practicing oblivious access on cloud storage the gap
play

Practicing Oblivious Access on Cloud Storage: the Gap, Fallacy, and - PowerPoint PPT Presentation

May 22, 2023 •13 likes •483 views

Practicing Oblivious Access on Cloud Storage: the Gap, Fallacy, and the New Way Forward Vincent Bindschaedler 1 , Muhammad Naveed 1,3 , Xiaorui Pan 2 , XiaoFeng Wang 2 , and Yan Huang 2 1 University of Illinois at Urbana-Champaign 2 Indiana

  1. Practicing Oblivious Access on Cloud Storage: the Gap, Fallacy, and the New Way Forward Vincent Bindschaedler 1 , Muhammad Naveed 1,3 , Xiaorui Pan 2 , XiaoFeng Wang 2 , and Yan Huang 2 1 University of Illinois at Urbana-Champaign 2 Indiana University Bloomington 3 Cornell University

  2. Cloud Storage Cloud Storage Service Application file2 file1 file4 file3 User Side

  3. Cloud Storage Cloud Storage Service get(file1) Application file2 file1 put(file1, data1) file4 file3 get(file2) User Side

  4. Cloud Storage Cloud Storage Service get(file1) Application file2 file1 put(file1, data1) file4 file3 get(file2) User Side

  5. Cloud Storage Cloud Storage Service get(file1) Application file2 file1 put(file1, data1) file4 file3 get(file2) User Side Leaks access pattern

  6. Background: Oblivious RAM • Obliviousness: • For any fixed size request sequence, the associated storages accesses observed (by the cloud) are statistically independent of the requests • Techniques • Operates on fixed size data blocks • Encrypt blocks with ciphertext indistinguishability • Dummy accesses, re-encryption, shuffling, etc.

  7. Oblivious Cloud Storage Cloud Storage Service Application ORAM Client Trusted User Side

  8. Oblivious Cloud Storage Cloud Storage Service get(key1) Application ORAM Client put(key1, val1) get(key2) Trusted User Side

  9. Oblivious Cloud Storage Cloud Storage 7 ) t 5 e c o b j d ( o a n l o w d Service download(object32) get(key1) Application ORAM Client u p l o a d ( o b j e c t 1 5 , d a t a 4 ) download(object3) put(key1, val1) download(object28) upload(object65, data19) download(object11) get(key2) download(object44) u p l o a d ( o b j e c t 7 3 , d a t a 2 6 ) Trusted User Side

  10. How close is ORAM to practice? • Are ORAM designs in line with the constraints of real-world cloud services? • How close are ORAM techniques to offering practical support to cloud applications? • Are we on the right track to narrow the gap?

  11. Assumptions in ORAM literature 1. Bandwidth overhead is a good proxy metric • So, minimizing it optimizes application performance 2. Application is not taken into account • Implicit assumption that application has no impact on performance Assumptions influence the way the problem is thought about and guide the research agenda.

  12. Contribution

  13. Contribution 1 ORAM Literature Chose 4 representative ORAM designs

  14. Contribution 1 ORAM Literature Build ORAM Systems Chose 4 representative ORAM designs

  15. Contribution 2 App 1 Performance ORAM ORAM Data Literature Build ORAM Systems Chose 4 representative ORAM designs Cloud Storage Evaluation Platform

  16. Contribution 2 App 1 Performance ORAM ORAM Data Literature Build ORAM Systems Chose 4 representative ORAM designs Cloud Storage Evaluation Platform 3 How ORAMs work on cloud storage What real apps need New understanding

  17. Contribution 2 App 1 Performance ORAM ORAM Data Literature Build ORAM Systems Chose 4 representative ORAM designs Cloud Storage Evaluation Platform 3 How ORAMs work on cloud storage 4 CURIOUS Design What real apps (New ORAM Framework) need New understanding

  18. ORAM Systems We Built 1. Tree-based: PathORAM 2. Layered-based: LayeredORAM 3. Large messages-based: PracticalOS 4. Partition-based: ObliviStore 1. [PathORAM] Stefanov, Emil, et al. "Path ORAM: An Extremely Simple Oblivious RAM Protocol." CCS 2013. 2. [LayeredORAM] Goodrich, Michael, et al. "Oblivious RAM simulation with efficient worst-case access overhead." CCSW 2011. 3. [PracticalOS] Goodrich, Michael, et al. "Practical oblivious storage." CODASPY 2012. 4. [ObliviStore] Stefanov, Emil, and Elaine Shi. "Oblivistore: High performance oblivious cloud storage." S&P 2013.

  19. Application Selection • We use Filebench: filesystem benchmarking tool • Able to emulate several applications, e.g.: • Mail server • File server • Web proxy • Web server

  20. Methodology

  21. Methodology Amazon S3 application extract logs Filebench accesses bucket traces client

  22. Methodology Amazon S3 application extract logs Filebench accesses bucket traces client Amazon No ORAM varmail S3 accesses PathORAM webproxy requests ObliviStore webserver PracticalOS fileserver performance LayeredORAM application data client

  23. Findings

  24. Bandwidth overhead as a proxy for response time

  25. Bandwidth overhead as a proxy for response time

  26. Bandwidth overhead as a proxy for monetary cost

  27. Bandwidth overhead as a proxy for monetary cost

  28. Bandwidth overhead as a proxy for monetary cost PathORAM

  29. Application traces • Slowdown := time with ORAM / time without ORAM … time interval without ORAM Time … time interval with ORAM Time

  30. Application Traces • According to slowdown measurements: • ObliviStore could easily handle two applications (i.e., varmail and webproxy), but could not handle the other two (i.e., webserver and fileserver) • PathORAM could not handle any of the four applications (it experienced slowdowns ranging from 3 to 92) • In all cases, the monetary cost of running on top of ORAM was roughly 100 times (or more) than running without ORAM

  31. PracticalOS & LayeredORAM • Neither of the two schemes could support any of the applications • PracticalOS has a low response time for requests • but a long and expensive reshuffling phase • The cost of operating PracticalOS for varmail is roughly 15 USD / min

  32. Main Findings • Bandwidth overhead is not the bottleneck • Network latency is the bottleneck • Many real applications require the ORAM to process requests concurrently • Downloads and uploads do not have the same cost

  33. Asynchronicity & Concurrent Request Processing • ObliviStore can process multiple requests concurrently and offer an asynchronous interface • Others (e.g., PathORAM) are fundamentally synchronous • The current request must be fully completed before the processing of the next request can start • ORAM schemes do not appear to consider asynchronicity as a crucial property • 3 out of 39 published papers have this property

  34. Asynchronicity is a MUST! • Asynchronicity has never been a main design goal. • But , we found that: 1. Asynchronicity is not only desirable but actually necessary • No synchronous ORAM scheme can fully support cloud applications 2. Asynchronicity is difficult • E.g., the implementation of ObliviStore did not get it right

  35. Bandwidth Asymmetricity • S3: the monetary cost of an upload is 12.5 times that of a download

  36. Bandwidth Asymmetricity • S3: the monetary cost of an upload is 12.5 times that of a download 120 Median Response Time (ms) 90 60 30 0 1KB 2KB 4KB 8KB 16KB 32KB 64KB GET PUT

  37. Bandwidth Asymmetricity • S3: the monetary cost of an upload is 12.5 times that of a download 120 Median Response Time (ms) 90 60 30 0 1KB 2KB 4KB 8KB 16KB 32KB 64KB GET PUT

  38. Bandwidth-only evaluation is INACCURATE! • Overhead evaluation: total bandwidth only in existing literature • Bandwidth overhead := download overhead + upload overhead • But , experimentally, their performance and monetary cost are different • Failure to incorporate this experimental insight in our thinking could lead us to make incorrect conclusions about how schemes perform in practice • Example: which is better? • Scheme 1: 20 download overhead, 20 upload overhead • Scheme 2: 40 download overhead, 10 upload overhead

  39. CURIOUS

  40. Novel ORAM Framework: CURIOUS • Based on our findings, we propose CURIOUS • Simple design: • Flexible due to modular design • Simple concurrency model • Also, it preserves properties that applications expect from cloud • e.g., reliability

  41. CURIOUS performs better than ObliviStore 4 3.25 Slowdown 2.5 1.75 1 varmail webproxy webserver fileserver ObliviStore CURIOUS

  42. CURIOUS performs better than ObliviStore • Monetary cost is only half to two-thirds 4 3.25 Slowdown 2.5 1.75 1 varmail webproxy webserver fileserver ObliviStore CURIOUS

  43. CURIOUS performs better than ObliviStore • Monetary cost is only half to two-thirds 4 3.25 Slowdown 2.5 1.75 1 varmail webproxy webserver fileserver ObliviStore CURIOUS

  44. CURIOUS performs better than ObliviStore • Monetary cost is only half to two-thirds 4 3.25 Slowdown 2.5 1.75 1 varmail webproxy webserver fileserver ObliviStore CURIOUS

  45. CURIOUS performs better than ObliviStore • Monetary cost is only half to two-thirds • Even though • CURIOUS uses 2X the bandwidth of ObliviStore 4 3.25 Slowdown 2.5 1.75 1 varmail webproxy webserver fileserver ObliviStore CURIOUS

  46. Conclusions • Oblivious RAM has come a long way… • … and there is a long way to go still… • But we found: • In theory there is no difference between theory and practice • But in practice, there is. • Lesson: • align theory to practice • evaluate theory on practical systems

Recommend

Cloud Radio Access Downlink with Backhaul Constrained Oblivious Processing Shlomo Shamai

Cloud Radio Access Downlink with Backhaul Constrained Oblivious Processing Shlomo Shamai

Page 1 of 66 Cloud Radio Access Downlink with Backhaul Constrained Oblivious Processing Shlomo Shamai Department of Electrical Engineering Technion Israel Institute of Technology Joint work with S.-H. Park, O. Simeone and O. Sahin HyNeT

684 views • 66 slides
Oblivious Computation in Public Cloud for Privacy-aware Access Control Policies and Data Search

Oblivious Computation in Public Cloud for Privacy-aware Access Control Policies and Data Search

Oblivious Computation in Public Cloud for Privacy-aware Access Control Policies and Data Search Ph.D. Dissertation Defense Zeeshan Pervez Department of Computer Engineering Kyung Hee University, Global Campus, Korea email:

650 views • 24 slides
Access Control in Untrusted Cloud Storage using Unidirectional Re-encryption Zach Kissel, Jie

Access Control in Untrusted Cloud Storage using Unidirectional Re-encryption Zach Kissel, Jie

Access Control in Untrusted Cloud Storage using Unidirectional Re-encryption Zach Kissel, Jie Wang University of Massachusetts Lowell The Cloud Cloud storage makes many promises: Data can be accessed anywhere at any time No

698 views • 42 slides
Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined) Administrative discussions Stephen McCamant University of Minnesota Multi-Cloud Oblivious Storage Old and new topics in security Cloud threats, old and new

645 views • 8 slides
A Language for Probabilistically Oblivious Computation David Darais , Ian Sweet, Chang Liu,

A Language for Probabilistically Oblivious Computation David Darais , Ian Sweet, Chang Liu,

A Language for Probabilistically Oblivious Computation David Darais , Ian Sweet, Chang Liu, Michael Hicks Secure Storage S[42] secret Cloud You s = S[42] Storage S[s] secret Implementation = encrypt the data Read/write indices

787 views • 59 slides
Cloud Storage Nabil Abdennadher nabil.abdennadher@hesge.ch 1 Cloud storage Objective

Cloud Storage Nabil Abdennadher nabil.abdennadher@hesge.ch 1 Cloud storage Objective

Cloud Storage Nabil Abdennadher nabil.abdennadher@hesge.ch 1 Cloud storage Objective Provide logical storage pools that abstract a more complex distributed infrastructure made of commodity hardware Separate storage service

627 views • 15 slides
Lower Bound! Kasper Green Larsen Jesper Buus Nielsen Oblivious RAM Introduced by Goldreich

Lower Bound! Kasper Green Larsen Jesper Buus Nielsen Oblivious RAM Introduced by Goldreich

Yes, There is an Oblivious RAM Lower Bound! Kasper Green Larsen Jesper Buus Nielsen Oblivious RAM Introduced by Goldreich and Ostrovsky in 1996 Encrypts the memory access pattern of a random-access algorithm Oblivious RAM, Model

505 views • 32 slides
Cloud storage state of affairs Storage clusters contain thousands of storage nodes, with e.g. 500

Cloud storage state of affairs Storage clusters contain thousands of storage nodes, with e.g. 500

A mathematical theory of distributed storage Dagstuhl workshop (16321) Coding in the time of Big Data Michael Luby August 8, 2016 Research Cloud storage state of affairs Storage clusters contain thousands of storage nodes, with e.g. 500 TB

796 views • 37 slides
A Simulation-based Evaluation of a Hybrid Storage System combining P2P, F2F, and Cloud storage

A Simulation-based Evaluation of a Hybrid Storage System combining P2P, F2F, and Cloud storage

. . A Simulation-based Evaluation of a Hybrid Storage System combining P2P, F2F, and Cloud storage with a Distributed Reputation System Anders Skoglund andsk668@student.liu.se November 04, 2013 . Cloud storage P2P storage F2F storage

660 views • 36 slides
Large objects in the Cloud Thursday, 11 April 13 Riak Cloud Storage Cloud Storage software

Large objects in the Cloud Thursday, 11 April 13 Riak Cloud Storage Cloud Storage software

Large objects in the Cloud Thursday, 11 April 13 Riak Cloud Storage Cloud Storage software backed by Riak Simple API Multi-tenant, Per-tenant Reporting Pluggable Authentication Multi Data Center Replication (Enterprise)

369 views • 18 slides
K Pre-Post Cloud Tutorial for accessing the K Global File Storage RIKEN R-CCS JULY 2, 2018

K Pre-Post Cloud Tutorial for accessing the K Global File Storage RIKEN R-CCS JULY 2, 2018

K Pre-Post Cloud Tutorial for accessing the K Global File Storage RIKEN R-CCS JULY 2, 2018 Access the GFS using SFTP (1/2) Users can access the K global file storage (GFS) via GFS-GW (GFS-gateway). In this slide, we explain a way to

51 views • 4 slides
Could Cloud Storage Be Disrupted in the Next Decade? Andromachi Chatzieleftheriou, Ioan

Could Cloud Storage Be Disrupted in the Next Decade? Andromachi Chatzieleftheriou, Ioan

Could Cloud Storage Be Disrupted in the Next Decade? Andromachi Chatzieleftheriou, Ioan Stefanovici , Dushyanth Narayanan Benn Thomsen, Antony Rowstron Microsoft Research Cloud Storage Landscape: Yesterday + Today Storage Technologies $$$$

147 views • 12 slides
Research in an Open Cloud Exchange CLOUD COMPUTING IS HAVING A DRAMATIC IMPACT On-demand

Research in an Open Cloud Exchange CLOUD COMPUTING IS HAVING A DRAMATIC IMPACT On-demand

Research in an Open Cloud Exchange CLOUD COMPUTING IS HAVING A DRAMATIC IMPACT On-demand access Economies of scale All compute/storage will move to the cloud? Todays IaaS clouds One company responsible for implementing and

1.11k views • 65 slides
GLUSTER The storage for your Hybrid Cloud Amar Tumballi, Manager, Storage Engineering

GLUSTER The storage for your Hybrid Cloud Amar Tumballi, Manager, Storage Engineering

GLUSTER The storage for your Hybrid Cloud Amar Tumballi, Manager, Storage Engineering Maintainer, GlusterFS SDC India - 24th May, 2018 CONTENTS Define: Hybrid Cloud & Infrastructure Understand: What are the storage needs of hybrid

527 views • 16 slides
Update on NIIFI's storage and cloud related activities TF-Storage Meeting September 27, 2012

Update on NIIFI's storage and cloud related activities TF-Storage Meeting September 27, 2012

Update on NIIFI's storage and cloud related activities TF-Storage Meeting September 27, 2012 Dubrovnik, Croatia Szabolcs Szkelyi <szekelyi@niif.hu> Agenda Storage infrastructure update Archiving service Cloud GUI

877 views • 18 slides
Verifiability for Cloud Storage and Computation Melek nen July 5th, 2016 Lorient Joint

Verifiability for Cloud Storage and Computation Melek nen July 5th, 2016 Lorient Joint

Verifiability for Cloud Storage and Computation Melek nen July 5th, 2016 Lorient Joint work with Monir Azraoui, Kaoutar Elkhiyaoui, Refik Molva Cloud Outsourcing Storage and Computation Data storage Data processing [Cloud Security

393 views • 23 slides
: Taming the Cloud Object Storage Ali Anwar , Yue Cheng , Aayush Gupta , Ali R. Butt

: Taming the Cloud Object Storage Ali Anwar , Yue Cheng , Aayush Gupta , Ali R. Butt

: Taming the Cloud Object Storage Ali Anwar , Yue Cheng , Aayush Gupta , Ali R. Butt Virginia Tech & IBM Research Almaden Cloud object stores enable cost-efficient data storage Object storage 2 Cloud object

720 views • 46 slides
Update on cloud and storage development at NIIFI 8th TF-Storage Meeting February 4, 2011

Update on cloud and storage development at NIIFI 8th TF-Storage Meeting February 4, 2011

Update on cloud and storage development at NIIFI 8th TF-Storage Meeting February 4, 2011 Budapest, Hungary Szkelyi Szabolcs <szekelyi@niif.hu> Cloud Infrastructure as a Service Virtual machines, virtual networks, disk images,

115 views • 10 slides
Cloud Computing and Cloud Storage By: Maurice Kelly History of Internet and Cloud Computing

Cloud Computing and Cloud Storage By: Maurice Kelly History of Internet and Cloud Computing

Cloud Computing and Cloud Storage By: Maurice Kelly History of Internet and Cloud Computing Internet began in the 1950s Internet has been quite revolutoinary due to its lightning fast communication privelages and data sharing. Cloud

378 views • 6 slides
Cloud- and Peer-to-Peer Storage End-user considerations and product overview 4/3/2010 Arjan

Cloud- and Peer-to-Peer Storage End-user considerations and product overview 4/3/2010 Arjan

Cloud- and Peer-to-Peer Storage End-user considerations and product overview 4/3/2010 Arjan Peddemors Objectives Get overview of existing cloud storage and P2P storage concepts and products* outline of basic principles underlying cloud-

300 views • 15 slides
Cloud object storage in Ceph Orit Wasserman owasserm@redhat.com Fosdem 2017 AGENDA What is

Cloud object storage in Ceph Orit Wasserman owasserm@redhat.com Fosdem 2017 AGENDA What is

Cloud object storage in Ceph Orit Wasserman owasserm@redhat.com Fosdem 2017 AGENDA What is cloud object storage? Ceph overview Rados Gateway architecture Questions Cloud object storage Block storage Data stored in

1.02k views • 43 slides
Repeatable Oblivious Shuffling of Large Outsourced Data Blocks Zhilin Zhang + , Ke Wang, Weipeng

Repeatable Oblivious Shuffling of Large Outsourced Data Blocks Zhilin Zhang + , Ke Wang, Weipeng

Repeatable Oblivious Shuffling of Large Outsourced Data Blocks Zhilin Zhang + , Ke Wang, Weipeng Lin, Ada Wai-Chee Fu, Raymond Chi-Wing Wong + Simon Fraser University, Amazon Outsourcing in the Cloud 2019 Public cloud services market >$206.2

878 views • 18 slides
Kurma: Secure Geo-distributed Multi-cloud Storage Gateways Ming Chen and Erez Zadok Stony Brook

Kurma: Secure Geo-distributed Multi-cloud Storage Gateways Ming Chen and Erez Zadok Stony Brook

Kurma: Secure Geo-distributed Multi-cloud Storage Gateways Ming Chen and Erez Zadok Stony Brook University File Systems and Storage Lab (FSL) Cloud Storage Gateways l Benefits of cloud gateways Public NAS u Combine advantages of both Cloud

650 views • 51 slides
Secure storage in the cloud using property preserving encryption Kenny Paterson Information

Secure storage in the cloud using property preserving encryption Kenny Paterson Information

Secure storage in the cloud using property preserving encryption Kenny Paterson Information Security Group Overview 1. Application scenarios. 2. Deterministic encryption and search. 3. OPE/ORE and range queries. 4. Analysing access pattern

877 views • 48 slides

More recommend