Principal Investigator: Patrick Eugster
The use of "cloud technologies" presents a promising avenue for the requirements of big data analysis. Security concerns however represent a major impediment to the further adoption of clouds: through the sharing of cloud resources, an attack succeeding on one node can tamper with many applications sharing that node.
This project explores the combination of two readily-available, practical mechanisms to holistically achieve assured cloud-based big data processing: (1) Byzantine fault tolerant replication and (2) partially homomorphic encryption. The former consists in replicating computational entities to achieve availability, and comparing their produced results to enforce integrity of results as well as isolation of suspicious components. The latter suggests leveraging the innate ability of existing "cryptosystems" to support certain specific operations on data in encrypted state in order to ensure its privacy.
The project envisions an efficient application of redundant computation (replication) and redundant storage (different encryptions of same data) through a smart breakdown of programs into sub-computations and sub-datasets based on boundaries identified via program analysis. To enable that vision, the scope of Byzantine fault tolerant replication is extended beyond the present client-server scenarios to avoid significant slowdowns when applied to fine-grained parallelization of large datasets; similarly, partially homomorphic encryption is made applicable without hampering parallelism and beyond very simple programs.
Students: Julian Stephen Chamikara Jayalath
J. Stephen and P. Eugster
Secure Cloud-based Data Analysis with ClusterBFT
14th ACM/IFIP/USENIX International Middleware Conference (Middleware 2013), December 2013.
J. Stephen, S. Savvas, R. Seidel, and P. Eugster
Practical Confidentiality Preserving Big Data Analysis
6th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud '14), June 2014.
J. Stephen, S. Savvides, R. Seidel, and P. Eugster
Program Analysis for Secure Big Data Processing
29th IEEE/ACM International Conference on Automated Software Engineering (ASE 2014), to appear September 2014.
Keywords: assurance, big data, cloud, confidentiality, distributed applications, homomorphic encryption, integrity, secure group communication