2013 Symposium Posters

Project Members
Julian Stephen, Patrick Eugster

The shift to cloud-based computing is a paradigm change that offers considerable financial and administrative gains. But governmental and business institutions wanting to tap into these gains are concerned with security issues prevalent in cloud-based systems today. The cloud offers many new vulnerabilities and at the same time is dominated by new kinds of applications, which calls for new security solutions. Intuitively, byzantine fault tolerant (BFT) replication has many benefits to enforce integrity and support privacy in clouds. But BFT systems are not at all suited for typical "data-flow processing'' cloud applications which analyze large amounts of data in a parallelizable manner: indeed, existing BFT solutions focus on replicating single monolithic servers, whilst data-flow applications consists of several different stages, each of which may give rise to multiple components at runtime to exploit cheap hardware parallelism; similarly, BFT replication hinges on comparison of redundant outputs generated, which in the case of data-flow processing can represent huge amounts of data. We present a system that secures computations being run in the cloud by leveraging BFT replication coupled with variable-degree clustering, sampling/hashing, and separation of duty, to achieve a parameterized tradeoff between fault tolerance and overhead in practice.