bonsai balanced lineage authentication
play

Bonsai: Balanced Lineage Authentication Ashish Gehani - PowerPoint PPT Presentation

Aug 22, 2022 •445 likes •651 views

Bonsai: Balanced Lineage Authentication Ashish Gehani Bonsai:Balanced Lineage Authentication p. 1/19 What is data lineage ? Output Operation Input 1 Input n (a) Primitive operation (b) Compound operation tree Bonsai:Balanced Lineage

  1. Bonsai: Balanced Lineage Authentication Ashish Gehani Bonsai:Balanced Lineage Authentication – p. 1/19

  2. What is data lineage ? Output Operation Input 1 Input n (a) Primitive operation (b) Compound operation tree Bonsai:Balanced Lineage Authentication – p. 2/19

  3. Why track lineage? GIS - Data origins Material science - Component pedigree Biology - Experiment reproducibility Grid - Debugging Bonsai:Balanced Lineage Authentication – p. 3/19

  4. Why certify lineage? Reproduction costly PDB - $200,000 / protein Fermilab Collision Detector - 1 month, multiple TB / datum Reliability Accreditation Ownership Auditability Bonsai:Balanced Lineage Authentication – p. 4/19

  5. What’s been done? LFS - Inputs, Outputs, Options → SQL PASS - Runtime environs → Berkeley DB Trio - Tracks data accuracy using lineage CMCS - Chemistry toolkit → WebDAV Chimera - Workflow scripts my Grid - Biology Grid workflows V esta - Incremental builds ESSW - Earth Science data management Bonsai:Balanced Lineage Authentication – p. 5/19

  6. What’s the problem? Single trust domain Chimera , my Grid , V esta , ESSW Centralized service LFS , PASS , Trio , CMCS No assurance Unsigned Incomplete Bonsai:Balanced Lineage Authentication – p. 6/19

  7. What granularity? What to audit? Processes, System calls, File system? Fine grain → High overhead Coarse grain → False positives File system: Pro - Intermediate complexity Pro - Captures most persistent change Con - Can’t track data from: Network, Keyboard, Pipes, Memory maps Bonsai:Balanced Lineage Authentication – p. 7/19

  8. Certification approach ? Input = Output No global TCB Require commitments Consumer Check agreement of: Input Output Producer output Producer Consumer input Trusted user in subtree / path → Tampering detectable Bonsai:Balanced Lineage Authentication – p. 8/19

  9. Metadata generation Intercede on calls for: exec(), fork(), exit(), open(), close(), read(), write() Maintain process table entries for: accessed, modified files File 2 Read open() close() File 3 File 1 Read close() Process open() Owner Process execution Time close() File 1 File 2 open() File 3 Write Bonsai:Balanced Lineage Authentication – p. 9/19

  10. Minimal representation Executor Signature Output Input Input n 1 Net Address Inode Time Executor: 32 bit IPv4 address, 32 bit user ID Signature: 160 bits [ S IGN K E ( E, O, I 1 , . . . , I n ) ] Input / Output File: 32 bit IPv4 address 32 bit inode 32 bit time (Seconds since 1/1/70) Bonsai:Balanced Lineage Authentication – p. 10/19

  11. Workload Berkeley NOW file system traces Month of activity Access patterns stable Instruction - 20 workstations in teaching lab Research - 13 desktops of research group Web - 1 web server running Postgres Windows - 8 Windows desktops Bonsai:Balanced Lineage Authentication – p. 11/19

  12. Cumulative lineage Current paradigm Entire tree migrates with data Metadata grows rapidly: Steps 1 2 3 4 5 Workload Instruction 0.4 KB 3 KB 31 KB 253 KB 2 MB Research 0.2 KB 0.8 KB 2 KB 8 KB 29 KB Web 1 KB 39 KB 1 MB 29 MB 813 MB Windows 0.2 KB 0.8 KB 2 KB 9 KB 30 KB Bonsai:Balanced Lineage Authentication – p. 12/19

  13. Operational impact Time (in ms ) to read tree in open() : Steps 1 2 3 4 Workload Instruction 0.04 0.05 0.11 1.72 Research 0.05 0.05 0.04 0.04 Web 0.06 0.13 6.42 997.5 Windows 0.07 0.04 0.04 0.04 Time (in ms ) to write tree in close() : Steps 1 2 3 4 Workload Instruction 0.20 0.28 0.32 0.84 Research 0.16 0.19 2.39 3.1 Web 0.16 0.24 4.82 579.14 Windows 0.16 0.50 5.34 3.17 Bonsai:Balanced Lineage Authentication – p. 13/19

  14. In actu Larger representation Unless certification available for: DHCP bindings inode mappings Clock synchronization Bonsai:Balanced Lineage Authentication – p. 14/19

  15. Decentralized lineage Proposed paradigm Remote pointers replace branches Metadata remains small: Workload Storage Instruction 0.4 KB Research 0.2 KB Web 1 KB Windows 0.2 KB Bonsai:Balanced Lineage Authentication – p. 15/19

  16. Verifying lineage Algorithm : C HECK L INEAGE ( D ) { E, S, O, I 1 , . . . , I n } ← G ET R OOT ( D ) O UTPUT ( E ) P E ← P KI L OOKUP ( E ) if I 1 , . . . , I n = {}  Result ← V ERIFY ( P E , S, E, O )   then if Result = F ALSE  then CheckFailed   Result ← V ERIFY ( P E , S, E, O | I 1 | . . . | I n )    if Result = T RUE    � else for i ← 1 to n then  do C HECK L INEAGE ( I i ) Reliability drops ← −      else CheckFailed Bonsai:Balanced Lineage Authentication – p. 16/19

  17. Increasing availability Traditional strategy: Form virtual topology Flood neighbors Inefficient use of storage Bonsai:Balanced Lineage Authentication – p. 17/19

  18. Bonsai Prune lineage tree Stored locally Pruned − must be recovered λ from remote node levels Pruned Bonsai:Balanced Lineage Authentication – p. 18/19

  19. Simplest pruning Trade verification reliability for storage Bonsai:Balanced Lineage Authentication – p. 19/19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Scalable Distributed Lineage Authentication Ashish Gehani Scalable Distributed Lineage

Scalable Distributed Lineage Authentication Ashish Gehani Scalable Distributed Lineage

Scalable Distributed Lineage Authentication Ashish Gehani Scalable Distributed Lineage Authentication p. 1/59 What is data lineage ? Output Operation Input 1 Input n (a) Primitive operation (b) Compound operation tree Scalable

843 views • 59 slides
Presentation of the BONSAI Board 2016 Prof. Bo Weidema, Chair Founder of the BONSAI initiative.

Presentation of the BONSAI Board 2016 Prof. Bo Weidema, Chair Founder of the BONSAI initiative.

Presentation of the BONSAI Board 2016 Prof. Bo Weidema, Chair Founder of the BONSAI initiative. Professor at Aalborg University, committed to trans-disciplinary research that bridges economic, social, engineering and environmental sciences. With

63 views • 3 slides
Mentor: Christine E. Edwards A separately evolving metapopulation lineage where lineage

Mentor: Christine E. Edwards A separately evolving metapopulation lineage where lineage

Rebekah A. Mohn Miami University, Oxford, Ohio mohnra@miamioh.edu Mentor: Christine E. Edwards A separately evolving metapopulation lineage where lineage refers to an ancestor -descendent lineage. (De Queiroz, 2007) De Queiroz.

430 views • 24 slides
plants as bonsai, with a demonstration of potting up a Myrtle Beech ( Nothofagus cunninghamii )

plants as bonsai, with a demonstration of potting up a Myrtle Beech ( Nothofagus cunninghamii )

Aus Australian Na ralian Native ive Pla Plants s as B as Bonsa nsai The long tradition of the art of Bonsai can be traced back through Japan and China, especially over the past 200 years or so. The art now continues to develop and

73 views • 3 slides
1.Lineage 2.Consistency Relational 3.Query Mining 4 6 Lineage + Interactions Lineage +

1.Lineage 2.Consistency Relational 3.Query Mining 4 6 Lineage + Interactions Lineage +

1/24/17 3 Database Problems in Data Visualization Management Systems VIZ DATA Eugene Wu Fotis Psallidas, Zhengjie Miao, Haoci Zhang,Laura Rettig, Yifan Wu, Larry Xu, Thibault Sellam, Remco Chang, Joe Hellerstein 3 3 Database Problems

571 views • 5 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
Jehoshua (Shuki) Bruck From Screws to Systems The Lineage of BMW It happens in biological

Jehoshua (Shuki) Bruck From Screws to Systems The Lineage of BMW It happens in biological

Jehoshua (Shuki) Bruck From Screws to Systems The Lineage of BMW It happens in biological systems!!! C. Elegans Lineage total of 959 cells 302 nerve cells 131 cells are destined to die C. Elegans Lineage Simple Questions Dealing

1.04k views • 66 slides
HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

288 views • 10 slides
Low rate of lineage High rates of diversification lineage diversification Ancestral trait

Low rate of lineage High rates of diversification lineage diversification Ancestral trait

Low rate of lineage High rates of diversification lineage diversification Ancestral trait Evolutionary dead Key innovation innovation ends (e.g. hypothesis for specialization diversity hypothesis) Low rate of trait Niche conservatism

381 views • 6 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

1.66k views • 27 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

613 views • 27 slides
Thermal Flywheeling Alex Woolf, PhD - Principal Data Scientist Lineage Logistics 1 THE NEED FOR

Thermal Flywheeling Alex Woolf, PhD - Principal Data Scientist Lineage Logistics 1 THE NEED FOR

Thermal Flywheeling Alex Woolf, PhD - Principal Data Scientist Lineage Logistics 1 THE NEED FOR COLD 2 THE NEED FOR COLD 3 THE NEED FOR COLD 4 THE NEED FOR COLD 5 LINEAGE INTRO 6 WAREHOUSE 7 LINEAGE INTRO 8 APPROACH QTY POWER

489 views • 29 slides
Presentation of the BONSAI Board 2018 Dr. Christopher Mutel, Chair As a student, consultant, and,

Presentation of the BONSAI Board 2018 Dr. Christopher Mutel, Chair As a student, consultant, and,

Presentation of the BONSAI Board 2018 Dr. Christopher Mutel, Chair As a student, consultant, and, since 2014, scientist at the Paul Scherrer Institute, I have used and researched life cycle assessment (LCA) for the last 10 years. My research

309 views • 3 slides
Tracing Lineage Beyond Relational Operators Mingwu Zhang 1 Xiangyu Zhang 1 Xiang Zhang 2 Sunil

Tracing Lineage Beyond Relational Operators Mingwu Zhang 1 Xiangyu Zhang 1 Xiang Zhang 2 Sunil

Tracing Lineage Beyond Relational Operators Mingwu Zhang 1 Xiangyu Zhang 1 Xiang Zhang 2 Sunil Prabhakar 1 1 Computer Science 2 Bindley Bioscience Center Purdue University Introduction Lineage (Data Provenance) is defined as description of

728 views • 30 slides
Bonsai in the Fog: an Active Learning Lab with Fog Computing Antonio Brogi, Stefano Fort orti,

Bonsai in the Fog: an Active Learning Lab with Fog Computing Antonio Brogi, Stefano Fort orti,

Bonsai in the Fog: an Active Learning Lab with Fog Computing Antonio Brogi, Stefano Fort orti, Ahmad Ibrahim and Luca Rinaldi Service-oriented, Cloud and Fog Computing Research Group Department of Computer Science University of Pisa, Italy 3rd

756 views • 33 slides
Formal Verification of e-Auction protocols Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech

Formal Verification of e-Auction protocols Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech

Introduction Formal Definitions Case Studies Conclusion Formal Verification of e-Auction protocols Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech Universit Grenoble 1, CNRS, VERIMAG firstname.lastname@imag.fr Principles of Security and

806 views • 68 slides
TwistIn: Tangible Authentication of Smart Devices via Motion Co-analysis with a Smartwatch Ho Ho

TwistIn: Tangible Authentication of Smart Devices via Motion Co-analysis with a Smartwatch Ho Ho

TwistIn: Tangible Authentication of Smart Devices via Motion Co-analysis with a Smartwatch Ho Ho Man Col Colman Leu Leung, Chi Wing Fu, Pheng Ann Heng The Chinese University of Hong Kong, Hong Kong Shenzhen Key Laboratory of Virtual Reality

910 views • 15 slides
ALIKE: Authenticated Lightweight Key Exchange Sandrine Agagliate, GEMALTO Security Labs Outline:

ALIKE: Authenticated Lightweight Key Exchange Sandrine Agagliate, GEMALTO Security Labs Outline:

ALIKE: Authenticated Lightweight Key Exchange Sandrine Agagliate, GEMALTO Security Labs Outline: Context Description of ALIKE Generic description Full specification Security properties Chip Unforgeability and Channel Secrecy Underlying

400 views • 21 slides
Security II: Web authentication Markus Kuhn Computer Laboratory, University of Cambridge

Security II: Web authentication Markus Kuhn Computer Laboratory, University of Cambridge

Security II: Web authentication Markus Kuhn Computer Laboratory, University of Cambridge https://www.cl.cam.ac.uk/teaching/1718/SecurityII/ Lent 2018 Part II websecurity-slides.pdf 2018-02-23 11:38 fca1bee 1 Hyper Text Transfer Protocol

500 views • 33 slides
CS 423 Operating System Design: OS Security Crash Course Tianyin Xu Thanks for Prof. Adam Bates

CS 423 Operating System Design: OS Security Crash Course Tianyin Xu Thanks for Prof. Adam Bates

CS 423 Operating System Design: OS Security Crash Course Tianyin Xu Thanks for Prof. Adam Bates for the slides. CS 423: Operating Systems Design Security Properties Confidentiality? Integrity? Availability? Authenticity? CS

437 views • 22 slides
distributed IP networks IETF 89 - Tutorials London, England March 2 - 7, 2014 Presented by:

distributed IP networks IETF 89 - Tutorials London, England March 2 - 7, 2014 Presented by:

Introduction to centralized Authentication, Authorization and Accounting (AAA) management for distributed IP networks IETF 89 - Tutorials London, England March 2 - 7, 2014 Presented by: Lionel Morand Co-authored by: Alan Dekok x Introduction

1.2k views • 71 slides
Communication: TLS CS 161: Computer Security Prof. David Wagner March 11, 2016 Todays Lecture

Communication: TLS CS 161: Computer Security Prof. David Wagner March 11, 2016 Todays Lecture

Securing Internet Communication: TLS CS 161: Computer Security Prof. David Wagner March 11, 2016 Todays Lecture Applying crypto technology in practice Two simple abstractions cover 80% of the use cases for crypto: Sealed blob:

1.09k views • 58 slides
Kerberos https://web.mit.edu/kerberos/ https://tools.ietf.org/html/rfc4120 slide 1 Many-to-Many

Kerberos https://web.mit.edu/kerberos/ https://tools.ietf.org/html/rfc4120 slide 1 Many-to-Many

Kerberos https://web.mit.edu/kerberos/ https://tools.ietf.org/html/rfc4120 slide 1 Many-to-Many Authentication ? Servers Users How do users prove their identities when requesting services from machines on the network? Nave solution:

359 views • 10 slides

More recommend