Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ramya Prabhakar, Seung Woo Son, Christina Patrick, Sri Hari Krishna Narayanan, Mahmut Kandemir Pennsylvania State University 4th International IEEE Security.

PublishPhilip McCoy Modified over 8 years ago

Similar presentations

Presentation on theme: "Ramya Prabhakar, Seung Woo Son, Christina Patrick, Sri Hari Krishna Narayanan, Mahmut Kandemir Pennsylvania State University 4th International IEEE Security."— Presentation transcript:

1 Ramya Prabhakar, Seung Woo Son, Christina Patrick, Sri Hari Krishna Narayanan, Mahmut Kandemir Pennsylvania State University 4th International IEEE Security in Storage Workshop ‘07 27 th September, 2007 Securing Disk-Resident Data through Application Level Encryption Ramya Prabhakar

2 Outline Motivation Motivation for Application Level Encryption Re-Use Evaluate a reuse distance oriented approach for selective encryption of disk-resident data Profiling A profile-guided approach that approximates the behavior of the reuse distance oriented approach Analysis Quantitative analysis of the trade-offs between confidentiality and performance Conclusion Summarize the major observations and results

3 Motivation File System based approaches The performance impact can be a showstopper File-level encryption solutions have course granularity Data-Access characteristics of Applications Frequent reuse Volatile and disk resident data

4 Data Reuse in Applications Eg. Matrix – Matrix Multiplication A X B = C Matrix B is read every time an element of C is computed = X

5 Reuse Potential Reuse potential is a measure of amount of data read/written repeatedly by the application Different applications have different reuse potentials

6 The Two Extremes… Always Encrypt/DecryptNever Encrypt/Decrypt Minimum Vulnerability Factor Maximum security Maximum I/O Time Significant Performance overhead Minimum I/O Time Significant Performance improvement Maximum exposure Maximum Vulnerability Factor

7 Reuse oriented approach write_encrypt (…, offset) write_encrypt (…, offset) read_decrypt (…, offset) read_decrypt (…, offset) read_decrypt (…, offset) write_encrypt (…, offset) read_decrypt (…, offset) read_decrypt (…, offset) Reuse distance( δ ) δ threshold plain_write(…, offset) plain_read(…, offset)

8 Distribution of Reuse

9 Metrics of Interest I/O Time (IOT) I/O latency when encryption/ decryption is included. Normalized to base version Vulnerability Factor (VF) percentage of data stored in plain text during execution Two variants: Average Vulnerability Factor (AVF) Maximum Vulnerability Factor (MVF) Ideal case reduce both IOT and VF

10 Metrics Vs Reuse Distance NED DES scheme reduces IOT over AED DES by 74% NED DES scheme reduces IOT over AED DES by 26%

11 But… Reuse oriented approach is idealistic Analysis is perfect; derives maximum benefit Requires knowledge of future references Not possible to implement

12 Profile Guided Approach Profiling Collect statistical information Obtain dynamic behavior of each static call An implementable method to approximate reuse- oriented approach Static I/O call results in many dynamic instances of the same call

13 Profile Guided Approach

14 Profiler inserts hints to every static call Three types of static calls: Group I Always interpreted as read_decrypt / write_encrypt Group II Always interpreted as plain_read / plain_write Group III Decision varies dynamically. Non-deterministic

15 Profile Guided Approach Distribution of static I/O calls among groups

16 I/O Call Splitting

17

18 Group III references optimized in two ways Performance oriented approach (PO) Profiles with higher δ threshold Performance is favored in the tradeoff Security oriented approach (SO) Profiles with higher δ threshold Performance is favored in the tradeoff

19 Results Variation of IOT(DES) with different approaches

20 Results Variation of IOT(AES) with different approaches

21 Results Variation of AVF with different approaches

22 Results Variation of MVF with different approaches

23 Guidelines for suitable δthreshold Performance ratio for δk is IOT for lowest δ divided by IOT for δk Security ratio for δk is portion of secure data at δk divided by portion of secure data for highest δ Combined metric is Performance ratio divided by security ratio At δk represents unit gain in performance for unit loss in security CM is less than, equal to or greater than 1

24 Conclusion Quantitative analysis of performance and confidentiality tradeoff Disk resident data remains secured Encryption/decryption overheads significantly reduced 46.5% with 3-DES 30.63% with AES

25 IO Time contribution to overall execution latency is between 64.2% and 96.6%. The absolute IOT values measured for base version are 2873.24, 2678.45, 5676.32, 5940.22 and 3453.79 msec for swim, mgrid, lu, mxm and tsf respectively.

26 Characteristics of Applications

Download ppt "Ramya Prabhakar, Seung Woo Son, Christina Patrick, Sri Hari Krishna Narayanan, Mahmut Kandemir Pennsylvania State University 4th International IEEE Security."

Similar presentations

Devising Secure Sockets Layer-Based Distributed Systems: A Performance-Aware Approach Norman Lim, Shikharesh Majumdar,Vineet Srivastava, Dept. of Systems.

Devising Secure Sockets Layer-Based Distributed Systems: A Performance-Aware Approach Norman Lim, Shikharesh Majumdar,Vineet Srivastava, Dept. of Systems.
An Adaptable Benchmark for MPFS Performance Testing A Master Thesis Presentation Yubing Wang Advisor: Prof. Mark Claypool.

An Adaptable Benchmark for MPFS Performance Testing A Master Thesis Presentation Yubing Wang Advisor: Prof. Mark Claypool.
QUANTITATIVE DATA ANALYSIS

QUANTITATIVE DATA ANALYSIS
Jointly Optimal Transmission and Probing Strategies for Multichannel Systems Saswati Sarkar University of Pennsylvania Joint work with Sudipto Guha (Upenn)

Jointly Optimal Transmission and Probing Strategies for Multichannel Systems Saswati Sarkar University of Pennsylvania Joint work with Sudipto Guha (Upenn)
1 COMP 206: Computer Architecture and Implementation Montek Singh Mon., Sep 5, 2005 Lecture 2.

1 COMP 206: Computer Architecture and Implementation Montek Singh Mon., Sep 5, 2005 Lecture 2.
Distributed Cluster Repair for OceanStore Irena Nadjakova and Arindam Chakrabarti Acknowledgements: Hakim Weatherspoon John Kubiatowicz.

Distributed Cluster Repair for OceanStore Irena Nadjakova and Arindam Chakrabarti Acknowledgements: Hakim Weatherspoon John Kubiatowicz.
PPA 415 – Research Methods in Public Administration Lecture 4 – Measures of Dispersion.

PPA 415 – Research Methods in Public Administration Lecture 4 – Measures of Dispersion.
A Hybrid Caching Strategy for Streaming Media Files Jussara M. Almeida Derek L. Eager Mary K. Vernon University of Wisconsin-Madison University of Saskatchewan.

A Hybrid Caching Strategy for Streaming Media Files Jussara M. Almeida Derek L. Eager Mary K. Vernon University of Wisconsin-Madison University of Saskatchewan.
Central Tendency & Variability Dec. 7. Central Tendency Summarizing the characteristics of data Provide common reference point for comparing two groups.

Central Tendency & Variability Dec. 7. Central Tendency Summarizing the characteristics of data Provide common reference point for comparing two groups.
As with averages, researchers need to transform data into a form conducive to interpretation, comparisons, and statistical analysis measures of dispersion.

As with averages, researchers need to transform data into a form conducive to interpretation, comparisons, and statistical analysis measures of dispersion.
September 12, 2006IEEE PIMRC 2006, Helsinki, Finland1 On the Packet Header Size and Network State Tradeoff for Trajectory-Based Routing in Wireless Networks.

September 12, 2006IEEE PIMRC 2006, Helsinki, Finland1 On the Packet Header Size and Network State Tradeoff for Trajectory-Based Routing in Wireless Networks.
BCOR 1020 Business Statistics Lecture 20 – April 3, 2008.

BCOR 1020 Business Statistics Lecture 20 – April 3, 2008.
BCOR 1020 Business Statistics

BCOR 1020 Business Statistics
1 Exploring Data Reliability Tradeoffs in Replicated Storage Systems NetSysLab The University of British Columbia Abdullah Gharaibeh Matei Ripeanu.

1 Exploring Data Reliability Tradeoffs in Replicated Storage Systems NetSysLab The University of British Columbia Abdullah Gharaibeh Matei Ripeanu.
Chapter 8 Physical Database Design. McGraw-Hill/Irwin © 2004 The McGraw-Hill Companies, Inc. All rights reserved. Outline Overview of Physical Database.

Chapter 8 Physical Database Design. McGraw-Hill/Irwin © 2004 The McGraw-Hill Companies, Inc. All rights reserved. Outline Overview of Physical Database.
Customized Dynamic Load Balancing for a Network of Workstations Taken from work done by: Mohammed Javeed Zaki, Wei Li, Srinivasan Parthasarathy Computer.

Customized Dynamic Load Balancing for a Network of Workstations Taken from work done by: Mohammed Javeed Zaki, Wei Li, Srinivasan Parthasarathy Computer.
On Self Adaptive Routing in Dynamic Environments -- A probabilistic routing scheme Haiyong Xie, Lili Qiu, Yang Richard Yang and Yin Yale, MR and.

On Self Adaptive Routing in Dynamic Environments -- A probabilistic routing scheme Haiyong Xie, Lili Qiu, Yang Richard Yang and Yin Yale, MR and.
1 Exploring Data Reliability Tradeoffs in Replicated Storage Systems NetSysLab The University of British Columbia Abdullah Gharaibeh Advisor: Professor.

1 Exploring Data Reliability Tradeoffs in Replicated Storage Systems NetSysLab The University of British Columbia Abdullah Gharaibeh Advisor: Professor.
VIRTUAL BUSINESS RETAILING

VIRTUAL BUSINESS RETAILING
Efficient Scheduling of Heterogeneous Continuous Queries Mohamed A. Sharaf Panos K. Chrysanthis Alexandros Labrinidis Kirk Pruhs Advanced Data Management.

Efficient Scheduling of Heterogeneous Continuous Queries Mohamed A. Sharaf Panos K. Chrysanthis Alexandros Labrinidis Kirk Pruhs Advanced Data Management.

Similar presentations

Ads by Google