defcon high performance event processing with information
play

DEFCon: High-Performance Event Processing with Information Security - PowerPoint PPT Presentation

Oct 19, 2022 •135 likes •494 views

DEFCon: High-Performance Event Processing with Information Security Matteo Migliavacca, Ioannis Papagiannis, Peter Pietzuch Imperial College London David M. Eyers, Jean Bacon Cambridge Computer Laboratory Peter R. Pietzuch Brian Shand

  1. DEFCon: High-Performance Event Processing with Information Security Matteo Migliavacca, Ioannis Papagiannis, Peter Pietzuch Imperial College London David M. Eyers, Jean Bacon Cambridge Computer Laboratory Peter R. Pietzuch Brian Shand prp@doc.ic.ac.uk National Health Service, UK migliava@doc.ic.ac.uk

  2. Event Stream Processing Needs Strong Security • Event processing – Stream of messages transformed in near real-time by processing units – Confidential information: access healthcare, social networks, finance control 1 • Problem: incorrect event flows – Lead to security violations 2 – Within application , with the environment 2 1 log – Possible causes: bugs, security attacks, third party code, malicious code 1

  3. Financial Processing: Security and Latency monitor order tick Monitor Bank Investor match deal 1 Stock Ticker Broker Monitor Client Investor log 2 • market data processing and local brokering • Security is important – Data is valuable: banks fined for exploiting client information • Performance constraints – Latency, Throughput • Shared Platform – Processing near stock exchanges costly: share resources, reduce entry costs for small firms – Local brokering to avoid transaction fees and trade anonymously 2

  4. Security Approach: Information Flow Control monitor order tick Monitor Bank Investor match deal 1 Stock Ticker Broker Monitor Client Investor log 2 • Protect data end-to-end: Information Flow Control (IFC): – Don’t try to eliminate all bugs and (hard!) 1 2 – Track and control information flows in application – Previously applied to operating systems and programming languages Goal: apply IFC to current high-performance event processing systems 3

  5. Contributions and Overview • Decentralized Event Flow Control (DEFC) model – IFC applied to event processing • DEFCon high-performance implementation – Safe and efficient event flows in Java • Practical isolation methodology – Secure production-level language runtimes with low effort (OpenJDK 6) • Evaluation – Throughput and latency overhead 4

  6. Event Processing in DEFC DEFCon S:{client77} S:{client77} S:{} Client Monitor Client Investor 77 Bank Investor ? Event 1 name name data data S (confidentiality) command monitor { } command monitor parts stock stock IBM IBM {client77} 2 unit can input part iff log name data S (confidentiality) S ( part ) ⊆ S ( unit ) … … {client77} unit can output part iff … … {client77} S ( unit ) ⊆ S ( part ) 5

  7. DEFC Privileges S:{client77} S:{client77} S:{} Client Monitor Client Investor 77 Bank Investor client77 + client77 + , client77 - client77 + cannot receive can receive confidential information confidential information can make confidential cannot make confidential information public information public Clearance privilege: receiving confidential information client77 + – Allows units to add tag to its label Declassification privilege: making confidential data public : client77 - – Allows units to remove tag from its label 6

  8. An Example of Leaks to Avoid S:{client77} S:{} Client Monitor … Access Denied name data S (confidentiality) … … {client77} • Untainted unit tries to read tainted part – First try: return access denied 7

  9. An Example of Leaks to Avoid FirstLetterIsI stock=IBM S:{client77} S:{} Client Monitor FirstLetter = I ? … S:{} Access Denied Bank Investor name name data S (confidentiality) data S (confidentiality) FirstLetterIsI … … … {client77} {client77} • Untainted unit tries to read tainted part – First try: return access denied • Leaks name of secret parts 8

  10. An Example of Leaks to Avoid FirstLetterIsI stock=IBM S:{client77} S:{client77} S:{} Client Monitor FirstLetter = I ? … S:{} Access Denied Bank Investor Ok, label change name name data S (confidentiality) data S (confidentiality) FirstLetterIsI … … … {client77} {client77} • Untainted unit tries to read tainted part – First try: return access denied • Leaks name of secret parts – Second try: update unit label to part label 9

  11. An Example of Leaks to Avoid FirstLetterIsI stock=IBM FirstLetterIsNotJ S:{client77} S:{client77} S:{} Client Monitor FirstLetter = I ? … S:{} Access Denied Bank Investor Ok, label change S:{} FirstLetter = J ? name name data S (confidentiality) data S (confidentiality) Not Found FirstLetterIsI … … … {client77} {client77} • Untainted unit tries to read tainted part – First try: return access denied • Leaks name of secret parts – Second try: update unit label to part label • Secret inferred by absence of communication 10

  12. An Example of Leaks to Avoid FirstLetterIsI stock=IBM FirstLetterIsNotJ S:{client77} S:{client77} S:{} ??? Client Monitor FirstLetter = I ? … S:{} Access Denied Bank Investor Ok, label change S:{} Not Found FirstLetter = J ? name name data S (confidentiality) data S (confidentiality) Not Found FirstLetterIsI … … … {client77} {client77} • Untainted unit tries to read tainted part – First try: return access denied • Leaks name of secret parts – Second try: update unit label to part label • Secret inferred by absence of communication – Solution: avoid implicit label changes, return part not found • Result: all unit label changes must be explicit – First update label, then read part 11

  13. Contributions and Overview • Decentralized Event Flow Control (DEFC) model – IFC applied to event processing • DEFCon high-performance implementation – Safe and efficient event flows in Java • Practical isolation methodology – Secure production-level language runtimes with low effort (OpenJDK 6) • Evaluation – Throughput and latency overhead 12

  14. DEFCon: Controlling Event Flows • DEFC assumes units communicate through labelled events • How to control communication between units? – VM or OS processes: heavy, require copying of data – Use threads: sharing data in single address space – Java: mature, pervasive, good performance 2 DEFCon Client Investor Bank Investor Client Monitor ? label check 1 DEFCon • How to control communication between Java threads? 13

  15. Communication: Threads Share Immutable Data • Unit Threads create new objects to put in events • Problem: how to deliver them to receiving units? – Copy objects in events • Slow Stock:IBM Stock:IBM S:{} S:{} Client Monitor Bank Investor DEFCon 14

  16. Communication: Threads Share Immutable Data • Unit Threads create new objects to put in events • Problem: how to deliver them to receiving units? – Copy objects in events • Slow – Transfer references to shared objects Stock:IBM S:{} S:{} Client Monitor Bank Investor DEFCon 15

  17. Communication: Threads Share Immutable Data • Unit Threads create new objects to put in events • Problem: how to deliver them to receiving units? – Copy objects in events • Slow – Transfer references to shared objects • Problem if unit labels change Stock:IBM ? S:{client77} S:{} S:{} Client Monitor Bank Investor DEFCon 16

  18. Communication: Threads Share Immutable Data • Unit Threads create new objects to put in events • Problem: how to deliver them to receiving units? – Copy objects in events • Slow – Transfer references to shared objects • Problem if unit labels change • Shared state allows unrestricted communication – Solution: only allow immutable objects in event parts ImmutableStock:IBM S:{} S:{} Client Monitor Bank Investor DEFCon 17

  19. Communication: Shared State in Runtimes Bank Investor Client Investor Client Monitor DEFCon OpenJDK 6 static fields ~4000 Class Library native methods ~2000 Native JVM OS 18

  20. Isolation Methodology Overview • Goal – Provide isolation between Java Threads – Secure potentially dangerous targets: static fields and native methods • Previous Java isolation approaches – Do not support fast message passing between isolates (MVM) – Use custom Class Libraries and/or JVMs (I-JVM) – Require extensive analysis of Class Library (KaffeOS, Joe-E) • Our approach 1. Identify potentially dangerous targets using static analysis 2. Modify runtime behaviour of targets using aspect oriented programming (AOP) 3. White-list safe targets 19

  21. 1. Static Analysis Bank Investor Client Investor Client Monitor DEFCon OpenJDK 6 static fields ~4000 Class Library native methods ~2000 Native JVM OS 20

  22. 1. Static Analysis Bank Investor Client Investor Client Monitor DEFCon OpenJDK 6 static fields ~4000 removed ~2000 Class Library native methods ~2000 ~1000 Native JVM OS 21

  23. 1. Static Analysis Bank Investor Client Investor Client Monitor DEFCon OpenJDK 6 static fields ~4000 removed ~2000 Class Library ~900 reachable native methods ~2000 ~1000 ~300 Native JVM OS 22

  24. 2. AOP Runtime Injection Bank Investor Client Investor Client Monitor DEFCon OpenJDK 6 transparent static fields duplication ~4000 removed ~2000 Class Library ~900 reachable security native methods checks ~2000 ~1000 ~300 Native JVM OS 23

  25. 3. White-listing Bank Investor Client Investor Client Monitor DEFCon OpenJDK 6 transparent static fields duplication ~4000 removed ~2000 Class Library ~900 reachable security native methods checks ~2000 ~1000 ~300 Native white-listing JVM OS 24

Recommend

High-performance image processing routines for video and film processing Hannes Fassold

High-performance image processing routines for video and film processing Hannes Fassold

High-performance image processing routines for video and film processing Hannes Fassold 2018-03-28 Our research group 2 GPU-accelerated algorithms / applications @ CCM Connected Computing research group, DIGITAL Institute for Information

286 views • 15 slides
Complex Event Processing: DSL for High Frequency Trading Richard

Complex Event Processing: DSL for High Frequency Trading Richard

Complex Event Processing: DSL for High Frequency Trading Richard Tibbe-s StreamBase Systems QCon London 2011 1 Myth: High level domain specific languages

604 views • 24 slides
High performance data processing with Halide Roel Jordans High performance computjng 2

High performance data processing with Halide Roel Jordans High performance computjng 2

High performance data processing with Halide Roel Jordans High performance computjng 2 Architecture Trends 3 Processing platgorm architectures Increasing latency / energy CPU CPU GPU Cache Cache Cache Cache Local memory Memory 4

841 views • 28 slides
SASE: Complex Event Processing Over Streams Daniel Gyllstrom, Eugene Wu, Hee-Jin Chae, Yanlei

SASE: Complex Event Processing Over Streams Daniel Gyllstrom, Eugene Wu, Hee-Jin Chae, Yanlei

SASE: Complex Event Processing Over Streams Daniel Gyllstrom, Eugene Wu, Hee-Jin Chae, Yanlei Diao, Gordon Anderson, and Patrick Stahlberg Computer Science Department Complex Event Processing High-volume event streams Sensing devices

109 views • 9 slides
Towards High- -performance performance Towards High Flow- -level Packet Processing level

Towards High- -performance performance Towards High Flow- -level Packet Processing level

Towards High- -performance performance Towards High Flow- -level Packet Processing level Packet Processing Flow on Multi- -core Network Processors core Network Processors on Multi Yaxuan Qi (presenter), Bo Xu, Fei He, Baohua Yang,

568 views • 27 slides
sPIN: High-performance streaming Processing in the Network spcl.inf.ethz.ch @spcl_eth The

sPIN: High-performance streaming Processing in the Network spcl.inf.ethz.ch @spcl_eth The

spcl.inf.ethz.ch @spcl_eth T. H OEFLER , S. D I G IROLAMO , K. T ARANOV , R. E. G RANT , R. B RIGHTWELL sPIN: High-performance streaming Processing in the Network spcl.inf.ethz.ch @spcl_eth The Development of High-Performance Networking

500 views • 28 slides
Computational Neuroscience for Technology: Event-based Vision Sensors and Information Processing

Computational Neuroscience for Technology: Event-based Vision Sensors and Information Processing

Computational Neuroscience for Technology: Event-based Vision Sensors and Information Processing Jrg Conradt Neuroscientific System Theory Center of Competence on Neuro-Engineering Technische Universitt Mnchen http://www.nst.ei.tum.de

422 views • 40 slides
Getting the Performance Out Of Getting the Performance Out Of High Performance Computing High

Getting the Performance Out Of Getting the Performance Out Of High Performance Computing High

Getting the Performance Out Of Getting the Performance Out Of High Performance Computing High Performance Computing Jack Dongarra I nnovative Computing Lab University of Tennessee and Computer Science and Math Division Oak Ridge Nat ional

380 views • 13 slides
Partition and Compose: Parallel Complex Event Processing Martin Hirzel, IBM Research Tuesday, 17

Partition and Compose: Parallel Complex Event Processing Martin Hirzel, IBM Research Tuesday, 17

Partition and Compose: Parallel Complex Event Processing Martin Hirzel, IBM Research Tuesday, 17 July 2012 DEBS 1 ? CEP = Stream Processing? Event (Stream) Processing Aggregate Complex Event Processing Enrich Filter Use pattern over

592 views • 21 slides
Big Data for Data Science Data streams and low latency processing event.cwi.nl/lsde DATA STREAM

Big Data for Data Science Data streams and low latency processing event.cwi.nl/lsde DATA STREAM

Big Data for Data Science Data streams and low latency processing event.cwi.nl/lsde DATA STREAM BASICS event.cwi.nl/lsde2015 event.cwi.nl/lsde What is a data stream? Large data volume, likely structured, arriving at a very high rate

650 views • 64 slides
High-performance computing in Java: the data processing of Gaia X. Luri & J. Torra ICCUB/IEEC

High-performance computing in Java: the data processing of Gaia X. Luri & J. Torra ICCUB/IEEC

High-performance computing in Java: the data processing of Gaia High-performance computing in Java: the data processing of Gaia X. Luri & J. Torra ICCUB/IEEC SciComp XXL May. 2009 1/33 High-performance computing in Java: the data

668 views • 33 slides
Progress Apama & Event Processing Mark Palmer, Vice President of Event Processing Agenda

Progress Apama & Event Processing Mark Palmer, Vice President of Event Processing Agenda

Progress Apama & Event Processing Mark Palmer, Vice President of Event Processing Agenda (based on Symposium Guidelines) Major Characteristics of the Progress Approach Usage Scenarios Major Trends & Roadmap for EP Major

577 views • 35 slides
Digital Volumetric Processing Using High Performance Computing Tom Kurfess Tommy Tucker Chris

Digital Volumetric Processing Using High Performance Computing Tom Kurfess Tommy Tucker Chris

Digital Volumetric Processing Using High Performance Computing Tom Kurfess Tommy Tucker Chris Saldana Roby Lynn Pedro Urbina Clayton Greer Georgia Institute of Technology / Tucker Innovations / Tecnolgico de Monterrey North American

141 views • 12 slides
High Performance New drivers Requirements Solutions

High Performance New drivers Requirements Solutions

High Performance New drivers Requirements Solutions Computing New workloads More computing performance (Ops Heterogeneity: per second), also for simple Generic processing Compute operations (FP16, FP8,

576 views • 28 slides
TOR https://media.defcon.org/DEF%20CON%2025/DEF%20CON

TOR https://media.defcon.org/DEF%20CON%2025/DEF%20CON

TOR https://media.defcon.org/DEF%20CON%2025/DEF%20CON %2025%20presentations/DEFCON-25-Roger-Dingledine-Next- Generation-Tor-Onion-Services-UPDATED.pdf https://metrics.torproject.org/ https://compass.torproject.org/

970 views • 33 slides
High Input Voltage, Silicon Carbide Power Processing Unit Performance Demonstration Karin E.

High Input Voltage, Silicon Carbide Power Processing Unit Performance Demonstration Karin E.

https://ntrs.nasa.gov/search.jsp?R=20150023096 2018-05-07T09:26:07+00:00Z High Input Voltage, Silicon Carbide Power Processing Unit Performance Demonstration Karin E. Bozak, Luis R. Piero, Robert J. Scheidegger, Michael V. Aulisio, and

307 views • 27 slides
The Active Memory Cube : A Processing-in-Memory System for High Performance Computing Zehra Sura

The Active Memory Cube : A Processing-in-Memory System for High Performance Computing Zehra Sura

The Active Memory Cube : A Processing-in-Memory System for High Performance Computing Zehra Sura IBM T.J. Watson Research Center Yorktown Heights, New York AMC Team Members Ravi Nair Thomas Fox Martin Ohmacht Samuel Antao Diego Gallo

711 views • 31 slides
High Performance Streaming Data Processing F. Huizinga Radio Astronomy Study celestial

High Performance Streaming Data Processing F. Huizinga Radio Astronomy Study celestial

High Performance Streaming Data Processing F. Huizinga Radio Astronomy Study celestial objects in radio frequencies LOFAR ( LO w F requency AR ray) 7000 Antennas Below 250 MHz Multiple stations Biggest in the world

155 views • 14 slides
Large-Scale Data Engineering Data streams and low latency processing event.cwi.nl/lsde DATA

Large-Scale Data Engineering Data streams and low latency processing event.cwi.nl/lsde DATA

Large-Scale Data Engineering Data streams and low latency processing event.cwi.nl/lsde DATA STREAM BASICS event.cwi.nl/lsde2015 event.cwi.nl/lsde What is a data stream? Large data volume, likely structured, arriving at a very high rate

959 views • 64 slides
Natural Language Processing and Information Retrieval Performance Evaluation Query Expansion

Natural Language Processing and Information Retrieval Performance Evaluation Query Expansion

Natural Language Processing and Information Retrieval Performance Evaluation Query Expansion Alessandro Moschitti Department of Computer Science and Information Engineering University of Trento Email: moschitti@disi.unitn.it Sec. 8.6

748 views • 63 slides
High-Performance Transaction Processing in SAP HANA Presentation by Young-Rae Kim What is SAP

High-Performance Transaction Processing in SAP HANA Presentation by Young-Rae Kim What is SAP

High-Performance Transaction Processing in SAP HANA Presentation by Young-Rae Kim What is SAP HANA? An in-memory, column-oriented, RDBMS marketed by SAP SE. [1] HANA is not an acronym. What is SAP HANA? An in-memory/main

424 views • 13 slides
Reactive Extensions (Rx) Your prescription to cure event processing blues Bart J.F. De Smet

Reactive Extensions (Rx) Your prescription to cure event processing blues Bart J.F. De Smet

Reactive Extensions (Rx) Your prescription to cure event processing blues Bart J.F. De Smet Software Development Engineer bartde@microsoft.com Why should I care? GPS RSS feeds Social media Server management Event Processing Systems

447 views • 32 slides
Pilot-Streaming: Design Considerations for a Stream Processing Framework for High- Performance

Pilot-Streaming: Design Considerations for a Stream Processing Framework for High- Performance

Pilot-Streaming: Design Considerations for a Stream Processing Framework for High- Performance Computing Andre Luckow, Peter M. Kasson, Shantenu Jha STREAMING 2016, 03/23/2016 RADICAL, Rutgers, http://radical.rutgers.edu Motivation There is

225 views • 11 slides
Large-Scale Data Engineering Data streams and low latency processing event.cwi.nl/lsde2015 DATA

Large-Scale Data Engineering Data streams and low latency processing event.cwi.nl/lsde2015 DATA

Large-Scale Data Engineering Data streams and low latency processing event.cwi.nl/lsde2015 DATA STREAM BASICS event.cwi.nl/lsde2015 What is a data stream? Large data volume, likely structured, arriving at a very high rate Potentially

498 views • 38 slides

More recommend