secure query processing in cloud nosql
play

SECURE QUERY PROCESSING in CLOUD NoSQL Mohammad Ahmadian - PowerPoint PPT Presentation

Dec 19, 2023 •116 likes •725 views

SECURE QUERY PROCESSING in CLOUD NoSQL Mohammad Ahmadian ahmadian@knights.ucf.edu University of Central Florida April 9, 2017 Mohammad Ahmadian (UCF) Secure NoSQL April 9, 2017 1 / 42 Goal Research goal is to find an answer to: Is it

  1. SECURE QUERY PROCESSING in CLOUD NoSQL Mohammad Ahmadian ahmadian@knights.ucf.edu University of Central Florida April 9, 2017 Mohammad Ahmadian (UCF) Secure NoSQL April 9, 2017 1 / 42

  2. Goal Research goal is to find an answer to: Is it possible to delegate processing of a private data to third-party without getting revealed? Mohammad Ahmadian (UCF) Secure NoSQL April 9, 2017 2 / 42

  3. Outline Introduction & motivation 1 NoSQL data models Cryptosystems for outsourced data 2 Threat Model 3 RELATED WORK 4 JSON And BSON 5 SecureNoSQL-contributions 6 Future work 7 References 8 Mohammad Ahmadian (UCF) Secure NoSQL April 9, 2017 3 / 42

  4. Introduction DBaaS is a cloud-based approach to the storage and management of structured data. DBaaS delivers all database functionality plus benefited from being cloud-based to provide: 1 Flexible, scalable, on-demand platform 2 Easy management, self-service, provisioning 3 Performance monitoring and data analytics information 4 The environmental benefits of moving to the cloud 5 Charge back for database usage Mohammad Ahmadian (UCF) Secure NoSQL April 9, 2017 4 / 42

  5. DBaaS Cloud database a a service There are two groups of database services in the cloud DBaaS portfolio: Relational Database NoSQL (Not only SQL) That was kind of hard to imagine to have a time without relation database because of many benefits it brought such as persistence, integration, SQL, concurrent transactions. RDBMS also have some problems: Mohammad Ahmadian (UCF) Secure NoSQL April 9, 2017 5 / 42

  6. DBaaS - RDBMS cons I 1- Impedance mismatch Mapping logical objects to tables and vice versa creates a performance disadvantage when you have complex data Mapping objects to tables. Mohammad Ahmadian (UCF) Secure NoSQL April 9, 2017 6 / 42

  7. DBaaS - RDBMS cons II 2- Scalability Scale up vs scale out Scale up (Vertical) Expensive Reliability Hard to maintain Easy to grow Technical limits Easy to maintain Single Point Of Flexible Failure Scale out (Horizontal) Mohammad Ahmadian (UCF) Secure NoSQL April 9, 2017 7 / 42

  8. Introduction- Cons of DBaaS According to 2016 report of Cloud Security Alliance (CSA), data security is the main preventative reason for organizations to avoid cloud computing. Mohammad Ahmadian (UCF) Secure NoSQL April 9, 2017 8 / 42

  9. Introduction- Data Models For NoSQL Data Models For NoSQL Databases: 1 Key-value stores: A dictionary DS where a key uniquely identifies the value. 2 Column-family stores: Data are stored in rows and each row has a unique key and set of columns. Mohammad Ahmadian (UCF) Secure NoSQL April 9, 2017 9 / 42

  10. Introduction- Data Models For NoSQL Data Models For NoSQL Databases: 1 Key-value stores: A dictionary DS where a key uniquely identifies the value. 2 Column-family stores: Data are stored in rows and each row has a unique key and set of columns. Mohammad Ahmadian (UCF) Secure NoSQL April 9, 2017 9 / 42

  11. Introduction- Data models for NoSQL 3 Document stores: Data are stored in internal structure (Document) to offer higher level of granularity. Each document has a unique key to identify. 4 Graph Databases: This model is based on graph and can used to represent complex structures and highly connected data. Mohammad Ahmadian (UCF) Secure NoSQL April 9, 2017 10 / 42

  12. Introduction- Data models for NoSQL 3 Document stores: Data are stored in internal structure (Document) to offer higher level of granularity. Each document has a unique key to identify. 4 Graph Databases: This model is based on graph and can used to represent complex structures and highly connected data. Mohammad Ahmadian (UCF) Secure NoSQL April 9, 2017 10 / 42

  13. Cryptosystems for outsourced data Data in the cloud can be in one of three states: 1 Store : Encryption of data before uploading to the Cloud. 2 Transit : Communication channels can be secured by using the standard HTTP over Secure Socket Layer (SSL). In addition, the endpoint authentication feature of the SSL protocol makes it possible to ensure clients are communicating with an authentic cloud server. 3 Process : Data owner should disclose decryption key to the server in order to decrypt the data before performing any required operation. The problem is when the decryption key is compromised, the data confidentiality would be affected. Therefore, in the cloud computing model, new set of cryptosystems is required. Mohammad Ahmadian (UCF) Secure NoSQL April 9, 2017 11 / 42

  14. Cryptosystems for outsourced data Data in the cloud can be in one of three states: 1 Store : Encryption of data before uploading to the Cloud. 2 Transit : Communication channels can be secured by using the standard HTTP over Secure Socket Layer (SSL). In addition, the endpoint authentication feature of the SSL protocol makes it possible to ensure clients are communicating with an authentic cloud server. 3 Process : Data owner should disclose decryption key to the server in order to decrypt the data before performing any required operation. The problem is when the decryption key is compromised, the data confidentiality would be affected. Therefore, in the cloud computing model, new set of cryptosystems is required. Mohammad Ahmadian (UCF) Secure NoSQL April 9, 2017 11 / 42

  15. Cryptosystems for outsourced data Data in the cloud can be in one of three states: 1 Store : Encryption of data before uploading to the Cloud. 2 Transit : Communication channels can be secured by using the standard HTTP over Secure Socket Layer (SSL). In addition, the endpoint authentication feature of the SSL protocol makes it possible to ensure clients are communicating with an authentic cloud server. 3 Process : Data owner should disclose decryption key to the server in order to decrypt the data before performing any required operation. The problem is when the decryption key is compromised, the data confidentiality would be affected. Therefore, in the cloud computing model, new set of cryptosystems is required. Mohammad Ahmadian (UCF) Secure NoSQL April 9, 2017 11 / 42

  16. Threat models Threat Model : We investigate cloud threat model from the adversarial prospective which is a holistic process based on end-to-end security. The model identifies two classes of threats. External attacker :An attacker from the outside of cloud environment might obtain unauthorized access to the data. Cloud malicious insiders : Unauthorized access to data by the cloud internals Mohammad Ahmadian (UCF) Secure NoSQL April 9, 2017 12 / 42

  17. Threat models Threat Model : We investigate cloud threat model from the adversarial prospective which is a holistic process based on end-to-end security. The model identifies two classes of threats. External attacker :An attacker from the outside of cloud environment might obtain unauthorized access to the data. Cloud malicious insiders : Unauthorized access to data by the cloud internals Mohammad Ahmadian (UCF) Secure NoSQL April 9, 2017 12 / 42

  18. Cryptosystems- Deterministic (DET) DET scheme always produces the same ciphertext for an identical pair of given plaintext and key. 1 DET leaks information about ciphertext of same plaintext. DET enables server to process pipeline aggregation stages such as group, count, retrieving distinct values and equality match 2 on the fields within an embedded document. The embedded document can maintain the link with the primary document through application of DET encryption. See Equation 1. Deterministic Encryption for j = 1 . . . n ; C j = E k ( P j ); P j = D k ( C j ) (1) 1 Block ciphers in Electronic Code Book (ECB) mode with a constant IV are DET. 2 Equality matches over common fields in an embedded document will select documents in the collection containing fields with specified values. Mohammad Ahmadian (UCF) Secure NoSQL April 9, 2017 13 / 42

  19. Cryptosystems- Random (RND) RND scheme (probabilistic) encryption, the same message with the same key yields different ciphertext.This randomness provides the highest level of security and different encryption algorithms provide RND property. 3 RND type schemes are semantically secure against chosen plaintext attacks and hides all kind of information about ciphertext. RND scheme does not allow any efficient computation on the ciphertext. 4 Random Encryption C 1 = E k ( P 1 ⊕ IV ) , P 1 = IV ⊕ D k ( C 1 ) (2) for j = 2 . . . n ; C j = E k ( P j ⊕ C j − 1 ) , P j = C j − 1 ⊕ D k ( C j ) 3 AES in Cipher Block Chaining (CBC) mode is used for RND. AES with a key size of 128,192 or 256 bits and with a block size of 128 bits. 4 Where: E k is the Enc., D k is the Dec., k is secret key P is plaintext and C is ciphertext. Mohammad Ahmadian (UCF) Secure NoSQL April 9, 2017 14 / 42

  20. Cryptosystems- Order-Preserving Encryption (OPE) OPE projects the order relation between plaintext data elements to their ciphertext values. OPE leaks the order of ciphertext, so it supports a lower degree of security. Order-Preserving Encryption ∀ x , y | x , y ∈ Data Domain (3) x < y = ⇒ OPE k ( x ) < OPE k ( y ) An efficient inequality comparisons on the encrypted data elements can be performed by applying OPE which supports range queries, comparison, Min(), Max() on the ciphertext. Mohammad Ahmadian (UCF) Secure NoSQL April 9, 2017 15 / 42

Recommend

SecureDB A Secure Query Processing System in the Cloud Group Member: Haibin LIN, Eric

SecureDB A Secure Query Processing System in the Cloud Group Member: Haibin LIN, Eric

SecureDB A Secure Query Processing System in the Cloud Group Member: Haibin LIN, Eric Supervisor: Prof Benjamin Kao Department of Computer Science, University of Hong Kong Overview 1. The Problem 2. Related Work 3. Theoretical Background 4.

763 views • 47 slides
ObliDB: Oblivious Query Processing for Secure Databases Saba Eskandarian Matei Zaharia Stanford

ObliDB: Oblivious Query Processing for Secure Databases Saba Eskandarian Matei Zaharia Stanford

ObliDB: Oblivious Query Processing for Secure Databases Saba Eskandarian Matei Zaharia Stanford University Stanford University Private Data in the Cloud Compromised cloud can: Read data Read queries Alter data Hardware Enclaves A trusted

438 views • 31 slides
Searchable Security Scheme for Cloud NoSQL Mohammad Ahmadian ahmadian@knights.ucf.edu Advisor:

Searchable Security Scheme for Cloud NoSQL Mohammad Ahmadian ahmadian@knights.ucf.edu Advisor:

Searchable Security Scheme for Cloud NoSQL Mohammad Ahmadian ahmadian@knights.ucf.edu Advisor: Professor Dan C. Marinescu University of Central Florida September 16, 2017 Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 1 / 48 Goal

1.31k views • 79 slides
Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Motivation Two-Cloud Setting PP k NN Classification Conclusion and Future Research Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security Yousef M. Elmehdwi Department of Mathematics and Computer

919 views • 19 slides
Chapter 3: Top-k Query Processing and Indexing 3.1 Top-k Algorithms 3.2 Approximate Top-k Query

Chapter 3: Top-k Query Processing and Indexing 3.1 Top-k Algorithms 3.2 Approximate Top-k Query

Chapter 3: Top-k Query Processing and Indexing 3.1 Top-k Algorithms 3.2 Approximate Top-k Query Processing 3.3 Index Access Scheduling 3.4 Index Organization and Advanced Query Types 3-1 IRDM WS 2005 3.1 Top-k Query Processing with Scoring

592 views • 36 slides
Query Processing Relevance feedback; query expansion; Web Search 1 Overview Indexes Query

Query Processing Relevance feedback; query expansion; Web Search 1 Overview Indexes Query

Query Processing Relevance feedback; query expansion; Web Search 1 Overview Indexes Query Indexi xing Ranki king Applica cation Results Documents User Information Query y Query analys ysis proce cess ssing Multimedia

740 views • 32 slides
1 Recap: Taking Differences Distribution of Integer Values 0.1 idea: use efficient coding

1 Recap: Taking Differences Distribution of Integer Values 0.1 idea: use efficient coding

Recap: Search Engine Query Processing Recap: Search Engine Query Processing Parallel query processing: divide docs between Basically, to process a query we need to traverse the many machines, broadcast results to all inverted lists of the

434 views • 6 slides
Online Query Processing Exposure to online query processing algorithms and fundamentals A

Online Query Processing Exposure to online query processing algorithms and fundamentals A

Goals for Today Online Query Processing Exposure to online query processing algorithms and fundamentals A Tutorial Usage examples Basic sampling techniques and estimators Preferential data delivery Peter J. Haas Online

353 views • 10 slides
CS4224/CS5424 Lecture 9 Distributed Query Processing Query Processing Translates query into a

CS4224/CS5424 Lecture 9 Distributed Query Processing Query Processing Translates query into a

CS4224/CS5424 Lecture 9 Distributed Query Processing Query Processing Translates query into a query plan that minimizes some cost function Minimize total cost CPU cost, I/O cost, &amp; communication cost Minimize response time

841 views • 52 slides
Extreme Computing NoSQL www.inf.ed.ac.uk PREVIOUSLY: BATCH Query most/all data Results

Extreme Computing NoSQL www.inf.ed.ac.uk PREVIOUSLY: BATCH Query most/all data Results

Extreme Computing NoSQL www.inf.ed.ac.uk PREVIOUSLY: BATCH Query most/all data Results Eventually NOW: ON DEMAND Single Data Points Latency Matters www.inf.ed.ac.uk One problem, three ideas We want to keep track of mutable state in a

781 views • 49 slides
1 Language processing Query Graph Model Two stages: compilation and Vertices execution

1 Language processing Query Graph Model Two stages: compilation and Vertices execution

Outline Extensible Query Processing in Motivation Starburst Solution: Extensible DBMS Language Processing Query Graph Model Presentation: Kati Query rewrite Discussion: Andrew Summary Motivation Starburst Project

281 views • 3 slides
V.3 Query Processing 1. Term-at-a-Time 2. Document-at-a-Time 3. WAND 4. Quit &amp; Continue 5.

V.3 Query Processing 1. Term-at-a-Time 2. Document-at-a-Time 3. WAND 4. Quit &amp; Continue 5.

V.3 Query Processing 1. Term-at-a-Time 2. Document-at-a-Time 3. WAND 4. Quit &amp; Continue 5. Buckleys Algorithm 6. Fagins Threshold Algorithms 7. Query Processing with Importance Scores 8. Query Processing with Champion

2.02k views • 79 slides
Enterprise 2.0 Secure Cloud Mail and Content Collaboration

Enterprise 2.0 Secure Cloud Mail and Content Collaboration

Use Case Sharing: Enterprise 2.0 Secure Cloud Mail and Content Collaboration Market Development Director / Andy Lin Secure Mail &amp; Collaboration Solution Provider 4 5 On-Premise Cloud OEM Cloud

657 views • 32 slides
Efficient query processing Efficient scoring, distributed query processing Web Search 1 Ranking

Efficient query processing Efficient scoring, distributed query processing Web Search 1 Ranking

Efficient query processing Efficient scoring, distributed query processing Web Search 1 Ranking functions In general, document scoring functions are of the form The BM25 function, is one of the best performing: The term frequency is

648 views • 31 slides
CSCI403 Lecture 36: NoSQL, Distributed DBs, DBs in the Cloud So you want a database... Imagine

CSCI403 Lecture 36: NoSQL, Distributed DBs, DBs in the Cloud So you want a database... Imagine

CSCI403 Lecture 36: NoSQL, Distributed DBs, DBs in the Cloud So you want a database... Imagine Relational Doesnt Exist MongoDB (from &quot;humongous&quot;) is a scalable, high-performance, open source, document-oriented database.

701 views • 20 slides
Databases SQL, NoSQL, ORMs, REST/GraphQL, JSON/gRPC SQL QL (1974) 4) Initially, relational

Databases SQL, NoSQL, ORMs, REST/GraphQL, JSON/gRPC SQL QL (1974) 4) Initially, relational

Databases SQL, NoSQL, ORMs, REST/GraphQL, JSON/gRPC SQL QL (1974) 4) Initially, relational databases with query languages based on mathematical logic SQL (Chamberlin, Boyce @ IBM Research) Query language accessible to those without

821 views • 56 slides
Steps in Query Processing 1. Translation check SQL syntax check existence of relations and

Steps in Query Processing 1. Translation check SQL syntax check existence of relations and

Query Processing 1 Steps in Query Processing 1. Translation check SQL syntax check existence of relations and attributes replace views by their definitions generate internal query representation 2. Optimization consider

507 views • 23 slides
NoSQL Source: Pramod J. Sadalage and Martin Fowler NoSQL Distilled: A Brief Guide to the

NoSQL Source: Pramod J. Sadalage and Martin Fowler NoSQL Distilled: A Brief Guide to the

NoSQL Source: Pramod J. Sadalage and Martin Fowler NoSQL Distilled: A Brief Guide to the Emerging World of Polyglot Persistence , Pearson Education, 2013 Objectives Introduce some key concepts behind the NoSQL family of databases Why NoSQL?

919 views • 19 slides
NoSQL and MongoDB 1 2 Introduction to NoSQL Based on a presentation by Traversy Media 3 What

NoSQL and MongoDB 1 2 Introduction to NoSQL Based on a presentation by Traversy Media 3 What

NoSQL and MongoDB 1 2 Introduction to NoSQL Based on a presentation by Traversy Media 3 What is NoSQL? Not only SQL SQL means Relational model Strong typing ACID compliance Normalization NoSQL means more freedom or flexibility 4

376 views • 34 slides
CryptDB Protecting Confidentiality with Encrypted Query Processing Katarzyna Baranowska

CryptDB Protecting Confidentiality with Encrypted Query Processing Katarzyna Baranowska

CryptDB Protecting Confidentiality with Encrypted Query Processing Katarzyna Baranowska University of Warsaw January 21, 2012 Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Why secure data? Medical data Contact data Payment

1.27k views • 78 slides
Presentation Outline Introduction Related Work System Architecture Privacy

Presentation Outline Introduction Related Work System Architecture Privacy

Privacy Protected Query Processing Privacy Protected Query Processing Privacy Protected Query Processing on Spatial Networks on Spatial Networks on Spatial Networks Wei-Shinn Ku Roger Zimmermann Wen-Chih Peng Sushama Shroff Third

557 views • 12 slides
STANlite a database engine for secure data processing at rack-scale level IEEE International

STANlite a database engine for secure data processing at rack-scale level IEEE International

Institute of Operating Systems and Computer Networks STANlite a database engine for secure data processing at rack-scale level IEEE International Conference on Cloud Engineering (IC2E18) V. A. Sartakov, N. Weichbrodt, S. Krieter, T.

388 views • 37 slides
CS525: Advanced Database Organization Notes 6: Query Processing Parsing and pre-processing

CS525: Advanced Database Organization Notes 6: Query Processing Parsing and pre-processing

CS525: Advanced Database Organization Notes 6: Query Processing Parsing and pre-processing Yousef M. Elmehdwi Department of Computer Science Illinois Institute of Technology yelmehdwi@iit.edu October 9, 2018 Slides: adapted from a course

807 views • 33 slides
Computations on Encrypted Data for the Cloud David Pointcheval CNRS - ENS - INRIA Secure Cloud

Computations on Encrypted Data for the Cloud David Pointcheval CNRS - ENS - INRIA Secure Cloud

Computations on Encrypted Data for the Cloud David Pointcheval CNRS - ENS - INRIA Secure Cloud Services and Storage Workshop Oslo, Norway - September 10th, 2017 The Cloud David Pointcheval Introduction 2 / 17 Anything from Anywhere One

290 views • 17 slides

More recommend