Upload
fleta
View
37
Download
0
Embed Size (px)
DESCRIPTION
Assuring Integrity of Dataflow Processing in Large-Scale Cloud Systems. Juan Du Co-advised by: Dr. Xiaohui (Helen) Gu, Dr. Douglas Reeves Department of Computer Science North Carolina State University. Outline. Background Multi-tenant cloud systems Service integrity attack - PowerPoint PPT Presentation
Citation preview
Computer Science
Assuring Integrity of Dataflow Processing in Large-Scale Cloud Systems
Juan DuCo-advised by:
Dr. Xiaohui (Helen) Gu, Dr. Douglas ReevesDepartment of Computer Science
North Carolina State University
Computer Science
Outline
• Background– Multi-tenant cloud systems– Service integrity attack
• Service Integrity Assurance – RunTest [ASIACCS’10]
• Conclusion and Ongoing Work
2
Computer Science
Multi-Tenant Cloud Systems
• Platform for Software as a Service (SaaS)
•P3
•P1
•P1
•P2
•P2
•P3
•P3
VM
VM
VM VM
VM
VMVM
c2
c1
c3c4
c5 c6
c7
•Portal•User
•f2
•f2
•f3
•f3•f1
•f1 •f4
•…di,…
•…,f 1
(d i),… •…,f2(f1(di)),…
•…,f 3
(f 2(f 1
(d i))),…
•…d
i ,…•…,f3(f2(f1(di))),…
3
Computer Science
Service Integrity Attack
4
•P3
•P1
•P1
•P2
•P2
•P3
•P3
c1
c3c4
c5 c6
c7
•Portal•User
•f2
•f2
•f3
•f3•f1
•f1 •f4
•…di,…
•…,f 1
(d i),… •…,f0(f1(di)),…
•…,f 3
(f 0(f 1
(d i))),…
•…,f3(f0(f1(di))),…
•…d
i ,…
c2
• Service providers come from different security domains• Not all data processing components are trustworthy
Computer Science
Previous Work
• Distributed dataflow processing– focuses on resource and performance management
issues.– usually assumes that all data processing
components are trustworthy.
• Trust management in distributed systems– Distributed messaging systems [Haeberlen, et al.
SOSP 2007]– Pub-sub overlay [Srivatsa, et al., CCS 2005]– Virtualized datacenters [Berger, et al., SIGOPS
2008]– None of them addressed secure and scalable
dataflow processing in multi-tenant cloud systems
5
Computer Science
Previous Work (cont.)
• Byzantine fault-tolerance– in Wide area networks [Amir, et al., DSN 2006]– Generally has scalability issues.
• Security in SOA – WS-Security v1.1 [Oasis, 2006]– Focuses on integrity and confidentiality of web
service messages through encryption and authentication.
– Attacks can go beyond messaging security.
6
Computer Science
RunTest
RunTest: Assuring Integrity of Dataflow Processing in Cloud Computing Infrastructures. Juan Du, Wei Wei, Xiaohui Gu, Ting Yu. ACM Symposium on Information, Computer and Communications Security (ASIACCS), Beijing, China, April, 2010.
7
Attestation Graph
•Detect integrity •attack
•Pinpoint malicious nodes
•Randomized data attestation
Computer Science
Integrity Attestation Graph
• Randomized data attestation – Capture consistency/inconsistency relationships
between pairs of components
•Portal
•d1 •Portal
•f1 •f2
•s1
•s2
•s3 •s6
•s5
•s4
•d2
•s1
•s2 •s3
•f1
•s4
•s5 •s6
•f2
•d1
•d1’
• d2
• d2’
• f1(d1)=f1(d1’)
• f1(d2) != f1(d2’)
•1 •0.3
•0.3 •0.6
•0.6•1
•f1(d1)
•f1(d1’)
• f1(d2’)
• f1(d2)
•f2(f1(d1))
• f2(f1(d1))=f2(f1(d1’))
•f2(f1(d1’))
• f2(f1(d2’))
• f2(f1(d2))
8
Computer Science
Pinpoint Malicious Service Providers
9
P1
P2
P3 P4
P5
1
1
Proposition 1:
All good nodes form a consistency clique.
•clique
Assume: Good nodes take majority in each service function.
Computer Science
Identify Attack Patterns
10
• Number of cliques• Weights on the edges
•clique•clique
•clique
Computer Science
Experimental Evaluation
• Implementation– On top of IBM System S
• Experiment setup– Tested on NCSU virtual computing lab (VCL)
– Use about 10 blade servers
– Each host run CentOS 5.2 64-bit with Xen 3.0.3
11
Computer Science
Detection Rate
•Can achieve 100% detection rate under different attack patterns
12
Computer Science
Comparison
• Full Time Majority Voting (pu = 1, r = 5)― Immediate detection ― Not scalable
• RunTest― Scalable, small pu and r => less attestation traffic
― A short delay in detection, small pu and r => takes longer to detect
13
Computer Science
Conclusion
• The first attempt to address service integrity of dataflow processing applications in multi-tenant cloud systems
• Scalable runtime service attestation– Light-weight
• Randomized data attestation– Black-box approach
• Application-level input replay and result consistency check– Effective
• High detection rate and no false alarm
14
Computer Science
Ongoing Work
• Support stateful service functions
• Relax the assumptions for malicious service providers – can take majority in service functions– Must be minority in overall system
15
Computer Science
Thank you! Questions?
16