delegated access for hadoop clusters in the cloud
play

Delegated Access for Hadoop Clusters in the Cloud David Nu nez , - PowerPoint PPT Presentation

May 26, 2023 •308 likes •615 views

Outline Introduction The Hadoop Framework Proxy Re-Encryption DASHR Experimental results Conclusions Delegated Access for Hadoop Clusters in the Cloud David Nu nez , Isaac Agudo, and Javier Lopez Network, Information and Computer Security

  1. Outline Introduction The Hadoop Framework Proxy Re-Encryption DASHR Experimental results Conclusions Delegated Access for Hadoop Clusters in the Cloud David Nu˜ nez , Isaac Agudo, and Javier Lopez Network, Information and Computer Security Laboratory (NICS Lab) Universidad de M´ alaga, Spain Email: dnunez@lcc.uma.es IEEE CloudCom 2014 – Singapore

  2. Outline Introduction The Hadoop Framework Proxy Re-Encryption DASHR Experimental results Conclusions 1. Introduction Motivation Scenario Proposal 2. The Hadoop Framework 3. Proxy Re-Encryption Overview Access Control based on Proxy Re-Encryption 4. DASHR: Delegated Access System for Hadoop based on Re-Encryption 5. Experimental results Experimental setting Results 6. Conclusions

  3. Outline Introduction The Hadoop Framework Proxy Re-Encryption DASHR Experimental results Conclusions Introduction Big Data ⇒ use of vast amounts of data that makes processing and maintenance virtually impossible from the traditional perspective of information management Security and Privacy challenges In some cases the data stored is sensitive or personal Malicious agents (insiders and outsiders) can make a profit by selling or exploiting this data Security is usually delegated to access control enforcement layers, which are implemented on top of the actual data stores. Technical staff (e.g., system administrators) are often able to bypass these traditional access control systems and read data at will.

  4. Outline Introduction The Hadoop Framework Proxy Re-Encryption DASHR Experimental results Conclusions Apache Hadoop Apache Hadoop stands out as the most prominent framework for processing big datasets. Apache Hadoop is a framework that enables the storing and processing of large-scale datasets by clusters of machines. The strategy of Hadoop is to divide the workload into parts and spreading them throughout the cluster. Hadoop was not designed with security in mind However, it is widely used by organizations that have strong security requirements regarding data protection.

  5. Outline Introduction The Hadoop Framework Proxy Re-Encryption DASHR Experimental results Conclusions Goal Goal ⇒ Stronger safeguards based on cryptography Cloud Security Alliance on Security Challenges for Big Data : “ [...] sensitive data must be protected through the use of cryptography and granular access control ”. Motivating Scenario ⇒ Big Data Analytics as a Service

  6. Outline Introduction The Hadoop Framework Proxy Re-Encryption DASHR Experimental results Conclusions Motivating Scenario: Big Data Analytics as a Service Big Data Analytics is a new opportunity for organizations to transform the way they market services and products through the analysis of massive amounts of data Small and medium size companies are not often capable of acquiring and maintaining the necessary infrastructure for running Big Data Analytics on-premise The Cloud is a natural solution to this problem, in particular for small organizations Access to on-demand high-end clusters for analysing massive amounts of data (e.g.: Hadoop on Google Cloud) It has even more sense when the organizations are already operating in the cloud, so analytics can be performed where the data is located

  7. Outline Introduction The Hadoop Framework Proxy Re-Encryption DASHR Experimental results Conclusions Motivating Scenario: Big Data Analytics as a Service There are several risks, such as the ones that stem for a multi-tenant environment. Jobs and data from different tenants are then kept together under the same cluster in the cloud, which could be unsafe when one considers the weak security measures provided by Hadoop The use of encryption for protecting data at rest can decrease the risks associated to data disclosures in such scenario. Our proposed solution fits in well with the outsourcing of Big Data processing to the cloud, since information can be stored in encrypted form in external servers in the cloud and processed only if access has been delegated.

  8. Outline Introduction The Hadoop Framework Proxy Re-Encryption DASHR Experimental results Conclusions Proposal DASHR: Delegated Access System for Hadoop based on Re-Encryption Cryptographically-enforced access control system Based on Proxy Re-Encryption Data remains encrypted in the filesystem until it is needed for processing Experimental results show that the overhead is reasonable

  9. Outline Introduction The Hadoop Framework Proxy Re-Encryption DASHR Experimental results Conclusions Hadoop operation JobTracker Distribution of workload and coordination TaskTracker · · · Map TaskTracker · · Red Data store · (e.g. HDFS) TaskTracker · Map · · Input Splits Map phase Reduce phase

  10. Outline Introduction The Hadoop Framework Proxy Re-Encryption DASHR Experimental results Conclusions Proxy Re-Encryption: Overview A Proxy Re-Encryption scheme is a public-key encryption scheme that permits a proxy to transform ciphertexts under Alice’s public key into ciphertexts under Bob’s public key. The proxy needs a re-encryption key r A → B to make this transformation possible, generated by the delegating entity Proxy Re-Encryption enables delegation of decryption rights

  11. Outline Introduction The Hadoop Framework Proxy Re-Encryption DASHR Experimental results Conclusions Access Control based on Proxy Re-Encryption Three entities: The data owner, with public and private keys The delegatee, with public and private keys The proxy entity, which permits access through re-encryption

  12. Outline Introduction The Hadoop Framework Proxy Re-Encryption DASHR Experimental results Conclusions Creating an Encrypted Lockbox Encrypted lockbox Symmetric Data encryption PRE encryption Data key Data owner's public key

  13. Outline Introduction The Hadoop Framework Proxy Re-Encryption DASHR Experimental results Conclusions Delegating an Encrypted Lockbox Encrypted lockbox Encrypted lockbox Re-Encryption Re-Encryption key

  14. Outline Introduction The Hadoop Framework Proxy Re-Encryption DASHR Experimental results Conclusions Opening an Encrypted Lockbox Encrypted lockbox Symmetric Data decryption PRE decryption Data key Delegatee's Private key

  15. Outline Introduction The Hadoop Framework Proxy Re-Encryption DASHR Experimental results Conclusions DASHR DASHR: Delegated Access System for Hadoop based on Re-Encryption Data is stored encrypted in the cluster and the owner can delegate access rights to the computing cluster for processing. The data lifecycle is composed of three phases: 1. Production phase: during this phase, data is generated by different data sources, and stored encrypted under the owner’s public key for later processing. 2. Delegation phase: the data owner produces the necessary master re-encryption key for initiating the delegation process. 3. Consumption phase: This phase occurs each time a user of the Hadoop cluster submits a job; is in this phase where encrypted data is read by the worker nodes of the cluster. At the beginning of this phase, re-encryption keys for each job are generated.

  16. Outline Introduction The Hadoop Framework Proxy Re-Encryption DASHR Experimental results Conclusions DASHR: Production phase Generation of data by different sources Data is splitted into blocks by the filesystem (e.g., HDFS) Each block is an encrypted lockbox, which contains encrypted data and an encrypted key, using the public key of the data owner pk DO

  17. Outline Introduction The Hadoop Framework Proxy Re-Encryption DASHR Experimental results Conclusions DASHR: Delegation phase The dataset owner produces a master re-encryption key mrk DO to allow the delegation of access to the encrypted data The master re-encryption key is used to derive re-encryption keys in the next phase. The delegation phase is done only once for each computing cluster

  18. Outline Introduction The Hadoop Framework Proxy Re-Encryption DASHR Experimental results Conclusions DASHR: Delegation phase This phase involves the interaction of three entities: 1. Dataset Owner (DO), with a pair of public and secret keys ( pk DO , sk DO ), the former used to encrypted generated data for consumption 2. Delegation Manager (DM), with keys ( pk DM , sk DM ), and which belongs to the security domain of the data owner, so it is assumed trusted. It can be either local or external to the computing cluster. If it is external, then the data owner can control the issuing of re-encryption keys during the consumption phase. The delegation manager has a pair of public and secret keys, pk DM and sk DM . 3. Re-Encryption Key Generation Center (RKGC), which is local to the cluster and is responsible for generating all the re-encryption keys needed for access delegation during the consumption phase.

  19. Outline Introduction The Hadoop Framework Proxy Re-Encryption DASHR Experimental results Conclusions DASHR: Delegation phase These three entities follow a simple three-party protocol, so no secret keys are shared The value t used during this protocol is simply a random value that is used to blind the secret key. At the end of this protocol, the RKGC possesses the master re-encryption key mrk DO that later will be used for generating the rest of re-encryption keys in the consumption phase, making use of the transitive property of the proxy re-encryption scheme.

Recommend

Clusters Running Hadoop Dr. Renato Figueiredo ACIS Lab - University of Florida Advanced

Clusters Running Hadoop Dr. Renato Figueiredo ACIS Lab - University of Florida Advanced

Plug-and-play Virtual Appliance Clusters Running Hadoop Dr. Renato Figueiredo ACIS Lab - University of Florida Advanced Computing and Information Systems laboratory Introduction You have so far learned about how to use Hadoop clusters

642 views • 45 slides
COMP9313: Big Data Management Hadoop and HDFS Hadoop Apache Hadoop is an open-source

COMP9313: Big Data Management Hadoop and HDFS Hadoop Apache Hadoop is an open-source

COMP9313: Big Data Management Hadoop and HDFS Hadoop Apache Hadoop is an open-source software framework that Stores big data in a distributed manner Processes big data parallelly Builds on large clusters of commodity hardware.

2.93k views • 60 slides
BY SRIJHA REDDY GANGIDI What is Hadoop ? Evolution of Hadoop Created by dough cutting, a part

BY SRIJHA REDDY GANGIDI What is Hadoop ? Evolution of Hadoop Created by dough cutting, a part

BY SRIJHA REDDY GANGIDI What is Hadoop ? Evolution of Hadoop Created by dough cutting, a part of Apache project. Hadoop Architecture Ambari Ambari offers a Web-based GUI with wizard scripts for setting up clusters with most of the standard

436 views • 18 slides
On the Energy (In)efficiency of Hadoop: Scale-down Efficiency Jacob Leverich and Christos

On the Energy (In)efficiency of Hadoop: Scale-down Efficiency Jacob Leverich and Christos

On the Energy (In)efficiency of Hadoop: Scale-down Efficiency Jacob Leverich and Christos Kozyrakis Stanford University The current design of Hadoop precludes scale-down of commodity clusters. 2 Outline Hadoop crash-course

724 views • 29 slides
Distributed Computation of with Apache Hadoop Tsz-Wo Sze Yahoo! Cloud Computing Apache

Distributed Computation of with Apache Hadoop Tsz-Wo Sze Yahoo! Cloud Computing Apache

Distributed Computation of with Apache Hadoop Tsz-Wo Sze Yahoo! Cloud Computing Apache Hadoop PMC Member Mapred2010 Dec 1 1 Agenda Introduction A New World Record How to Compute The n th Bits of ? Computing with

759 views • 52 slides
Network Traffic Analysis & Cluster Analysis Exploring Hadoop Clusters using Free Tools

Network Traffic Analysis & Cluster Analysis Exploring Hadoop Clusters using Free Tools

Network Traffic Analysis & Cluster Analysis Exploring Hadoop Clusters using Free Tools Background and Goals: Apache Spot was started recently DNS, Netflow, PCAP data is analyzed The goal is to identify: suspicous

644 views • 19 slides
Monitoring I/O on Data-Intensive Clusters Visualizing Disk Reads and Writes on Hadoop MapReduce

Monitoring I/O on Data-Intensive Clusters Visualizing Disk Reads and Writes on Hadoop MapReduce

Monitoring I/O on Data-Intensive Clusters Visualizing Disk Reads and Writes on Hadoop MapReduce Jobs Thursday, July 31 Joel Ornstein Joshua Long Carson Wiens Mentors: Steve Senator, Tim Randles, Vaughan Clinton, Mike Mason, Graham Van Heule

758 views • 34 slides
SAS Data Loader for Hadoop Agenda Intro What is Hadoop? What do I get from Hadoop?

SAS Data Loader for Hadoop Agenda Intro What is Hadoop? What do I get from Hadoop?

SAS Data Loader for Hadoop Agenda Intro What is Hadoop? What do I get from Hadoop? Hadoop components Why SAS Data Loader for Hadoop? SAS Data Loader for Hadoop overview Demo Introduction Doug Cutting, creator of Hadoop

285 views • 11 slides
Swifta A performant Hadoop file system driver for Swift Mengmeng Liu Andy Robb

Swifta A performant Hadoop file system driver for Swift Mengmeng Liu Andy Robb

9 May 2017 Swifta A performant Hadoop file system driver for Swift Mengmeng Liu Andy Robb Ray Zhang Our Big Data Journey One of two teams that run multi-tenant Hadoop ecosystem at Walmart Large, shared clusters since

474 views • 24 slides
Survey on Improved Scheduling in Hadoop MapReduce in Cloud Environments B.Thirumala Rao Dr.

Survey on Improved Scheduling in Hadoop MapReduce in Cloud Environments B.Thirumala Rao Dr.

International Journal of Computer Applications (0975 8887) Volume 34 No.9, November 2011 Survey on Improved Scheduling in Hadoop MapReduce in Cloud Environments B.Thirumala Rao Dr. L.S.S.Reddy Associate Professor Professor &

300 views • 5 slides
Pepper: An Elastic Web Server Farm for Cloud based on Hadoop Subramaniam Krishnan, Jean

Pepper: An Elastic Web Server Farm for Cloud based on Hadoop Subramaniam Krishnan, Jean

Pepper: An Elastic Web Server Farm for Cloud based on Hadoop Subramaniam Krishnan, Jean Christophe Counio Yahoo! Inc. MAPRED 1 st December 2010 Agenda Motivation Design Features Applications Evaluation Conclusion

523 views • 24 slides
Attaching Cloud Storage to a Campus Grid Using Parrot, Chirp, and Hadoop Patrick Donnelly, Peter

Attaching Cloud Storage to a Campus Grid Using Parrot, Chirp, and Hadoop Patrick Donnelly, Peter

Attaching Cloud Storage to a Campus Grid Using Parrot, Chirp, and Hadoop Patrick Donnelly, Peter Bui, Douglas Thain Computer Science and Engineering University of Notre Dame pdonnel3@nd.edu pbui@nd.edu dthain@nd.edu Overview of Talk

184 views • 16 slides
MapReduce 340151 Big Data & Cloud Services (P. Baumann) 1 Overview MapReduce : the

MapReduce 340151 Big Data & Cloud Services (P. Baumann) 1 Overview MapReduce : the

MapReduce 340151 Big Data & Cloud Services (P. Baumann) 1 Overview MapReduce : the concept Hadoop : the implementation Query Languages for Hadoop Spark : the improvement MapReduce vs databases Conclusion 340151

788 views • 29 slides
Working With Hadoop Mostly based on Tom Whites book Hadoop: Now that we covered the

Working With Hadoop Mostly based on Tom Whites book Hadoop: Now that we covered the

Working With Hadoop Mostly based on Tom Whites book Hadoop: Now that we covered the basics of The Definitive Guide, 3 rd edition MapReduce , lets look at some Hadoop specifics. Note: We will use the new

181 views • 6 slides
High-Throughput Virtual Molecular Docking: Hadoop Implementation of AutoDock4 on a Private Cloud

High-Throughput Virtual Molecular Docking: Hadoop Implementation of AutoDock4 on a Private Cloud

High-Throughput Virtual Molecular Docking: Hadoop Implementation of AutoDock4 on a Private Cloud The Second International Emerging Computational Methods for the Life Sciences Workshop ACM International Symposium on High Performance Distributed

328 views • 19 slides
Interconnecting Cloud Computing Clusters using Bandwidth on Demand Networks Daniel Romo, Ralph

Interconnecting Cloud Computing Clusters using Bandwidth on Demand Networks Daniel Romo, Ralph

Interconnecting Cloud Computing Clusters using Bandwidth on Demand Networks Daniel Romo, Ralph Koning Why? A flexible cloud computing system benefits from a flexible network Integration with existing BoD systems Easy

327 views • 9 slides
Cloud storage state of affairs Storage clusters contain thousands of storage nodes, with e.g. 500

Cloud storage state of affairs Storage clusters contain thousands of storage nodes, with e.g. 500

A mathematical theory of distributed storage Dagstuhl workshop (16321) Coding in the time of Big Data Michael Luby August 8, 2016 Research Cloud storage state of affairs Storage clusters contain thousands of storage nodes, with e.g. 500 TB

796 views • 37 slides
Performance Enhancement in OpenStack for Elastic Hadoop Cluster CMSoft Cloud Computing Products

Performance Enhancement in OpenStack for Elastic Hadoop Cluster CMSoft Cloud Computing Products

OpenStack Performance Enhancement in OpenStack for Elastic Hadoop Cluster CMSoft Cloud Computing Products Department Lei Xu, Lina Hu, Weizhong Yu The Open Infrastructure Summit P A R T o n e Problems in High Performance Computing The

710 views • 31 slides
Dedicated Cloud Access Customer Presentation June 2018 Start presentation State Of Cloud

Dedicated Cloud Access Customer Presentation June 2018 Start presentation State Of Cloud

Dedicated Cloud Access Customer Presentation June 2018 Start presentation State Of Cloud Adoption 15 Months 93% For cloud spending Organizations to account for currently using 80% of IT budgets Cloud Services 73% 3X of companies

970 views • 48 slides
ElastiCluster Automated provisioning of computational clusters in the cloud Riccardo Murri

ElastiCluster Automated provisioning of computational clusters in the cloud Riccardo Murri

ElastiCluster Automated provisioning of computational clusters in the cloud Riccardo Murri <riccardo.murri@gmail.com> (with contributions from Antonio Messina, Nicolas Br, Sergio Maffioletti, and Sigve Haug) HEPiX Spring 2017 What is

551 views • 21 slides
Dynamic Hadoop clusters on HPC scheduling systems Michele Muggiri, Luca Pireddu*, Simone Leo,

Dynamic Hadoop clusters on HPC scheduling systems Michele Muggiri, Luca Pireddu*, Simone Leo,

Dynamic Hadoop clusters on HPC scheduling systems Michele Muggiri, Luca Pireddu*, Simone Leo, Gianluigi Zanetti CRS4 August 27, 2013 luca.pireddu@crs4.it (CRS4) Hadoocca August 27, 2013 1 / 37 Outline Introduction 1 Hadoocca Dynamic

660 views • 39 slides
On the Security and Privacy of delegated computation Anca Nitulescu DI ENS - Cascade Outline

On the Security and Privacy of delegated computation Anca Nitulescu DI ENS - Cascade Outline

On the Security and Privacy of delegated computation Anca Nitulescu DI ENS - Cascade Outline Directions SNARKs Motivation Introduction Quantum SNARKs Arguments of Difficulties Knowledge Cloud Applications Computation SNARK Open

746 views • 61 slides
GFC Ad Hoc Committee on Academic Governance Including Delegated Authority Report and

GFC Ad Hoc Committee on Academic Governance Including Delegated Authority Report and

1 GFC Ad Hoc Committee on Academic Governance Including Delegated Authority Report and Recommendations 2 Core Problems Lack of engagement on substantive issues Lack of transparency and easy access to information

501 views • 13 slides
Modern Web Access Management Zero Trust Security from onpremises to the Cloud Single

Modern Web Access Management Zero Trust Security from onpremises to the Cloud Single

Modern Web Access Management Zero Trust Security from onpremises to the Cloud Single Sign On, Access Controls, Session Management and how to use Access Management to protect applications both on premises and in the Cloud Agenda

529 views • 25 slides

More recommend