balancing performance,accuracy and precision for secure cloud transactions
DESCRIPTION
Presentation based on the paper security based cloud transaction.TRANSCRIPT
03-11-20141
BALANCING
PERFORMANCE,ACCURACY
AND PRECISION FOR SECURE
CLOUD TRANSACTIONS
CONTENTS
03-11-2014Balancing performance ,accuracy and precision for secure cloud
transactions2
Introduction
Related work
Problem definition
Implementation
Evaluation
Conclusion
Future work
References
INTRODUCTION
03-11-2014Balancing performance ,accuracy and precision for secure cloud
transactions3
Cloud computing refers to both the
applications delivered as services over the
internet and h/w and systems s/w in the data
centres that provide those services.
Introduction cont...
03-11-2014Balancing performance ,accuracy and precision for secure cloud transactions4
One of the most appealing effects of cloud
computing is its elasticity.
To provide scalability and elasticity cloud
services make heavy use of replication to
ensure consistent performance and
availability
03-11-2014Balancing performance ,accuracy and precision for secure cloud transactions5
Cloud services rely on the notion of eventual
consistency when propagating data
throughout the system.
oThis consistency model is a variant of
weak consistency that allows data to be
inconsistent among some replicas during
the update process, but ensures that
updates will eventually be propagated to
all replicas .
03-11-2014Balancing performance ,accuracy and precision for secure cloud
transactions6
In systems that host sensitive resources
accesses are protected via authorization
policies.
Authorization policies are which describes the
conditions under which users should be
permitted access to resources.
This policies describe relationships between
the system principles and the credentials .
03-11-2014Balancing performance ,accuracy and precision for secure cloud
transactions7
When transactional database systems are
deployed to the cloud data, policy,and credential
inconsistency problems can emerge.
To address this confluence, following
contributions are made,
Trusted transactions.
Safe transactions.
2PVC
RELATED WORK
03-11-2014Balancing performance ,accuracy and precision for secure cloud transactions8
Relaxed consistency models for the cloud :
o Adds a new dimension to the complexity of the
design of large scale applications and introduces a
new set of consistency problems.
Distributed transactions:
o There is a recent work that focuses on providing
some level of guarantee to the relationship
between data and policies.
03-11-2014Balancing performance ,accuracy and precision for secure cloud
transactions9
Distributed authorization
oHighlights the inconsistency issues that can arise in the case where authorization policies are static.
oThe credential used to satisfy these policies may be revoked or altered.
oThe authors develop protocols that enable various consistency guarantees to be enforced during the proof construction,which are similar to safe transactions.
INTERACTION AMONG THE SYSTEM COMPONENTS
03-11-2014Balancing performance ,accuracy and precision for secure cloud transactions10
SYSTEM MODEL
PROBLEM DEFINITION
03-11-2014Balancing performance ,accuracy and precision for secure cloud
transactions11
The state information of the credentials and
policies enforced by different servers may
change at any instant of time.
Therefore it becomes important to introduce
precise definitions for different consistency
levels.
These consistency models strengthen the
trusted transaction definition .
03-11-2014Balancing performance ,accuracy and precision for secure cloud
transactions12
1. VIEWSet of proofs of authorizations observed during the lifetime of a transaction.
2. VIEW CONSISTENCYPolicy versions should be internally consistent
across all servers executing the transaction.
3. GLOBAL CONSISTENCYpolicies used to evaluate the proofs of authorizations during a transaction execution among S servers should match the latest policy version among entire policies .
4. TRUSTED TRANSACTION
A transaction is safe if it is a trusted transaction and also satisfies all data integrity constraints imposed by the DBMS.
TRUSTED TRANSACTION ENFORCEMENT
03-11-2014Balancing performance ,accuracy and precision for secure cloud
transactions13
1. DEFERRED PROOFS OF AUTHORIZATION
An optimistic approach with relatively weak
authorization guarantees, evaluated only at
commit time
03-11-2014Balancing performance ,accuracy and precision for secure cloud
transactions14
2. PUNCTUAL PROOFS OF AUTHORIZATION
Proactive approach in which the proofs of
authorizations are evaluated instantaneously
whenever a query is being handled by a server.
3. INCREMENTAL PUNCTUAL PROOFS OF
AUTHORIZATION
03-11-2014Balancing performance ,accuracy and precision for secure cloud
transactions15
View instance: subset of all proofs of authorization evaluated by servers involved in transaction up till a time instance.
a transaction is not allowed to proceed unless each server achieves the desired level of policy consistency with all previous servers.
All participating servers will be view consistent by commit time.
03-11-2014Balancing performance ,accuracy and precision for secure cloud
transactions16
03-11-2014Balancing performance ,accuracy and precision for secure cloud
transactions17
4 . CONTINUOUS PROOFS OF AUTHORIZATION
Whenever a proof is evaluated ,all previous proofs have to be reevaluated if a newer version of the policy is found at any of the participating servers.
At commit time continuous proofs behave similar to incremental punctual proofs.
If later executing servers are using the new policy versions , all previous servers must
Update their policies to be consistent with the newest one.
Re-evaluate their proofs of authorization using the newer policies.
03-11-2014Balancing performance ,accuracy and precision for secure cloud
transactions18
IMPLEMENTATION
03-11-2014Balancing performance ,accuracy and precision for secure cloud
transactions19
A transaction that is trusted and database
correct is a safe transaction.
TM has to enforce either view or global
consistency among the servers participating in
the transaction.
enforces trusted transactions and this
algorithm is expanded to enforce safe
transactions.
Two –phase validation algorithm(2PV)
03-11-2014Balancing performance ,accuracy and precision for secure cloud
transactions
20
Two-phase validation algorithm
03-11-2014Balancing performance ,accuracy and precision for secure cloud
transactions21
2PV operates in two phases collection and validation.
In the case of view consistency ,there will be at most two rounds of collection phase.
For the global consistency case ,the TM retrieves the latest policy version from a master policies server.
uses it to compare against the version numbers of each participant.
Two-phase Validation Commit-2PVC
03-11-2014Balancing performance ,accuracy and precision for secure cloud
transactions22
TWO-PHASE VALIDATE COMMIT
ALGORITHM
03-11-2014Balancing performance ,accuracy and precision for secure cloud
transactions23
2PVC has similar structure as that of 2PV .
2PVC can be used to ensure the data and
policy consistency requirements of safe
transactions.
It evaluate the policies and authorizations
within the first voting phase
USING 2PV AND 2PVC IN SAFE
TRANSACTIONS
03-11-2014Balancing performance ,accuracy and precision for secure
cloud transactions24
2PV and 2PVC can be used to enforce each of the consistency levels .
Deferred and punctual proofs are roughly the same
Punctual will return proof evaluations upon executing each query.
For trusted transactions both require at commit time evaluation at all participants using 2PVC.
EVALUATION
03-11-2014Balancing performance ,accuracy and precision for secure cloud
transactions25
Deferred proofs have the best performance and less accurate
Punctual proofs incur cost of local authorization checks.
Both schemes enforce consistency at commit time.
Incremental punctual proofs has the worst performance but is more accurate and secure.
Continuous proofs has moderate performance
03-11-2014Balancing performance ,accuracy and precision for secure cloud transactions26
CONCLUSION
03-11-2014Balancing performance ,accuracy and precision for secure
cloud transactions27
several consistency problems are identified
,which can arise during cloud-hosted transaction
processing using weak consistency models.
A variety of lightweight proof enforcement and
consistency models are developed that can
enforce increasingly strong protections with
minimal runtime overhead.
CONCLUSION Cont...
03-11-2014Balancing performance ,accuracy and precision for secure
cloud transactions28
The proposed consistency models are
evaluated relative to three core metrics:
performance ,accuracy and precision.
Deferred and punctual proofs had minimal
overheads, but failed to detect several
consistency problems.
CONCLUSION cont...
03-11-2014Balancing performance ,accuracy and precision for secure cloud
transactions29
Incremental and continuous proofs required
higher code complexity to implement correctly.
2PVC protocol , an enhanced version of the
widely used 2PC protocol is used to
implement the approaches and ensure safe
transactions.
FUTURE WORK
03-11-2014Balancing performance ,accuracy and precision for secure cloud
transactions30
The different trade-offs of the proposed
approaches by simulating their execution over a
cloud infrastructure can be investigated.
Given a better understanding of the execution
times of each approach in both short/long
transactions and frequent/infrequent policy
updates,quantitative measures to
better guide the decision process can be
provided.
REFERENCES
03-11-2014Balancing performance ,accuracy and precision for secure cloud
transactions31
M. Armbrust et al., “Above the Clouds: A Berkeley View of Cloud Computing,” technical report, Univ. of California, Feb. 2009.
S. Das, D. Agrawal, and A.E. Abbadi, “Elastras: An ElasticTransactional Data Store in the Cloud,” Proc. Conf. Hot Topics in Cloud Computing (USENIX HotCloud ’09), 2009.
D.J. Abadi, “Data Management in the Cloud: Limitations and Opportunities,” IEEE Data Eng. Bull., vol. 32, no. 1, pp. 3-12,Mar. 2009
03-11-2014Balancing performance ,accuracy and precision for secure
cloud transactions32