1 / 16

Assuring Integrity of Dataflow Processing in Large-Scale Cloud Systems

Assuring Integrity of Dataflow Processing in Large-Scale Cloud Systems. Juan Du Co-advised by: Dr. Xiaohui (Helen) Gu, Dr. Douglas Reeves Department of Computer Science North Carolina State University. Outline. Background Multi-tenant cloud systems Service integrity attack

fleta
Télécharger la présentation

Assuring Integrity of Dataflow Processing in Large-Scale Cloud Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Assuring Integrity of Dataflow Processing in Large-Scale Cloud Systems Juan Du Co-advised by: Dr. Xiaohui (Helen) Gu, Dr. Douglas Reeves Department of Computer Science North Carolina State University

  2. Outline • Background • Multi-tenant cloud systems • Service integrity attack • Service Integrity Assurance • RunTest [ASIACCS’10] • Conclusion and Ongoing Work 2

  3. Multi-Tenant Cloud Systems Platform for Software as a Service (SaaS) • f2 • f3 • f3 • f2 • f1 • P1 • P2 • …,f1(di),… • …,f2(f1(di)),… • …,f3(f2(f1(di))),… • f1 • f4 • P3 • P2 • P3 • …di,… • P1 • P3 • …di,… • …,f3(f2(f1(di))),… • User • Portal 3

  4. Service Integrity Attack • f2 • f3 • P1 • P2 • f2 • f3 • f1 • …,f0(f1(di)),… • …,f1(di),… • P3 • …,f3(f0(f1(di))),… • f1 • P2 • f4 • P3 • …di,… • P1 • P3 • …di,… • …,f3(f0(f1(di))),… • User • Portal • Service providers come from different security domains • Not all data processing components are trustworthy 4

  5. Previous Work • Distributed dataflow processing • focuses on resource and performance management issues. • usually assumes that all data processing components are trustworthy. • Trust management in distributed systems • Distributed messaging systems [Haeberlen, et al. SOSP 2007] • Pub-sub overlay [Srivatsa, et al., CCS 2005] • Virtualized datacenters [Berger, et al., SIGOPS 2008] • None of them addressed secure and scalable dataflow processing in multi-tenant cloud systems 5

  6. Previous Work (cont.) • Byzantine fault-tolerance • in Wide area networks [Amir, et al., DSN 2006] • Generally has scalability issues. • Security in SOA • WS-Security v1.1 [Oasis, 2006] • Focuses on integrity and confidentiality of web service messages through encryption and authentication. • Attacks can go beyond messaging security. 6

  7. RunTest RunTest: Assuring Integrity of Dataflow Processing in Cloud Computing Infrastructures. Juan Du, Wei Wei, Xiaohui Gu, Ting Yu. ACM Symposium on Information, Computer and Communications Security (ASIACCS), Beijing, China, April, 2010. Detect integrity attack Randomized data attestation Attestation Graph Pinpoint malicious nodes 7

  8. Integrity Attestation Graph Randomized data attestation Capture consistency/inconsistency relationships between pairs of components • f1 • f2 • f1 • f2 • f1(d2’) • s4 • f2(f1(d2’)) • s1 • f1(d1) • f2(f1(d1)) • d1 • d2’ • s1 • s4 • d2 • d1 • s5 • s2 • f1(d1’) • f2(f1(d1’)) • d1’ • Portal • 1 • 0.3 • 1 • 0.6 • d2 • f2(f1(d2)) • f1(d1)=f1(d1’) • Portal • s6 • s3 • f1(d2) • s2 • s3 • s5 • 0.6 • s6 • f2(f1(d1))=f2(f1(d1’)) • 0.3 • f1(d2) != f1(d2’) 8

  9. Pinpoint Malicious Service Providers • clique P1 Proposition 1: All good nodes form a consistency clique. 1 P5 P2 1 Assume: Good nodes take majority in each service function. P3 P4 9

  10. Identify Attack Patterns • clique • clique • clique • Number of cliques • Weights on the edges 10

  11. Experimental Evaluation • Implementation • On top of IBM System S • Experiment setup • Tested on NCSU virtual computing lab (VCL) • Use about 10 blade servers • Each host run CentOS 5.2 64-bit with Xen 3.0.3 11

  12. Detection Rate Can achieve 100% detection rate under different attack patterns 12

  13. Comparison Full Time Majority Voting (pu = 1, r = 5) Immediate detection Not scalable RunTest Scalable, small pu and r => less attestation traffic A short delay in detection, small pu and r => takes longer to detect 13

  14. Conclusion • The first attempt to address service integrity of dataflow processing applications in multi-tenant cloud systems • Scalable runtime service attestation • Light-weight • Randomized data attestation • Black-box approach • Application-level input replay and result consistency check • Effective • High detection rate and no false alarm 14

  15. Ongoing Work • Support stateful service functions • Relax the assumptions for malicious service providers • can take majority in service functions • Must be minority in overall system 15

  16. Thank you! Questions? 16

More Related