Memory Cache Attacks on Alluxio Impede High Performance Computing

Alluxio is a popular distributed memory storage system, which becomes increasingly important in big data ecosystem by providing high performance storage for computing framework. We point out that there are security vulnerabilities in cache mechanism, data short-circuit read/write mechanism and consistency check mechanism of Alluxio, which may result in the failure of data availability and integrity. Firstly, we find that the lack of limitation of cached copies in the cache mechanism causes the malicious memory consumption attack. An adversary can craft a malicious job to consume the scarce memory storage at a low cost, which will significantly influence the performance of normal users with a degradation of 20%-59%. Secondly, we are aware that the lack of access control and integrity check on the data block will lead to target file tamper attack, in which a target file cached in memory will be modified and considered correctly as long as the size remains unchanged. The tampered file will be read and thus causes a wrong result. Finally, we discuss some corresponding countermeasures for defending these two kinds of memory cache attacks.

[1]  Teng Wang,et al.  SEINA: A stealthy and effective internal attack in Hadoop systems , 2017, 2017 International Conference on Computing, Networking and Communications (ICNC).

[2]  Andre Oriani,et al.  From Backup to Hot Standby: High Availability for HDFS , 2012, 2012 IEEE 31st Symposium on Reliable Distributed Systems.

[3]  Blaine Nelson,et al.  Poisoning Attacks against Support Vector Machines , 2012, ICML.

[4]  Sachin Katti,et al.  Cliffhanger: Scaling Performance Cliffs in Web Memory Caches , 2016, NSDI.

[5]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[6]  Yingwei Luo,et al.  Optimizing Locality-Aware Memory Management of Key-Value Caches , 2017, IEEE Transactions on Computers.

[7]  Jie Tang,et al.  Distributed Simulation Platform for Autonomous Driving , 2017, IOV.

[8]  Wen-Guey Tzeng,et al.  An Effective Integrity Check Scheme for Secure Erasure Code-Based Storage Systems , 2015, IEEE Transactions on Reliability.

[9]  Yi Mu,et al.  Efficient Public Verification of Data Integrity for Cloud Storage Systems from Indistinguishability Obfuscation , 2017, IEEE Transactions on Information Forensics and Security.

[10]  Rui Zhao,et al.  SafeSky: A Secure Cloud Storage Middleware for End-User Applications , 2015, 2015 IEEE 34th Symposium on Reliable Distributed Systems (SRDS).

[11]  Wei Hu,et al.  SFDC: File Access Pattern Aware Cache Framework for High-performance Computer , 2015, 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems.

[12]  Reza Curtmola,et al.  MR-PDP: Multiple-Replica Provable Data Possession , 2008, 2008 The 28th International Conference on Distributed Computing Systems.

[13]  Rong Gu,et al.  Accelerating Big Data Applications on Tiered Storage System with Various Eviction Policies , 2016, 2016 IEEE Trustcom/BigDataSE/ISPA.

[14]  Jie Yu,et al.  Using Locality-Enhanced Distributed Memory Cache to Accelerate Applications on High Performance Computers , 2017, 2017 IEEE 3rd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing, (HPSC) and IEEE International Conference on Intelligent Data and Security (IDS).

[15]  Santosh Aditham,et al.  A System Architecture for the Detection of Insider Attacks in Big Data Systems , 2018, IEEE Transactions on Dependable and Secure Computing.

[16]  Ali Ghodsi,et al.  FairRide: Near-Optimal, Fair Cache Sharing , 2016, NSDI.

[17]  Dongsheng Wang,et al.  NCluster: Using Multiple Active Name Nodes to Achieve High Availability for HDFS , 2013, 2013 IEEE 10th International Conference on High Performance Computing and Communications & 2013 IEEE International Conference on Embedded and Ubiquitous Computing.

[18]  Haiying Shen,et al.  A Low-Cost Multi-failure Resilient Replication Scheme for High Data Availability in Cloud Storage , 2016, 2016 IEEE 23rd International Conference on High Performance Computing (HiPC).

[19]  Scott Shenker,et al.  Tachyon: Reliable, Memory Speed Storage for Cluster Computing Frameworks , 2014, SoCC.