styx stream processing with trustworthy cloud based
play

STYX: Stream Processing with Trustworthy Cloud-based Execution - PowerPoint PPT Presentation

Jul 19, 2023 •175 likes •754 views

STYX: Stream Processing with Trustworthy Cloud-based Execution Julian Stephen, Savvas Savvides, Vinaitheerthan Sundaram, Masoud Saeida Ardekani, Patrick Eugster October 6, 2016 Purdue University Table of contents 1. Overview 2. Ensuring

  1. STYX: Stream Processing with Trustworthy Cloud-based Execution Julian Stephen, Savvas Savvides, Vinaitheerthan Sundaram, Masoud Saeida Ardekani, Patrick Eugster October 6, 2016 Purdue University

  2. Table of contents 1. Overview 2. Ensuring confidentiality in the cloud 3. Challenges in encrypted stream processing 4. Architecture 5. STYX abstractions and key update 6. Evaluation 7. Related work and conclusion 2

  3. Overview

  4. Introduction Compute clouds • Data analytics platforms • Cost-efficiency, ’on-demand’ compute, low infrastructure setup cost IoT • 26 billion smart devices connected to a network by 2020 • Fine-grained user behavior tracking to capture, personalize and/or monetize user experience Stream processing • Analytics on real-time streaming data (continuous queries) • Many systems over the last few years - Apache Storm, Apache Spark, Apache Flink, Apache Samza, Amazon Kinesis 4

  5. Vulnerabilities - 1 5

  6. Vulnerabilities - 1 5

  7. Vulnerabilities - 1 A 5

  8. Vulnerabilities - 1 f ( A ) A 5

  9. Vulnerabilities - 1 f ( A ) A 5

  10. Vulnerabilities - 1 f ( A ) A A 5

  11. Vulnerabilities - 2 Real problems 6

  12. Ensuring confidentiality in the cloud

  13. Confidentiality in the cloud Fully homomorphic encryption (FHE) • Allows arbitrary computation on encrypted data f ( A ) A f 8

  14. Confidentiality in the cloud Fully homomorphic encryption (FHE) • Allows arbitrary computation on encrypted data f ( A ) A f 8

  15. Confidentiality in the cloud Fully homomorphic encryption (FHE) • Allows arbitrary computation on encrypted data f ( A ) A f k E ( A, k ) 8

  16. Confidentiality in the cloud Fully homomorphic encryption (FHE) • Allows arbitrary computation on encrypted data f ( A ) A f k E ( A, k ) f ′ f ′ ( E ( A, k )) 8

  17. Confidentiality in the cloud Fully homomorphic encryption (FHE) • Allows arbitrary computation on encrypted data f ( A ) A f D ( f ′ ( E ( A, k ))) k E ( A, k ) f ′ f ′ ( E ( A, k )) 8

  18. Confidentiality in the cloud Fully homomorphic encryption (FHE) • Allows arbitrary computation on encrypted data • Prohibitive overhead 8

  19. Confidentiality in the cloud Fully homomorphic encryption (FHE) • Allows arbitrary computation on encrypted data • Prohibitive overhead Partially homomorphic encryption (PHE) • Allows certain operations to be performed over encrypted text • AHE: D ( E ( x 1) ψE ( x 2)) = x 1 + x 2 • AHE, MHE, OPE, DET Conjecture Many data analytics jobs can be performed securely using a combination of partially homomorphic encryption schemes 8

  20. Vulnerabilities - 3 9

  21. Vulnerabilities - 3 A → E ( A, k ) 9

  22. Vulnerabilities - 3 A → E ( A, k ) f ′ ( E ( A, k )) 9

  23. Vulnerabilities - 3 A → E ( A, k ) f ′ ( E ( A, k )) 9

  24. Vulnerabilities - 3 A → E ( A, k ) f ′ ( E ( A, k )) E ( A, k ) k → ❅ ❆ A 9

  25. Challenges in encrypted stream processing

  26. Challenges in encrypted stream processing • Programmer effort • Need to identify encryption scheme for each input data stream, perform cryptographic equivalent of required operation • if (Stream1.f1 < 100) return ; else ... • sum = sum + Stream2.f3; 11

  27. Challenges in encrypted stream processing • Key change • PHE requires all tuples in an aggregate function to be encrypted with same key A A B C D E F G A 11

  28. Challenges in encrypted stream processing • Deployment optimizations • Deployment parameters specified for plaintext data may not be optimal when computation happens on encrypted data 11

  29. Challenges in encrypted stream processing • Programmer effort • Need to identify encryption scheme for each input data stream, perform cryptographic equivalent of required operation • Key change • PHE requires all tuples in an aggregate function to be encrypted with same key • Deployment optimizations • Deployment parameters specified for plaintext data may not be optimal when computation happens on encrypted data 11

  30. Challenges in encrypted stream processing • Programmer effort • Need to identify encryption scheme for each input data stream, perform cryptographic equivalent of required operation • Key change • PHE requires all tuples in an aggregate function to be encrypted with same key • Deployment optimizations • Deployment parameters specified for plaintext data may not be optimal when computation happens on encrypted data • Limitations of PHE • PHE may not support a sequence of operations requiring trusted nodes to perform remaining computation 11

  31. Challenges in encrypted stream processing • Programmer effort • Need to identify encryption scheme for each input data stream, perform cryptographic equivalent of required operation • Key change • PHE requires all tuples in an aggregate function to be encrypted with same key • Deployment optimizations • Deployment parameters specified for plaintext data may not be optimal when computation happens on encrypted data • Limitations of PHE • PHE may not support a sequence of operations requiring trusted nodes to perform remaining computation • Constants and initialization • Variables must be initialized using the encrypted value of the initialization constant 11

  32. Challenges in encrypted stream processing • Programmer effort • Need to identify encryption scheme for each input data stream, perform cryptographic equivalent of required operation • Key change • PHE requires all tuples in an aggregate function to be encrypted with same key • Deployment optimizations • Deployment parameters specified for plaintext data may not be optimal when computation happens on encrypted data • Limitations of PHE • PHE may not support a sequence of operations requiring trusted nodes to perform remaining computation • Constants and initialization • Variables must be initialized using the encrypted value of the initialization constant 11

  33. Architecture

  34. STYX architecture Program (STYX Homomorphism Analytical Topology Topology API, Annotations) Analysis Model scheduling execution Trusted Tier Untrusted Cloud Execution flow • User submits program written using system (STYX) API • Homomorphism analysis identifies crypto systems required to execute the graph • Analytical model identifies deployment profile • Scheduler assigns tasks to nodes • Runtime executes tasks 13

  35. STYX abstractions and key up- date

  36. STYX abstraction Group sum in a sliding window 1 /** Track sum of values per group per time slot */ 2 public class SlotBasedSum <T> { ... 3 public void updateSum(T group , int slot , 4 SecField val) { SecField [] sums = objGroupSum.get(group); 5 if (sums == null) { 6 sums = new SecField[this.numSlots ]; 7 init(sums , val); 8 objGroupSum.put(obj , sums); 9 } 10 sums[slot] = SecureOper 11 .add(sums[slot], val); 12 } 13 14 } 15

  37. STYX abstraction Group sum in a sliding window 1 /** Track sum of values per group per time slot */ 2 public class SlotBasedSum <T> { ... 3 public void updateSum(T group , int slot , 4 SecField val) { SecField [] sums = objGroupSum.get(group); 5 if (sums == null) { 6 sums = new SecField[this.numSlots ]; 7 init(sums , val); 8 objGroupSum.put(obj , sums); 9 } 10 sums[slot] = SecureOper 11 .add(sums[slot], val); 12 } 13 14 } 15

  38. Without STYX abstractions Group sum in a sliding window (Storm) 1 public class SlotBasedSum <T> { BigInteger publicKey = readPubKey (); 2 public void updateSum(T group , int slot , 3 BigInteger value) { BigInteger [] sums = objGroupSum.get(group); 4 if (sums == null) { 5 sums = new BigInteger[this.numSlots ]; 6 init(sums , "AHE"); 7 objGroupSum.put(group , sums); 8 } 9 sums[slot] = sums[slot ]. multiply(value) 10 .mod(publicKey.multiply(publicKey)); 11 } 12 13 } 14 16

  39. Without STYX abstractions Group sum in a sliding window (Storm) 1 public class SlotBasedSum <T> { BigInteger publicKey = readPubKey (); 2 public void updateSum(T group , int slot , 3 BigInteger value) { BigInteger [] sums = objGroupSum.get(group); 4 if (sums == null) { 5 sums = new BigInteger[this.numSlots ]; 6 init(sums , "AHE"); 7 objGroupSum.put(group , sums); 8 } 9 sums[slot] = sums[slot ]. multiply(value) 10 .mod(publicKey.multiply(publicKey)); 11 } 12 13 } 14 16

  40. Without STYX abstractions Group sum in a sliding window (Storm) 1 public class SlotBasedSum <T> { BigInteger publicKey = readPubKey (); 2 public void updateSum(T group , int slot , 3 BigInteger value) { BigInteger [] sums = objGroupSum.get(group); 4 if (sums == null) { 5 sums = new BigInteger[this.numSlots ]; 6 init(sums , "AHE"); 7 objGroupSum.put(group , sums); 8 } 9 sums[slot] = sums[slot ]. multiply(value) 10 .mod(publicKey.multiply(publicKey)); 11 } 12 13 } 14 16

  41. Key change Challenges • Functions that aggregates data over a sliding window makes it impossible to change the encryption key without disrupting output Problem A A B C D E F G A 17

  42. Key change Challenges • Functions that aggregates data over a sliding window makes it impossible to change the encryption key without disrupting output Problem A A B C D E F G A 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Blockchain based Witness Model for Trustworthy Cloud Service Level Agreement Enforcement Huan

A Blockchain based Witness Model for Trustworthy Cloud Service Level Agreement Enforcement Huan

A Blockchain based Witness Model for Trustworthy Cloud Service Level Agreement Enforcement Huan Zhou , Xue Ouyang, Zhijie Ren, Jinshu Su, Cees de Laat, Zhiming Zhao Paris 1/May/2019 Outline Cloud SLA / Blockchain: background and challenges

931 views • 30 slides
Building Applications Tutorial Session for Trustworthy Data Analysis in the Cloud Andrey Brito

Building Applications Tutorial Session for Trustworthy Data Analysis in the Cloud Andrey Brito

ISSRE 2019 Building Applications Tutorial Session for Trustworthy Data Analysis in the Cloud Andrey Brito Andr Martin Lilia Sampaio Fbio Silva Security-aware data processing Part 1 Why secure data processing? 3 In 2019, companies

1.24k views • 69 slides
Infrastructures for Cloud Computing and Big Data Global Stream Processing Antonio Corradi, Luca

Infrastructures for Cloud Computing and Big Data Global Stream Processing Antonio Corradi, Luca

University of Bologna Dipartimento di Informatica Scienza e Ingegneria (DISI) Engineering Bologna Campus Class of Computer Networks M or Infrastructures for Cloud Computing and Big Data Global Stream Processing Antonio Corradi, Luca

388 views • 16 slides
HADES AND THE RIVER STYX By:John Dougherty &amp; Ahmar Ross HADES AND THE RIVER STYX Page:2 The

HADES AND THE RIVER STYX By:John Dougherty &amp; Ahmar Ross HADES AND THE RIVER STYX Page:2 The

HADES AND THE RIVER STYX By:John Dougherty &amp; Ahmar Ross HADES AND THE RIVER STYX Page:2 The river Styx separated the living and the dead.Whoever died their soul went to the underworld with hades. HADES AND THE RIVER Page:3 When your

206 views • 5 slides
Stream Processing Marco Serafini COMPSCI 532 Lecture 5 Stream vs. Batch Processing Batch

Stream Processing Marco Serafini COMPSCI 532 Lecture 5 Stream vs. Batch Processing Batch

Stream Processing Marco Serafini COMPSCI 532 Lecture 5 Stream vs. Batch Processing Batch processing Bounded input Bounded one-shot computation Bounded output Stream processing Unbounded input: data stream

624 views • 23 slides
An Engine for Ontology-Based Stream Processing Theory and Implementation Christian Neuenstadt 6.

An Engine for Ontology-Based Stream Processing Theory and Implementation Christian Neuenstadt 6.

An Engine for Ontology-Based Stream Processing Theory and Implementation Christian Neuenstadt 6. Februar 2018 Lbeck Motivation STARQL Transformation Evaluation Motivation - Use Case C. Neuenstadt An Engine for Ontology-Based Stream

764 views • 30 slides
Machine Models for Stream-Based Processing of External Memory Data Nicole Schweikardt

Machine Models for Stream-Based Processing of External Memory Data Nicole Schweikardt

Machine Models for Stream-Based Processing of External Memory Data Nicole Schweikardt Humboldt-University Berlin Workshop on Algorithms for Data Streams IIT Kanpur 18 20 December 2006 A model based on Turing machines FCMs Overview A

678 views • 53 slides
Introduction to Data Stream Processing Amir H. Payberah payberah@kth.se 19/09/2019 The Course

Introduction to Data Stream Processing Amir H. Payberah payberah@kth.se 19/09/2019 The Course

Introduction to Data Stream Processing Amir H. Payberah payberah@kth.se 19/09/2019 The Course Web Page https://id2221kth.github.io 1 / 88 Where Are We? 2 / 88 Stream Processing (1/4) Stream processing is the act of continuously

1.35k views • 89 slides
Text Stream Processing Dunja Mladeni Artificial Intelligence Laboratory Marko Grobelnik Jo

Text Stream Processing Dunja Mladeni Artificial Intelligence Laboratory Marko Grobelnik Jo

19.6.2012 Text Stream Processing Dunja Mladeni Artificial Intelligence Laboratory Marko Grobelnik Jo ef Stefan Institute Bla Fortuna Ljubljana, Slovenia Delia Rusu ailab.ijs.si Text stream Text stream processing processing Key

507 views • 36 slides
Agenda Introduction on Stream Processing Models [done] Declarative Language:

Agenda Introduction on Stream Processing Models [done] Declarative Language:

Agenda Introduction on Stream Processing Models [done] Declarative Language: Opportunities, and Design Principles [done] Comparison of Prominent Streaming SQL Dialects for Big Stream Processing Systems Conclusion Our Focus

606 views • 34 slides
Agenda Introduction on Stream Processing Models [done] Declarative Language:

Agenda Introduction on Stream Processing Models [done] Declarative Language:

Agenda Introduction on Stream Processing Models [done] Declarative Language: Opportunities, and Design Principles Comparison of Prominent Streaming SQL Dialects for Big Stream Processing Systems Conclusion The key idea

583 views • 21 slides
Auto-sizing for Stream Processing Applications at LinkedIn Rayman Preet Singh, Bharath

Auto-sizing for Stream Processing Applications at LinkedIn Rayman Preet Singh, Bharath

Auto-sizing for Stream Processing Applications at LinkedIn Rayman Preet Singh, Bharath Kumarasubramanian, Prateek Maheshwari, and Samarth Shetty Stream Processing @ LinkedIn Stream Processing Skills Top App Skills Jobs Streaming input,

520 views • 37 slides
The Eight Requirements of Real- Time Stream Processing: STREAM vs Storm Presentation by: Alex

The Eight Requirements of Real- Time Stream Processing: STREAM vs Storm Presentation by: Alex

The Eight Requirements of Real- Time Stream Processing: STREAM vs Storm Presentation by: Alex Galakatos John Meehan Tianyu Qian Introduction to Streams Why streaming processing? Two ideas High-volume streams of real-time data

572 views • 42 slides
Data Stream Processing Part II Stream Windows Lossy Counting Sticky Sampling 1 Data Streams

Data Stream Processing Part II Stream Windows Lossy Counting Sticky Sampling 1 Data Streams

Data Stream Processing Part II Stream Windows Lossy Counting Sticky Sampling 1 Data Streams (recap) continuous, unbounded sequence of items unpredictable arrival times too large to store locally one pass real time processing required

866 views • 59 slides
1 (Cloud) Colocation Games Colocation Games: Questions IaaS cloud providers offer

1 (Cloud) Colocation Games Colocation Games: Questions IaaS cloud providers offer

Do you trust that the price is right? I n Cloud ( Markets) W e Trust Towards a Trustworthy Marketplace for Cloud Resources Holistic system (social) view is pass Azer Bestavros Tenants make resource acquisition/ control

481 views • 7 slides
Building a Graph Processing System Amitabha Roy (LABOS) 1 X-Stream Graph processing system

Building a Graph Processing System Amitabha Roy (LABOS) 1 X-Stream Graph processing system

X-Stream: A Case Study in Building a Graph Processing System Amitabha Roy (LABOS) 1 X-Stream Graph processing system Single Machine Works on graphs stored Entirely in RAM Entirely in SSD Entirely on Magnetic Disk

992 views • 75 slides
Chapter Advocacy Roundtable (CAR) Monthly Call Pam Varhol CAR Chair New England Chapter June

Chapter Advocacy Roundtable (CAR) Monthly Call Pam Varhol CAR Chair New England Chapter June

Chapter Advocacy Roundtable (CAR) Monthly Call Pam Varhol CAR Chair New England Chapter June 19, 2020 1 1 Agenda Partner Presentations National Governors Association &amp; Association of State and Territorial Health Officials

371 views • 21 slides
Stable, Robust, and Versatile Multibody Dynamics Animation Kenny Erleben Department of Computer

Stable, Robust, and Versatile Multibody Dynamics Animation Kenny Erleben Department of Computer

Stable, Robust, and Versatile Multibody Dynamics Animation Kenny Erleben Department of Computer Science University of Copenhagen K. Erleben c p. 1/25 The Problem Large scale (today 1000 objects). Dense random stacking Dense

752 views • 25 slides
Pre-stimulus endogenous activity modulates category tuning and influences behavior Yuanning Li

Pre-stimulus endogenous activity modulates category tuning and influences behavior Yuanning Li

Pre-stimulus endogenous activity modulates category tuning and influences behavior Yuanning Li 1,2,3 , Michael Ward 3 , R. Mark Richardson 2,3 , Max GSell 4 , Avniel Singh Ghuman 2,3 1 Joint PhD program in Neural Computation and Machine

972 views • 59 slides
Discretely Observed Brownian Motion Governed by a Telegraph Process: Estimation Vladimir

Discretely Observed Brownian Motion Governed by a Telegraph Process: Estimation Vladimir

Discretely Observed Brownian Motion Governed by a Telegraph Process: Estimation Vladimir Pozdnyakov and Jun Yan University of Connecticut QPRC 2017 Brownian Bridge Movement Model The Brownian motion (BM) and random walk are often employed by

711 views • 21 slides
Peer-to-peer workload characterization: techniques and open issues Mauro Andreolini University

Peer-to-peer workload characterization: techniques and open issues Mauro Andreolini University

Peer-to-peer workload characterization: techniques and open issues Mauro Andreolini University of Rome Tor Vergata Michele Colajanni University of Modena and Reggio Emilia Riccardo Lancellotti University of Modena and Reggio Emilia

485 views • 19 slides
From random Poincar e maps to stochastic mixed-mode-oscillation patterns Nils Berglund MAPMO,

From random Poincar e maps to stochastic mixed-mode-oscillation patterns Nils Berglund MAPMO,

From random Poincar e maps to stochastic mixed-mode-oscillation patterns Nils Berglund MAPMO, Universit e dOrl eans CNRS, UMR 7349 &amp; F ed eration Denis Poisson www.univ-orleans.fr/mapmo/membres/berglund

746 views • 46 slides
Machine Learning &amp; Data confidentiality Melek nen Joint work with Alberto Ibarrondo, Beyza

Machine Learning &amp; Data confidentiality Melek nen Joint work with Alberto Ibarrondo, Beyza

Machine Learning &amp; Data confidentiality Melek nen Joint work with Alberto Ibarrondo, Beyza Bozdemir, Mohamad Mansouri, Gamze Tillem, Orhan Ermis Machine Learning as a Service Client Server Performance No need for ML knowledge Cost

748 views • 20 slides
Results on dark matter annual modulation from ANAIS-112 experiment J. Amar, S. Cebrin, D.

Results on dark matter annual modulation from ANAIS-112 experiment J. Amar, S. Cebrin, D.

Results on dark matter annual modulation from ANAIS-112 experiment J. Amar, S. Cebrin, D. Cintas, I. Coarasa, E. Garca, M. Martnez, M.A. Olivn, Y. Ortigoza, A. Ortiz de Solrzano, J. Puimedn, A. Salinas, M.L. Sarsa , P . Villar

653 views • 40 slides

More recommend