balancing performance,accuracy and precision for secure cloud transactions

03-11-20141

BALANCING

PERFORMANCE,ACCURACY

AND PRECISION FOR SECURE

CLOUD TRANSACTIONS

CONTENTS

03-11-2014Balancing performance ,accuracy and precision for secure cloud

transactions2

Introduction

Related work

Problem definition

Implementation

Evaluation

Conclusion

Future work

References

INTRODUCTION


transactions3

Cloud computing refers to both the

applications delivered as services over the

internet and h/w and systems s/w in the data

centres that provide those services.

Introduction cont...

03-11-2014Balancing performance ,accuracy and precision for secure cloud transactions4

One of the most appealing effects of cloud

computing is its elasticity.

To provide scalability and elasticity cloud

services make heavy use of replication to

ensure consistent performance and

availability


Cloud services rely on the notion of eventual

consistency when propagating data

throughout the system.

oThis consistency model is a variant of

weak consistency that allows data to be

inconsistent among some replicas during

the update process, but ensures that

updates will eventually be propagated to

all replicas .


transactions6

In systems that host sensitive resources

accesses are protected via authorization

policies.

Authorization policies are which describes the

conditions under which users should be

permitted access to resources.

This policies describe relationships between

the system principles and the credentials .


transactions7

When transactional database systems are

deployed to the cloud data, policy,and credential

inconsistency problems can emerge.

To address this confluence, following

contributions are made,

Trusted transactions.

Safe transactions.

2PVC

RELATED WORK


Relaxed consistency models for the cloud :

o Adds a new dimension to the complexity of the

design of large scale applications and introduces a

new set of consistency problems.

Distributed transactions:

o There is a recent work that focuses on providing

some level of guarantee to the relationship

between data and policies.


transactions9

Distributed authorization

oHighlights the inconsistency issues that can arise in the case where authorization policies are static.

oThe credential used to satisfy these policies may be revoked or altered.

oThe authors develop protocols that enable various consistency guarantees to be enforced during the proof construction,which are similar to safe transactions.

INTERACTION AMONG THE SYSTEM COMPONENTS


SYSTEM MODEL

PROBLEM DEFINITION


transactions11

The state information of the credentials and

policies enforced by different servers may

change at any instant of time.

Therefore it becomes important to introduce

precise definitions for different consistency

levels.

These consistency models strengthen the

trusted transaction definition .


transactions12

1. VIEWSet of proofs of authorizations observed during the lifetime of a transaction.

2. VIEW CONSISTENCYPolicy versions should be internally consistent

across all servers executing the transaction.

3. GLOBAL CONSISTENCYpolicies used to evaluate the proofs of authorizations during a transaction execution among S servers should match the latest policy version among entire policies .

4. TRUSTED TRANSACTION

A transaction is safe if it is a trusted transaction and also satisfies all data integrity constraints imposed by the DBMS.

TRUSTED TRANSACTION ENFORCEMENT


transactions13

1. DEFERRED PROOFS OF AUTHORIZATION

An optimistic approach with relatively weak

authorization guarantees, evaluated only at

commit time


transactions14

2. PUNCTUAL PROOFS OF AUTHORIZATION

Proactive approach in which the proofs of

authorizations are evaluated instantaneously

whenever a query is being handled by a server.

3. INCREMENTAL PUNCTUAL PROOFS OF

AUTHORIZATION


transactions15

View instance: subset of all proofs of authorization evaluated by servers involved in transaction up till a time instance.

a transaction is not allowed to proceed unless each server achieves the desired level of policy consistency with all previous servers.

All participating servers will be view consistent by commit time.


transactions16


transactions17

4 . CONTINUOUS PROOFS OF AUTHORIZATION

Whenever a proof is evaluated ,all previous proofs have to be reevaluated if a newer version of the policy is found at any of the participating servers.

At commit time continuous proofs behave similar to incremental punctual proofs.

If later executing servers are using the new policy versions , all previous servers must

Update their policies to be consistent with the newest one.

Re-evaluate their proofs of authorization using the newer policies.


transactions18

IMPLEMENTATION


transactions19

A transaction that is trusted and database

correct is a safe transaction.

TM has to enforce either view or global

consistency among the servers participating in

the transaction.

enforces trusted transactions and this

algorithm is expanded to enforce safe

transactions.

Two –phase validation algorithm(2PV)


transactions

20

Two-phase validation algorithm


transactions21

2PV operates in two phases collection and validation.

In the case of view consistency ,there will be at most two rounds of collection phase.

For the global consistency case ,the TM retrieves the latest policy version from a master policies server.

uses it to compare against the version numbers of each participant.

Two-phase Validation Commit-2PVC


transactions22

TWO-PHASE VALIDATE COMMIT

ALGORITHM


transactions23

2PVC has similar structure as that of 2PV .

2PVC can be used to ensure the data and

policy consistency requirements of safe

transactions.

It evaluate the policies and authorizations

within the first voting phase

USING 2PV AND 2PVC IN SAFE

TRANSACTIONS

03-11-2014Balancing performance ,accuracy and precision for secure

cloud transactions24

2PV and 2PVC can be used to enforce each of the consistency levels .

Deferred and punctual proofs are roughly the same

Punctual will return proof evaluations upon executing each query.

For trusted transactions both require at commit time evaluation at all participants using 2PVC.

EVALUATION


transactions25

Deferred proofs have the best performance and less accurate

Punctual proofs incur cost of local authorization checks.

Both schemes enforce consistency at commit time.

Incremental punctual proofs has the worst performance but is more accurate and secure.

Continuous proofs has moderate performance


CONCLUSION



several consistency problems are identified

,which can arise during cloud-hosted transaction

processing using weak consistency models.

A variety of lightweight proof enforcement and

consistency models are developed that can

enforce increasingly strong protections with

minimal runtime overhead.

CONCLUSION Cont...



The proposed consistency models are

evaluated relative to three core metrics:

performance ,accuracy and precision.

Deferred and punctual proofs had minimal

overheads, but failed to detect several

consistency problems.

CONCLUSION cont...


transactions29

Incremental and continuous proofs required

higher code complexity to implement correctly.

2PVC protocol , an enhanced version of the

widely used 2PC protocol is used to

implement the approaches and ensure safe

transactions.

FUTURE WORK


transactions30

The different trade-offs of the proposed

approaches by simulating their execution over a

cloud infrastructure can be investigated.

Given a better understanding of the execution

times of each approach in both short/long

transactions and frequent/infrequent policy

updates,quantitative measures to

better guide the decision process can be

provided.

REFERENCES


transactions31

M. Armbrust et al., “Above the Clouds: A Berkeley View of Cloud Computing,” technical report, Univ. of California, Feb. 2009.

S. Das, D. Agrawal, and A.E. Abbadi, “Elastras: An ElasticTransactional Data Store in the Cloud,” Proc. Conf. Hot Topics in Cloud Computing (USENIX HotCloud ’09), 2009.

D.J. Abadi, “Data Management in the Cloud: Limitations and Opportunities,” IEEE Data Eng. Bull., vol. 32, no. 1, pp. 3-12,Mar. 2009



Engineering

balancing performance,accuracy and precision for secure cloud transactions