Big Data Security: How to efficiently perform data analytics over - - PowerPoint PPT Presentation

Big Data Security: How to efficiently perform data analytics over encrypted data? Adrian Perrig Network Security Group ETH Zürich

1

Why worry about Big Data Security?

• Security is well understood and well handled!
• Really?

2

Problem Setting

• Corporations perform transactions in the cloud

and store user content in the cloud

• Core security challenges
• Malicious user
• Malicious corporation
• Malicious cloud provider
• Malicious administrator

3

Users Corporations Cloud Providers

Missing Link: Secure Computation

Existing security techniques are incomplete

• Good data-in-motion protections
• VPNs, SSL, IPsec
• Good data-at-rest protections
• Full disk encryption
• Self-encrypting disk drives
• Eventually the data must be used!
• Cannot assume the absence of malware
• Malware may be in peripherals (disk, keyboard, GPU)
• Malicious insider / administrator has full access

Observation

• Need complete set of data protections, including
• Isolated execution
• Secure loading
• Secure execution
• Secure state storage,

preventing replay attacks

• Secure backup
• Verifiable deletion

data in-situ data in transit data at rest

Approaches

• Trust: rely on cloud provider for security
• Pro: Efficient
• Con: Misaligned incentives, lack of liability in case of

attacks

• Cryptography: secure multi-party computation
• Pro: no need to trust execution
• Con: inefficient, 10000-1000000x slower
• Trusted hardware
• Pro: efficient and relatively easy to use
• Con: trust in manufacturer, increased HW cost

6

Trusted Platform Module (TPM) Overview

• Trusted Computing Group (TCG) proposed Trusted

Platform Module (TPM) chip

• Already included in many platforms (over 600 million devices

deployed by Spring 2011)

• Cost per chip around $1
• Modern microprocessors provide special instructions

that interact with TPM chip

• AMD SVM: SKINIT instruction
• Intel TXT/LT: GETSEC[SENTER] instruction

Creation of Isolated Execution Environment

• AMD / Intel late launch extensions
• Secure Loader Block (SLB) to execute in IEE
• SKINIT / SENTER execute atomically
• Sets CPU state similar to INIT (soft reset)
• Resets dynamic PCRs
• Enables DMA protection for entire SLB
• Sends SLB contents to TPM
• Begins executing at SLB’s entry point

SLB SKINIT SENTER

How to Remotely Verify/Attest?

Nonce N Nonce N

S N S

V

N S N S Means H(S) and N are signed by platform key

Systems Built with these Primitives

• Jonathan M. McCune, Bryan Parno, Adrian

Perrig, Michael K. Reiter, and Hiroshi Isozaki, "Flicker: An Execution Infrastructure for TCB Minimization". ACM European Conference on Computer Systems (EuroSys), March 2008.

• Jonathan McCune, Yanlin Li, Ning Qu, Zongwei

Zhou, Anupam Datta, Virgil Gligor, and Adrian Perrig, "TrustVisor: Efficient TCB Reduction and Attestation". IEEE Symposium on Security and Privacy, May 2010.

10

Flicker

• Goals
• Isolated execution of security-sensitive code S
• Attested execution of Output = S( Input )
• Minimal TCB

HW

Shim

OS App App

S

V Untrusted Trusted Verified

TrustVisor

• Goals
• Similar to Flicker, trade off TCB size with high efficiency
• Isolated execution of security-sensitive code S
• Attested execution of Output = S( Input )

HW OS App App

S

V

TrustVisor

User-Verifiable Trusted Environment Setup

HW OS App App

S

Untrusted Trusted Verified Legend:

Trusted Channels btw Protected Partitions

HW OS App App

S TrustVisor

HW OS App App

S TrustVisor

Strong Isolation for Data Secrecy/Integrity

HW OS App App

S TrustVisor

Summary

• Secure HW enables powerful properties in the cloud
• Verification of hardware platform
• Attestation of software executing in cloud
• Isolation of secure execution environment
• Protection against malicious administrator
• Protection against malicious peripherals, OS, VMM
• Low performance overhead
• Readily applicable to current applications, minor

modifications required

• Flicker and TrustVisor are free and open-source

16