SlideShare a Scribd company logo

600.412.Lecture06

R
ragibhasan

CS 600.412 Security and Privacy in Cloud Computing

1 of 18
Security and Privacy in Cloud Computing Ragib HasanJohns Hopkins Universityen.600.412 Spring 2010 Lecture 6 03/22/2010
Verifying Computations in a Cloud 3/22/2010 Scenario User sends her data processing job to the cloud. Clouds provide dataflow operation as a service (e.g., MapReduce, Hadoop etc.) Problem: Users have no way of evaluating the correctness of results en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 2
DataFlow Operations 3/22/2010 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 3 Properties High performance, in-memory data processing Each node performs a particular function Nodes are mostly independent of each other Examples MapReduce, Hadoop, System S, Dryad
How do we ensure DataFlow operation results are correct? 3/22/2010 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 4 Goals ,[object Object]
To determine the nature of their malicious action
To evaluate the quality of output dataDu et al., RunTest: Assuring Integrity of Dataflow Processing in Cloud Computing Infrastructures, AsiaCCS 2010
Possible Approaches Re-do the computation Check memory footprint of code execution Majority voting Hardware-based attestation Run-time attestation 3/22/2010 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 5
RunTest: Randomized Data Attestation Idea For some data inputs, send it along multiple dataflow paths Record and match all intermediate results from the matching nodes in the paths Build an attestation graph using node agreement Over time, the graph shows which node misbehave (always or time-to-time) 3/22/2010 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 6
Attack Model Data model: Input deterministic DataFlow (i.e., same input to a function will always produce the same output) Data processing is stateless (e.g., selection, filtering) Attacker: Malicious or compromised cloud nodes Can produce bad results always or some time Can collude with other malicious nodes to provide same bad result 3/22/2010 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 7
Attack Model (scenarios) Parameters b_i = probability of providing bad result c_i = probability of providing the same bad result as another malicious node Attack scenarios NCAM: b_i = 1, c_i = 0 NCPM: 0 < b_i <1, c_i = 0 FTFC: b_i = 1, c_i = 1 PTFC: 0< b_i < 1, c_i = 0 PTPC: 0< b_i < 1, 0 < c_i < 1 3/22/2010 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 8
Integrity Attestation Graph Definition: Vertices: Nodes in the DataFlow paths Edges: Consistency relationships. Edge weight: fraction of consistent output of all outputs generated from same data items 3/22/2010 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 9
Consistency Clique Complete subgraph of an attestation graph which has 2 or more nodes All nodes always agree with each other (i.e., all edge weights are 1) 3/22/2010 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 10 2 1 3 5 4
How to find malicious nodes Intuitions Honest nodes will always agree with each other to produce the same outputs, given the same data Number of malicious nodes is less than half of all nodes 3/22/2010 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 11
Finding Consistency Cliques: BK Algorithm Goal: find the maximal clique in the attestation graph Technique: Apply Bron-Kerbosch algorithm to find the maximal clique(s) (see better example at Wikipedia) Any node not in a maximal clique of size k/2 is a malicious node 3/22/2010 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 12 Note: BK algorithm is NP-Hard Authors proposed 2 optimizations to make it run quicker
Identifying attack patterns 3/22/2010 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 13 NCAM PTFC/NCPM PTFC FTFC
Inferring data quality Quality = 1 – (c/n) where n = total number of unique data items c = total number of duplicated data with inconsistent results 3/22/2010 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 14
Evaluation Extended IBM System S Experiments: Detection rate Sensitivity to parameters Comparison with majority voting 3/22/2010 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 15
Evaluation 3/22/2010 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 16 NCPM (b=0.2, c=0) Different misbehavior probabilities

Recommended

T AXONOMY OF O PTIMIZATION A PPROACHES OF R ESOURCE B ROKERS IN D ATA G RIDS
T AXONOMY OF O PTIMIZATION A PPROACHES OF R ESOURCE B ROKERS IN D ATA G RIDST AXONOMY OF O PTIMIZATION A PPROACHES OF R ESOURCE B ROKERS IN D ATA G RIDS
T AXONOMY OF O PTIMIZATION A PPROACHES OF R ESOURCE B ROKERS IN D ATA G RIDSijcsit
 
Active Content-Based Crowdsourcing Task Selection
Active Content-Based Crowdsourcing Task SelectionActive Content-Based Crowdsourcing Task Selection
Active Content-Based Crowdsourcing Task SelectionCarsten Eickhoff
 
Analysis of different similarity measures: Simrank
Analysis of different similarity measures: SimrankAnalysis of different similarity measures: Simrank
Analysis of different similarity measures: SimrankAbhishek Mungoli
 
Project Proposal Form
Project Proposal FormProject Proposal Form
Project Proposal Formbutest
 
Analysis of the “KDD Cup-1999” Datasets
Analysis of the “KDD Cup-1999” DatasetsAnalysis of the “KDD Cup-1999” Datasets
Analysis of the “KDD Cup-1999” DatasetsRafsanjani, Muhammod
 
PEARC17:A real-time machine learning and visualization framework for scientif...
PEARC17:A real-time machine learning and visualization framework for scientif...PEARC17:A real-time machine learning and visualization framework for scientif...
PEARC17:A real-time machine learning and visualization framework for scientif...Feng Li
 
MultiModal Retrieval Image
MultiModal Retrieval ImageMultiModal Retrieval Image
MultiModal Retrieval ImageKonstantinos Zagoris
 
Final proj 2 (1)
Final proj 2 (1)Final proj 2 (1)
Final proj 2 (1)Praveen Kumar
 

Recommended

T AXONOMY OF O PTIMIZATION A PPROACHES OF R ESOURCE B ROKERS IN D ATA G RIDS
T AXONOMY OF O PTIMIZATION A PPROACHES OF R ESOURCE B ROKERS IN D ATA G RIDST AXONOMY OF O PTIMIZATION A PPROACHES OF R ESOURCE B ROKERS IN D ATA G RIDS
T AXONOMY OF O PTIMIZATION A PPROACHES OF R ESOURCE B ROKERS IN D ATA G RIDSijcsit
 
Active Content-Based Crowdsourcing Task Selection
Active Content-Based Crowdsourcing Task SelectionActive Content-Based Crowdsourcing Task Selection
Active Content-Based Crowdsourcing Task SelectionCarsten Eickhoff
 
Analysis of different similarity measures: Simrank
Analysis of different similarity measures: SimrankAnalysis of different similarity measures: Simrank
Analysis of different similarity measures: SimrankAbhishek Mungoli
 
Project Proposal Form
Project Proposal FormProject Proposal Form
Project Proposal Formbutest
 
Analysis of the “KDD Cup-1999” Datasets
Analysis of the “KDD Cup-1999” DatasetsAnalysis of the “KDD Cup-1999” Datasets
Analysis of the “KDD Cup-1999” DatasetsRafsanjani, Muhammod
 
PEARC17:A real-time machine learning and visualization framework for scientif...
PEARC17:A real-time machine learning and visualization framework for scientif...PEARC17:A real-time machine learning and visualization framework for scientif...
PEARC17:A real-time machine learning and visualization framework for scientif...Feng Li
 
MultiModal Retrieval Image
MultiModal Retrieval ImageMultiModal Retrieval Image
MultiModal Retrieval ImageKonstantinos Zagoris
 
Final proj 2 (1)
Final proj 2 (1)Final proj 2 (1)
Final proj 2 (1)Praveen Kumar
 
IEEE 2014 DOTNET DATA MINING PROJECTS Similarity preserving snippet based vis...
IEEE 2014 DOTNET DATA MINING PROJECTS Similarity preserving snippet based vis...IEEE 2014 DOTNET DATA MINING PROJECTS Similarity preserving snippet based vis...
IEEE 2014 DOTNET DATA MINING PROJECTS Similarity preserving snippet based vis...IEEEMEMTECHSTUDENTPROJECTS
 
Poster (1)
Poster (1)Poster (1)
Poster (1)Daniel Osei
 
Visualization-Driven Data Aggregation
Visualization-Driven Data AggregationVisualization-Driven Data Aggregation
Visualization-Driven Data AggregationZbigniew Jerzak
 
ICFHR 2014 Competition on Handwritten KeyWord Spotting (H-KWS 2014)
ICFHR 2014 Competition on Handwritten KeyWord Spotting (H-KWS 2014)ICFHR 2014 Competition on Handwritten KeyWord Spotting (H-KWS 2014)
ICFHR 2014 Competition on Handwritten KeyWord Spotting (H-KWS 2014)Konstantinos Zagoris
 
Document clustering for forensic analysis
Document clustering for forensic analysisDocument clustering for forensic analysis
Document clustering for forensic analysissrinivasa teja
 
Indexing data on the web a comparison of schema level indices for data search
Indexing data on the web a comparison of schema level indices for data searchIndexing data on the web a comparison of schema level indices for data search
Indexing data on the web a comparison of schema level indices for data searchTill Blume
 
Document clustering for forensic analysis an approach for improving compute...
Document clustering for forensic analysis an approach for improving compute...Document clustering for forensic analysis an approach for improving compute...
Document clustering for forensic analysis an approach for improving compute...Madan Golla
 
A new link based approach for categorical data clustering
A new link based approach for categorical data clusteringA new link based approach for categorical data clustering
A new link based approach for categorical data clusteringInternational Journal of Science and Research (IJSR)
 
Dynamic Two-Stage Image Retrieval from Large Multimodal Databases
Dynamic Two-Stage Image Retrieval from Large Multimodal DatabasesDynamic Two-Stage Image Retrieval from Large Multimodal Databases
Dynamic Two-Stage Image Retrieval from Large Multimodal DatabasesKonstantinos Zagoris
 
COLOCATION MINING IN UNCERTAIN DATA SETS: A PROBABILISTIC APPROACH
COLOCATION MINING IN UNCERTAIN DATA SETS: A PROBABILISTIC APPROACHCOLOCATION MINING IN UNCERTAIN DATA SETS: A PROBABILISTIC APPROACH
COLOCATION MINING IN UNCERTAIN DATA SETS: A PROBABILISTIC APPROACHIJCI JOURNAL
 
IEEE VIS 2013 Graph-Based Navigation of a Box Office Prediction System
IEEE VIS 2013 Graph-Based Navigation of a Box Office Prediction SystemIEEE VIS 2013 Graph-Based Navigation of a Box Office Prediction System
IEEE VIS 2013 Graph-Based Navigation of a Box Office Prediction SystemMat Kelly
 
Volume 2-issue-6-1930-1932
Volume 2-issue-6-1930-1932Volume 2-issue-6-1930-1932
Volume 2-issue-6-1930-1932Editor IJARCET
 
An Improved Differential Evolution Algorithm for Data Stream Clustering
An Improved Differential Evolution Algorithm for Data Stream ClusteringAn Improved Differential Evolution Algorithm for Data Stream Clustering
An Improved Differential Evolution Algorithm for Data Stream ClusteringIJECEIAES
 
IEEE 2014 JAVA DATA MINING PROJECTS A similarity measure for text classificat...
IEEE 2014 JAVA DATA MINING PROJECTS A similarity measure for text classificat...IEEE 2014 JAVA DATA MINING PROJECTS A similarity measure for text classificat...
IEEE 2014 JAVA DATA MINING PROJECTS A similarity measure for text classificat...IEEEFINALYEARSTUDENTPROJECTS
 
Text extraction using document structure features and support vector machines
Text extraction using document structure features and support vector machinesText extraction using document structure features and support vector machines
Text extraction using document structure features and support vector machinesKonstantinos Zagoris
 
Graph Centric Analysis of Road Network Patterns for CBD’s of Metropolitan Cit...
Graph Centric Analysis of Road Network Patterns for CBD’s of Metropolitan Cit...Graph Centric Analysis of Road Network Patterns for CBD’s of Metropolitan Cit...
Graph Centric Analysis of Road Network Patterns for CBD’s of Metropolitan Cit...Punit Sharnagat
 
Cg33504508
Cg33504508Cg33504508
Cg33504508IJERA Editor
 
K-means Clustering Method for the Analysis of Log Data
K-means Clustering Method for the Analysis of Log DataK-means Clustering Method for the Analysis of Log Data
K-means Clustering Method for the Analysis of Log Dataidescitation
 
SOAP Overview
SOAP OverviewSOAP Overview
SOAP Overviewelliando dias
 
Simple object access protocol(soap )
Simple object access protocol(soap )Simple object access protocol(soap )
Simple object access protocol(soap )balamurugan.k Kalibalamurugan
 
Soap
SoapSoap
SoapEri Alam
 
Soap xp-wg
Soap xp-wgSoap xp-wg
Soap xp-wgSafwan Hashmi
 

More Related Content

What's hot

IEEE 2014 DOTNET DATA MINING PROJECTS Similarity preserving snippet based vis...
IEEE 2014 DOTNET DATA MINING PROJECTS Similarity preserving snippet based vis...IEEE 2014 DOTNET DATA MINING PROJECTS Similarity preserving snippet based vis...
IEEE 2014 DOTNET DATA MINING PROJECTS Similarity preserving snippet based vis...IEEEMEMTECHSTUDENTPROJECTS
 
Visualization-Driven Data Aggregation
Visualization-Driven Data AggregationVisualization-Driven Data Aggregation
Visualization-Driven Data AggregationZbigniew Jerzak
 
ICFHR 2014 Competition on Handwritten KeyWord Spotting (H-KWS 2014)
ICFHR 2014 Competition on Handwritten KeyWord Spotting (H-KWS 2014)ICFHR 2014 Competition on Handwritten KeyWord Spotting (H-KWS 2014)
ICFHR 2014 Competition on Handwritten KeyWord Spotting (H-KWS 2014)Konstantinos Zagoris
 
Document clustering for forensic analysis
Document clustering for forensic analysisDocument clustering for forensic analysis
Document clustering for forensic analysissrinivasa teja
 
Indexing data on the web a comparison of schema level indices for data search
Indexing data on the web a comparison of schema level indices for data searchIndexing data on the web a comparison of schema level indices for data search
Indexing data on the web a comparison of schema level indices for data searchTill Blume
 
Document clustering for forensic analysis an approach for improving compute...
Document clustering for forensic analysis an approach for improving compute...Document clustering for forensic analysis an approach for improving compute...
Document clustering for forensic analysis an approach for improving compute...Madan Golla
 
Dynamic Two-Stage Image Retrieval from Large Multimodal Databases
Dynamic Two-Stage Image Retrieval from Large Multimodal DatabasesDynamic Two-Stage Image Retrieval from Large Multimodal Databases
Dynamic Two-Stage Image Retrieval from Large Multimodal DatabasesKonstantinos Zagoris
 
COLOCATION MINING IN UNCERTAIN DATA SETS: A PROBABILISTIC APPROACH
COLOCATION MINING IN UNCERTAIN DATA SETS: A PROBABILISTIC APPROACHCOLOCATION MINING IN UNCERTAIN DATA SETS: A PROBABILISTIC APPROACH
COLOCATION MINING IN UNCERTAIN DATA SETS: A PROBABILISTIC APPROACHIJCI JOURNAL
 
IEEE VIS 2013 Graph-Based Navigation of a Box Office Prediction System
IEEE VIS 2013 Graph-Based Navigation of a Box Office Prediction SystemIEEE VIS 2013 Graph-Based Navigation of a Box Office Prediction System
IEEE VIS 2013 Graph-Based Navigation of a Box Office Prediction SystemMat Kelly
 
Volume 2-issue-6-1930-1932
Volume 2-issue-6-1930-1932Volume 2-issue-6-1930-1932
Volume 2-issue-6-1930-1932Editor IJARCET
 
An Improved Differential Evolution Algorithm for Data Stream Clustering
An Improved Differential Evolution Algorithm for Data Stream ClusteringAn Improved Differential Evolution Algorithm for Data Stream Clustering
An Improved Differential Evolution Algorithm for Data Stream ClusteringIJECEIAES
 
IEEE 2014 JAVA DATA MINING PROJECTS A similarity measure for text classificat...
IEEE 2014 JAVA DATA MINING PROJECTS A similarity measure for text classificat...IEEE 2014 JAVA DATA MINING PROJECTS A similarity measure for text classificat...
IEEE 2014 JAVA DATA MINING PROJECTS A similarity measure for text classificat...IEEEFINALYEARSTUDENTPROJECTS
 
Text extraction using document structure features and support vector machines
Text extraction using document structure features and support vector machinesText extraction using document structure features and support vector machines
Text extraction using document structure features and support vector machinesKonstantinos Zagoris
 
Graph Centric Analysis of Road Network Patterns for CBD’s of Metropolitan Cit...
Graph Centric Analysis of Road Network Patterns for CBD’s of Metropolitan Cit...Graph Centric Analysis of Road Network Patterns for CBD’s of Metropolitan Cit...
Graph Centric Analysis of Road Network Patterns for CBD’s of Metropolitan Cit...Punit Sharnagat
 
K-means Clustering Method for the Analysis of Log Data
K-means Clustering Method for the Analysis of Log DataK-means Clustering Method for the Analysis of Log Data
K-means Clustering Method for the Analysis of Log Dataidescitation
 

What's hot (18)

IEEE 2014 DOTNET DATA MINING PROJECTS Similarity preserving snippet based vis...
IEEE 2014 DOTNET DATA MINING PROJECTS Similarity preserving snippet based vis...IEEE 2014 DOTNET DATA MINING PROJECTS Similarity preserving snippet based vis...
IEEE 2014 DOTNET DATA MINING PROJECTS Similarity preserving snippet based vis...
 
Poster (1)
Poster (1)Poster (1)
Poster (1)
 
Visualization-Driven Data Aggregation
Visualization-Driven Data AggregationVisualization-Driven Data Aggregation
Visualization-Driven Data Aggregation
 
ICFHR 2014 Competition on Handwritten KeyWord Spotting (H-KWS 2014)
ICFHR 2014 Competition on Handwritten KeyWord Spotting (H-KWS 2014)ICFHR 2014 Competition on Handwritten KeyWord Spotting (H-KWS 2014)
ICFHR 2014 Competition on Handwritten KeyWord Spotting (H-KWS 2014)
 
Document clustering for forensic analysis
Document clustering for forensic analysisDocument clustering for forensic analysis
Document clustering for forensic analysis
 
Indexing data on the web a comparison of schema level indices for data search
Indexing data on the web a comparison of schema level indices for data searchIndexing data on the web a comparison of schema level indices for data search
Indexing data on the web a comparison of schema level indices for data search
 
Document clustering for forensic analysis an approach for improving compute...
Document clustering for forensic analysis an approach for improving compute...Document clustering for forensic analysis an approach for improving compute...
Document clustering for forensic analysis an approach for improving compute...
 
A new link based approach for categorical data clustering
A new link based approach for categorical data clusteringA new link based approach for categorical data clustering
A new link based approach for categorical data clustering
 
Dynamic Two-Stage Image Retrieval from Large Multimodal Databases
Dynamic Two-Stage Image Retrieval from Large Multimodal DatabasesDynamic Two-Stage Image Retrieval from Large Multimodal Databases
Dynamic Two-Stage Image Retrieval from Large Multimodal Databases
 
COLOCATION MINING IN UNCERTAIN DATA SETS: A PROBABILISTIC APPROACH
COLOCATION MINING IN UNCERTAIN DATA SETS: A PROBABILISTIC APPROACHCOLOCATION MINING IN UNCERTAIN DATA SETS: A PROBABILISTIC APPROACH
COLOCATION MINING IN UNCERTAIN DATA SETS: A PROBABILISTIC APPROACH
 
IEEE VIS 2013 Graph-Based Navigation of a Box Office Prediction System
IEEE VIS 2013 Graph-Based Navigation of a Box Office Prediction SystemIEEE VIS 2013 Graph-Based Navigation of a Box Office Prediction System
IEEE VIS 2013 Graph-Based Navigation of a Box Office Prediction System
 
Volume 2-issue-6-1930-1932
Volume 2-issue-6-1930-1932Volume 2-issue-6-1930-1932
Volume 2-issue-6-1930-1932
 
An Improved Differential Evolution Algorithm for Data Stream Clustering
An Improved Differential Evolution Algorithm for Data Stream ClusteringAn Improved Differential Evolution Algorithm for Data Stream Clustering
An Improved Differential Evolution Algorithm for Data Stream Clustering
 
IEEE 2014 JAVA DATA MINING PROJECTS A similarity measure for text classificat...
IEEE 2014 JAVA DATA MINING PROJECTS A similarity measure for text classificat...IEEE 2014 JAVA DATA MINING PROJECTS A similarity measure for text classificat...
IEEE 2014 JAVA DATA MINING PROJECTS A similarity measure for text classificat...
 
Text extraction using document structure features and support vector machines
Text extraction using document structure features and support vector machinesText extraction using document structure features and support vector machines
Text extraction using document structure features and support vector machines
 
Graph Centric Analysis of Road Network Patterns for CBD’s of Metropolitan Cit...
Graph Centric Analysis of Road Network Patterns for CBD’s of Metropolitan Cit...Graph Centric Analysis of Road Network Patterns for CBD’s of Metropolitan Cit...
Graph Centric Analysis of Road Network Patterns for CBD’s of Metropolitan Cit...
 
Cg33504508
Cg33504508Cg33504508
Cg33504508
 
K-means Clustering Method for the Analysis of Log Data
K-means Clustering Method for the Analysis of Log DataK-means Clustering Method for the Analysis of Log Data
K-means Clustering Method for the Analysis of Log Data
 

Viewers also liked

Simple Object Access Protocol
Simple Object Access ProtocolSimple Object Access Protocol
Simple Object Access ProtocolSaatviga Sudhahar
 
SOAP--Simple Object Access Protocol
SOAP--Simple Object Access ProtocolSOAP--Simple Object Access Protocol
SOAP--Simple Object Access ProtocolMasud Rahman
 
Web Services (SOAP, WSDL, UDDI)
Web Services (SOAP, WSDL, UDDI)Web Services (SOAP, WSDL, UDDI)
Web Services (SOAP, WSDL, UDDI)Peter R. Egli
 
Best topics for seminar
Best topics for seminarBest topics for seminar
Best topics for seminarshilpi nagpal
 

Viewers also liked (9)

SOAP Overview
SOAP OverviewSOAP Overview
SOAP Overview
 
Simple object access protocol(soap )
Simple object access protocol(soap )Simple object access protocol(soap )
Simple object access protocol(soap )
 
Soap
SoapSoap
Soap
 
Soap xp-wg
Soap xp-wgSoap xp-wg
Soap xp-wg
 
Simple Object Access Protocol
Simple Object Access ProtocolSimple Object Access Protocol
Simple Object Access Protocol
 
SOAP--Simple Object Access Protocol
SOAP--Simple Object Access ProtocolSOAP--Simple Object Access Protocol
SOAP--Simple Object Access Protocol
 
Introduction to SOAP
Introduction to SOAPIntroduction to SOAP
Introduction to SOAP
 
Web Services (SOAP, WSDL, UDDI)
Web Services (SOAP, WSDL, UDDI)Web Services (SOAP, WSDL, UDDI)
Web Services (SOAP, WSDL, UDDI)
 
Best topics for seminar
Best topics for seminarBest topics for seminar
Best topics for seminar
 

Similar to 600.412.Lecture06

Performance evaluation of botnet detection using machine learning techniques
Performance evaluation of botnet detection using machine learning techniquesPerformance evaluation of botnet detection using machine learning techniques
Performance evaluation of botnet detection using machine learning techniquesIJECEIAES
 
A Survey on Privacy-Preserving Data Aggregation Without Secure Channel
A Survey on Privacy-Preserving Data Aggregation Without Secure ChannelA Survey on Privacy-Preserving Data Aggregation Without Secure Channel
A Survey on Privacy-Preserving Data Aggregation Without Secure ChannelIRJET Journal
 
An Examination of the Bloom Filter and its Application in Preventing Weak Pas...
An Examination of the Bloom Filter and its Application in Preventing Weak Pas...An Examination of the Bloom Filter and its Application in Preventing Weak Pas...
An Examination of the Bloom Filter and its Application in Preventing Weak Pas...Editor IJCATR
 
Partial Object Detection in Inclined Weather Conditions
Partial Object Detection in Inclined Weather ConditionsPartial Object Detection in Inclined Weather Conditions
Partial Object Detection in Inclined Weather ConditionsIRJET Journal
 
Cooperative mitigation DDoS
Cooperative mitigation DDoSCooperative mitigation DDoS
Cooperative mitigation DDoSG Prachi
 
Analytics of analytics pipelines: from optimising re-execution to general Dat...
Analytics of analytics pipelines: from optimising re-execution to general Dat...Analytics of analytics pipelines: from optimising re-execution to general Dat...
Analytics of analytics pipelines: from optimising re-execution to general Dat...Paolo Missier
 
Development of 3D convolutional neural network to recognize human activities ...
Development of 3D convolutional neural network to recognize human activities ...Development of 3D convolutional neural network to recognize human activities ...
Development of 3D convolutional neural network to recognize human activities ...journalBEEI
 
Vol 16 No 2 - July-December 2016
Vol 16 No 2 - July-December 2016Vol 16 No 2 - July-December 2016
Vol 16 No 2 - July-December 2016ijcsbi
 
1st review android malware.pptx
1st review android malware.pptx1st review android malware.pptx
1st review android malware.pptxNambiraju
 
Real time intrusion detection in network traffic using adaptive and auto-scal...
Real time intrusion detection in network traffic using adaptive and auto-scal...Real time intrusion detection in network traffic using adaptive and auto-scal...
Real time intrusion detection in network traffic using adaptive and auto-scal...Gobinath Loganathan
 
Machine learning in Dynamic Adaptive Streaming over HTTP (DASH)
Machine learning in Dynamic Adaptive Streaming over HTTP (DASH)Machine learning in Dynamic Adaptive Streaming over HTTP (DASH)
Machine learning in Dynamic Adaptive Streaming over HTTP (DASH)Eswar Publications
 
Term Paper Presentation
Term Paper PresentationTerm Paper Presentation
Term Paper PresentationShubham Singh
 
Effective Multi-Stage Training Model for Edge Computing Devices in Intrusion ...
Effective Multi-Stage Training Model for Edge Computing Devices in Intrusion ...Effective Multi-Stage Training Model for Edge Computing Devices in Intrusion ...
Effective Multi-Stage Training Model for Edge Computing Devices in Intrusion ...IJCNCJournal
 
Effective Multi-Stage Training Model for Edge Computing Devices in Intrusion ...
Effective Multi-Stage Training Model for Edge Computing Devices in Intrusion ...Effective Multi-Stage Training Model for Edge Computing Devices in Intrusion ...
Effective Multi-Stage Training Model for Edge Computing Devices in Intrusion ...IJCNCJournal
 
Data Provenance for Data Science
Data Provenance for Data ScienceData Provenance for Data Science
Data Provenance for Data SciencePaolo Missier
 

Similar to 600.412.Lecture06 (20)

Performance evaluation of botnet detection using machine learning techniques
Performance evaluation of botnet detection using machine learning techniquesPerformance evaluation of botnet detection using machine learning techniques
Performance evaluation of botnet detection using machine learning techniques
 
A Survey on Privacy-Preserving Data Aggregation Without Secure Channel
A Survey on Privacy-Preserving Data Aggregation Without Secure ChannelA Survey on Privacy-Preserving Data Aggregation Without Secure Channel
A Survey on Privacy-Preserving Data Aggregation Without Secure Channel
 
An Examination of the Bloom Filter and its Application in Preventing Weak Pas...
An Examination of the Bloom Filter and its Application in Preventing Weak Pas...An Examination of the Bloom Filter and its Application in Preventing Weak Pas...
An Examination of the Bloom Filter and its Application in Preventing Weak Pas...
 
Partial Object Detection in Inclined Weather Conditions
Partial Object Detection in Inclined Weather ConditionsPartial Object Detection in Inclined Weather Conditions
Partial Object Detection in Inclined Weather Conditions
 
Cooperative mitigation DDoS
Cooperative mitigation DDoSCooperative mitigation DDoS
Cooperative mitigation DDoS
 
ODVSML_Presentation
ODVSML_PresentationODVSML_Presentation
ODVSML_Presentation
 
2. visualization in data mining
2. visualization in data mining2. visualization in data mining
2. visualization in data mining
 
Analytics of analytics pipelines: from optimising re-execution to general Dat...
Analytics of analytics pipelines: from optimising re-execution to general Dat...Analytics of analytics pipelines: from optimising re-execution to general Dat...
Analytics of analytics pipelines: from optimising re-execution to general Dat...
 
Development of 3D convolutional neural network to recognize human activities ...
Development of 3D convolutional neural network to recognize human activities ...Development of 3D convolutional neural network to recognize human activities ...
Development of 3D convolutional neural network to recognize human activities ...
 
Dynamic Symbolic Database Application Testing
Dynamic Symbolic Database Application TestingDynamic Symbolic Database Application Testing
Dynamic Symbolic Database Application Testing
 
Journal paper 1
Journal paper 1Journal paper 1
Journal paper 1
 
Vol 16 No 2 - July-December 2016
Vol 16 No 2 - July-December 2016Vol 16 No 2 - July-December 2016
Vol 16 No 2 - July-December 2016
 
1st review android malware.pptx
1st review android malware.pptx1st review android malware.pptx
1st review android malware.pptx
 
Real time intrusion detection in network traffic using adaptive and auto-scal...
Real time intrusion detection in network traffic using adaptive and auto-scal...Real time intrusion detection in network traffic using adaptive and auto-scal...
Real time intrusion detection in network traffic using adaptive and auto-scal...
 
Machine learning in Dynamic Adaptive Streaming over HTTP (DASH)
Machine learning in Dynamic Adaptive Streaming over HTTP (DASH)Machine learning in Dynamic Adaptive Streaming over HTTP (DASH)
Machine learning in Dynamic Adaptive Streaming over HTTP (DASH)
 
Big Data and IOT
Big Data and IOTBig Data and IOT
Big Data and IOT
 
Term Paper Presentation
Term Paper PresentationTerm Paper Presentation
Term Paper Presentation
 
Effective Multi-Stage Training Model for Edge Computing Devices in Intrusion ...
Effective Multi-Stage Training Model for Edge Computing Devices in Intrusion ...Effective Multi-Stage Training Model for Edge Computing Devices in Intrusion ...
Effective Multi-Stage Training Model for Edge Computing Devices in Intrusion ...
 
Effective Multi-Stage Training Model for Edge Computing Devices in Intrusion ...
Effective Multi-Stage Training Model for Edge Computing Devices in Intrusion ...Effective Multi-Stage Training Model for Edge Computing Devices in Intrusion ...
Effective Multi-Stage Training Model for Edge Computing Devices in Intrusion ...
 
Data Provenance for Data Science
Data Provenance for Data ScienceData Provenance for Data Science
Data Provenance for Data Science
 

More from ragibhasan

Dw bobs-shikkhok
Dw bobs-shikkhokDw bobs-shikkhok
Dw bobs-shikkhokragibhasan
 
Security and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level viewSecurity and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level viewragibhasan
 
600.412.Lecture02
600.412.Lecture02600.412.Lecture02
600.412.Lecture02ragibhasan
 
600.412.Lecture03
600.412.Lecture03600.412.Lecture03
600.412.Lecture03ragibhasan
 
600.412.Lecture05
600.412.Lecture05600.412.Lecture05
600.412.Lecture05ragibhasan
 
600.412.Lecture07
600.412.Lecture07600.412.Lecture07
600.412.Lecture07ragibhasan
 
600.412.Lecture08
600.412.Lecture08600.412.Lecture08
600.412.Lecture08ragibhasan
 
Fake Picassos, Tampered History, and Digital Forgery: Protecting the Genealog...
Fake Picassos, Tampered History, and Digital Forgery: Protecting the Genealog...Fake Picassos, Tampered History, and Digital Forgery: Protecting the Genealog...
Fake Picassos, Tampered History, and Digital Forgery: Protecting the Genealog...ragibhasan
 
Lecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud ComputingLecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud Computingragibhasan
 

More from ragibhasan (9)

Dw bobs-shikkhok
Dw bobs-shikkhokDw bobs-shikkhok
Dw bobs-shikkhok
 
Security and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level viewSecurity and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level view
 
600.412.Lecture02
600.412.Lecture02600.412.Lecture02
600.412.Lecture02
 
600.412.Lecture03
600.412.Lecture03600.412.Lecture03
600.412.Lecture03
 
600.412.Lecture05
600.412.Lecture05600.412.Lecture05
600.412.Lecture05
 
600.412.Lecture07
600.412.Lecture07600.412.Lecture07
600.412.Lecture07
 
600.412.Lecture08
600.412.Lecture08600.412.Lecture08
600.412.Lecture08
 
Fake Picassos, Tampered History, and Digital Forgery: Protecting the Genealog...
Fake Picassos, Tampered History, and Digital Forgery: Protecting the Genealog...Fake Picassos, Tampered History, and Digital Forgery: Protecting the Genealog...
Fake Picassos, Tampered History, and Digital Forgery: Protecting the Genealog...
 
Lecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud ComputingLecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud Computing
 

600.412.Lecture06

  • 1. Security and Privacy in Cloud Computing Ragib HasanJohns Hopkins Universityen.600.412 Spring 2010 Lecture 6 03/22/2010
  • 2. Verifying Computations in a Cloud 3/22/2010 Scenario User sends her data processing job to the cloud. Clouds provide dataflow operation as a service (e.g., MapReduce, Hadoop etc.) Problem: Users have no way of evaluating the correctness of results en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 2
  • 3. DataFlow Operations 3/22/2010 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 3 Properties High performance, in-memory data processing Each node performs a particular function Nodes are mostly independent of each other Examples MapReduce, Hadoop, System S, Dryad
  • 4.
  • 5. To determine the nature of their malicious action
  • 6. To evaluate the quality of output dataDu et al., RunTest: Assuring Integrity of Dataflow Processing in Cloud Computing Infrastructures, AsiaCCS 2010
  • 7. Possible Approaches Re-do the computation Check memory footprint of code execution Majority voting Hardware-based attestation Run-time attestation 3/22/2010 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 5
  • 8. RunTest: Randomized Data Attestation Idea For some data inputs, send it along multiple dataflow paths Record and match all intermediate results from the matching nodes in the paths Build an attestation graph using node agreement Over time, the graph shows which node misbehave (always or time-to-time) 3/22/2010 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 6
  • 9. Attack Model Data model: Input deterministic DataFlow (i.e., same input to a function will always produce the same output) Data processing is stateless (e.g., selection, filtering) Attacker: Malicious or compromised cloud nodes Can produce bad results always or some time Can collude with other malicious nodes to provide same bad result 3/22/2010 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 7
  • 10. Attack Model (scenarios) Parameters b_i = probability of providing bad result c_i = probability of providing the same bad result as another malicious node Attack scenarios NCAM: b_i = 1, c_i = 0 NCPM: 0 < b_i <1, c_i = 0 FTFC: b_i = 1, c_i = 1 PTFC: 0< b_i < 1, c_i = 0 PTPC: 0< b_i < 1, 0 < c_i < 1 3/22/2010 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 8
  • 11. Integrity Attestation Graph Definition: Vertices: Nodes in the DataFlow paths Edges: Consistency relationships. Edge weight: fraction of consistent output of all outputs generated from same data items 3/22/2010 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 9
  • 12. Consistency Clique Complete subgraph of an attestation graph which has 2 or more nodes All nodes always agree with each other (i.e., all edge weights are 1) 3/22/2010 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 10 2 1 3 5 4
  • 13. How to find malicious nodes Intuitions Honest nodes will always agree with each other to produce the same outputs, given the same data Number of malicious nodes is less than half of all nodes 3/22/2010 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 11
  • 14. Finding Consistency Cliques: BK Algorithm Goal: find the maximal clique in the attestation graph Technique: Apply Bron-Kerbosch algorithm to find the maximal clique(s) (see better example at Wikipedia) Any node not in a maximal clique of size k/2 is a malicious node 3/22/2010 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 12 Note: BK algorithm is NP-Hard Authors proposed 2 optimizations to make it run quicker
  • 15. Identifying attack patterns 3/22/2010 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 13 NCAM PTFC/NCPM PTFC FTFC
  • 16. Inferring data quality Quality = 1 – (c/n) where n = total number of unique data items c = total number of duplicated data with inconsistent results 3/22/2010 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 14
  • 17. Evaluation Extended IBM System S Experiments: Detection rate Sensitivity to parameters Comparison with majority voting 3/22/2010 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 15
  • 18. Evaluation 3/22/2010 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 16 NCPM (b=0.2, c=0) Different misbehavior probabilities
  • 19. Discussion Threat model High cost of Bron-Kerbosch algorithm (O(3n/3)) Results are for building attestation graphs per function Scalability Experimental evaluation 3/22/2010 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan 17
  • 20. 3/22/2010 18 en.600.412 Spring 2010 Lecture 6 | JHU | Ragib Hasan Further Reading TPM Reset Attack http://www.cs.dartmouth.edu/~pkilab/sparks/ Halderman et al., Lest We Remember: Cold Boot Attacks on Encryption Keys, USENIX Security 08, http://citp.princeton.edu/memory/