Pick your choice in HBase: Security or performance

When analyzing sensitive data in a cloud-deployed Hadoop stack, data-in-transit security needs to be enabled, especially in the underlying storage tier. This, however, will affect the performance of the system and may partially offset the cost benefits of the cloud. In this paper, we discuss two strategies for securing HBase deployments in the cloud. For both, we present benchmarking results which show performance impacts that significantly exceed the suggested 10% from the official documentation. These results demonstrate (i) that security configurations should follow a rational decision process based on benchmarking results and (ii) that the security architecture of HBase/HDFS should be redesigned with an emphasis on performance.

[1]  David Bermbach,et al.  AISLE: Assessment of Provisioned Service Levels in Public IaaS-Based Database Systems , 2015, ICSOC.

[2]  Sherif Sakr,et al.  Towards Comprehensive Measurement of Consistency Guarantees for Cloud-Hosted Data Storage Services , 2013, TPCTC.

[3]  Adam Silberstein,et al.  Benchmarking cloud serving systems with YCSB , 2010, SoCC '10.

[4]  David Bermbach,et al.  Benchmarking Eventual Consistency: Lessons Learned from Long-Term Experimental Studies , 2014, 2014 IEEE International Conference on Cloud Engineering.

[5]  Carsten Binnig,et al.  How is the weather tomorrow?: towards a benchmark for the cloud , 2009, DBTest '09.

[6]  Lars George,et al.  HBase: The Definitive Guide , 2011 .

[7]  Dennis Gannon,et al.  Performance comparison of security mechanisms for grid services , 2004, Fifth IEEE/ACM International Workshop on Grid Computing.

[8]  Tim Waage,et al.  Benchmarking Encrypted Data Storage in HBase and Cassandra with YCSB , 2014, FPS.

[9]  Tilmann Rabl,et al.  Solving Big Data Challenges for Enterprise Application Performance Management , 2012, Proc. VLDB Endow..

[10]  Jörn Kuhlenkamp,et al.  Benchmarking Scalability and Elasticity of Distributed Database Systems , 2014, Proc. VLDB Endow..

[11]  Laxmi N. Bhuyan,et al.  Anatomy and Performance of SSL Processing , 2005, IEEE International Symposium on Performance Analysis of Systems and Software, 2005. ISPASS 2005..

[12]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[13]  Bu-Sung Lee,et al.  WPress: An Application-Driven Performance Benchmark for Cloud-Based Virtual Machines , 2014, 2014 IEEE 18th International Enterprise Distributed Object Computing Conference.

[14]  Radu Sion,et al.  Costs and Security in Clouds , 2014, Secure Cloud Computing.

[15]  Kostas Magoutis,et al.  Rethinking HBase: Design and Implementation of an Elastic Key-Value Store over Log-Structured Local Volumes , 2015, 2015 14th International Symposium on Parallel and Distributed Computing.

[16]  David Bermbach,et al.  Eventual consistency: How soon is eventual? An evaluation of Amazon S3's consistency behavior , 2011, MW4SOC '11.

[17]  David Bermbach,et al.  A Runtime Quality Measurement Framework for Cloud Database Service Systems , 2012, 2012 Eighth International Conference on the Quality of Information and Communications Technology.

[18]  Priya P. Sharma Securing Big Data Hadoop : A Review of Security Issues , Threats and Solution , 2014 .

[19]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[20]  Debanjan Saha,et al.  Transport layer security: how much does it really cost? , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[21]  Vinod Vaikuntanathan,et al.  Can homomorphic encryption be practical? , 2011, CCSW '11.

[22]  Nick Dimiduk,et al.  HBase in Action , 2012 .

[23]  David Bermbach,et al.  Benchmarking the Performance Impact of Transport Layer Security in Cloud Database Systems , 2014, 2014 IEEE International Conference on Cloud Engineering.