Presentation transcript:

1 Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 6 03/22/2010 Security and Privacy in Cloud Computing

2 Verifying Computations in a Cloud 3/22/2010en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan2 Scenario User sends her data processing job to the cloud. Clouds provide dataflow operation as a service (e.g., MapReduce, Hadoop etc.) Problem: Users have no way of evaluating the correctness of results

3 DataFlow Operations 3/22/2010en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan3 Properties High performance, in-memory data processing Each node performs a particular function Nodes are mostly independent of each other Examples MapReduce, Hadoop, System S, Dryad

4 How do we ensure DataFlow operation results are correct? 3/22/2010en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan4 Du et al., RunTest: Assuring Integrity of Dataflow Processing in Cloud Computing Infrastructures, AsiaCCS 2010 Goals To determine the malicious nodes in a DataFlow system To determine the nature of their malicious action To evaluate the quality of output data

5 Possible Approaches Re-do the computation Check memory footprint of code execution Majority voting Hardware-based attestation Run-time attestation 3/22/2010en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan5

6 RunTest: Randomized Data Attestation Idea – For some data inputs, send it along multiple dataflow paths – Record and match all intermediate results from the matching nodes in the paths – Build an attestation graph using node agreement – Over time, the graph shows which node misbehave (always or time-to-time) 3/22/2010en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan6

7 Attack Model Data model: – Input deterministic DataFlow (i.e., same input to a function will always produce the same output) – Data processing is stateless (e.g., selection, filtering) Attacker: – Malicious or compromised cloud nodes – Can produce bad results always or some time – Can collude with other malicious nodes to provide same bad result 3/22/2010en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan7

8 Attack Model (scenarios) Parameters – b_i = probability of providing bad result – c_i = probability of providing the same bad result as another malicious node Attack scenarios – NCAM: b_i = 1, c_i = 0 – NCPM: 0 < b_i <1, c_i = 0 – FTFC: b_i = 1, c_i = 1 – PTFC: 0< b_i < 1, c_i = 0 – PTPC: 0< b_i < 1, 0 < c_i < 1 3/22/2010en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan8

9 Integrity Attestation Graph Definition: – Vertices: Nodes in the DataFlow paths – Edges: Consistency relationships. – Edge weight: fraction of consistent output of all outputs generated from same data items 3/22/2010en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan9

10 Consistency Clique Complete subgraph of an attestation graph which has – 2 or more nodes – All nodes always agree with each other (i.e., all edge weights are 1) 3/22/2010en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan10 1 2 3 4 5

11 How to find malicious nodes Intuitions – Honest nodes will always agree with each other to produce the same outputs, given the same data – Number of malicious nodes is less than half of all nodes 3/22/2010en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan11

12 Finding Consistency Cliques: BK Algorithm Goal: find the maximal clique in the attestation graph Technique: Apply Bron-Kerbosch algorithm to find the maximal clique(s) (see better example at Wikipedia) Any node not in a maximal clique of size k/2 is a malicious node 3/22/2010en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan12 Note: BK algorithm is NP-Hard Authors proposed 2 optimizations to make it run quicker

13 Identifying attack patterns 3/22/2010en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan13 NCAM PTFC FTFC PTFC/NCPM

14 Inferring data quality Quality = 1 – (c/n) – where n = total number of unique data items c = total number of duplicated data with inconsistent results 3/22/2010en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan14

15 Evaluation Extended IBM System S Experiments: – Detection rate – Sensitivity to parameters – Comparison with majority voting 3/22/2010en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan15

16 Evaluation 3/22/2010en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan16 NCPM (b=0.2, c=0) Different misbehavior probabilities

17 Discussion Threat model High cost of Bron-Kerbosch algorithm (O(3 n/3 )) Results are for building attestation graphs per function Scalability Experimental evaluation 3/22/2010en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan17

18 3/22/201018en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan Further Reading TPM Reset Attack http://www.cs.dartmouth.edu/~pkilab/sparks/http://www.cs.dartmouth.edu/~pkilab/sparks/ Halderman et al., Lest We Remember: Cold Boot Attacks on Encryption Keys, USENIX Security 08, http://citp.princeton.edu/memory/http://citp.princeton.edu/memory/

Download ppt "Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 6 03/22/2010 Security and Privacy in Cloud Computing."

Similar presentations

Revisiting the efficiency of malicious two party computation David Woodruff MIT.

Revisiting the efficiency of malicious two party computation David Woodruff MIT.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 3 02/15/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 3 02/15/2010 Security and Privacy in Cloud Computing.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 8 04/04/2011 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 8 04/04/2011 Security and Privacy in Cloud Computing.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 8 04/11/2011 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 8 04/11/2011 Security and Privacy in Cloud Computing.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Ranking of security controlling strategies driven by quantitative threat analysis. Tavolo 2: Big data security evaluation UNIFI-CNR Nicola Nostro, Andrea.

Ranking of security controlling strategies driven by quantitative threat analysis. Tavolo 2: "Big data security evaluation" UNIFI-CNR Nicola Nostro, Andrea.
SecureMR: A Service Integrity Assurance Framework for MapReduce Wei Wei, Juan Du, Ting Yu, Xiaohui Gu North Carolina State University, United States Annual.

SecureMR: A Service Integrity Assurance Framework for MapReduce Wei Wei, Juan Du, Ting Yu, Xiaohui Gu North Carolina State University, United States Annual.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.
Tamper-Tolerant Software: Modeling and Implementation International Workshop on Security (IWSEC 2009) October 28-30, 2009 – Toyama, Japan Mariusz H. Jakubowski.

Tamper-Tolerant Software: Modeling and Implementation International Workshop on Security (IWSEC 2009) October 28-30, 2009 – Toyama, Japan Mariusz H. Jakubowski.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.
Slide credits: Ragib Hasan, Johns Hopkins University CS573 Data privacy and security in the cloud.

Slide credits: Ragib Hasan, Johns Hopkins University CS573 Data privacy and security in the cloud.
The Sybil Attack in Sensor Networks: Analysis & Defenses J. Newsome, E. Shi, D. Song and A. Perrig IPSN’04.

The Sybil Attack in Sensor Networks: Analysis & Defenses J. Newsome, E. Shi, D. Song and A. Perrig IPSN’04.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 10 09/15/2011 Security and Privacy in Cloud Computing.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 10 09/15/2011 Security and Privacy in Cloud Computing.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 10 09/15/2011 Security and Privacy in Cloud Computing.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 10 09/15/2011 Security and Privacy in Cloud Computing.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 11 04/25/2011 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 11 04/25/2011 Security and Privacy in Cloud Computing.
Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.

Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.
Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.

Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 7 03/29/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 7 03/29/2010 Security and Privacy in Cloud Computing.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.

Similar presentations

Ads by Google