RunTest: assuring integrity of dataflow processing in cloud computing infrastructures

Cloud computing has emerged as a multi-tenant resource sharing platform, which allows different service providers to deliver software as services in an economical way. However, for many security sensitive applications such as critical data processing, we must provide necessary security protection for migrating those critical application services into shared open cloud infrastructures. In this paper, we present RunTest, a scalable runtime integrity attestation framework to assure the integrity of dataflow processing in cloud infrastructures. RunTest provides light-weight application-level attestation methods to dynamically verify the integrity of data processing results and pinpoint malicious service providers when inconsistent results are detected. We have implemented RunTest within IBM System S dataflow processing system and tested it on NCSU virtual computing lab. Our experimental results show that our scheme is effective and imposes low performance impact for dataflow processing in the cloud infrastructure.

[1]  Juan A. Garay,et al.  Software integrity protection using timed executable agents , 2006, ASIACCS '06.

[2]  Philip S. Yu,et al.  SPADE: the system s declarative stream processing engine , 2008, SIGMOD Conference.

[3]  Elaine Shi,et al.  BIND: a fine-grained attestation service for secure distributed systems , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[4]  Andreas Haeberlen,et al.  PeerReview: practical accountability for distributed systems , 2007, SOSP.

[5]  Jonathan Kirsch,et al.  Scaling Byzantine Fault-Tolerant Replication toWide Area Networks , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[6]  Michael Stonebraker,et al.  Fault-tolerance in the borealis distributed stream processing system , 2008, ACM Trans. Database Syst..

[7]  Michel Savoie,et al.  Service-Oriented Virtual Private Networks for Grid Applications , 2007, IEEE International Conference on Web Services (ICWS 2007).

[8]  Hector Garcia-Molina,et al.  The Eigentrust algorithm for reputation management in P2P networks , 2003, WWW '03.

[9]  Jonathan Kirsch,et al.  Steward: Scaling Byzantine Fault-Tolerant Systems to Wide Area Networks , 2005 .

[10]  Ina Koch,et al.  Enumerating all connected maximal common subgraphs in two graphs , 2001, Theor. Comput. Sci..

[11]  Frédéric Cazals,et al.  A note on the problem of reporting maximal cliques , 2008, Theor. Comput. Sci..

[12]  Krishan K. Sabnani,et al.  The Comparison Approach to Multiprocessor Fault Diagnosis , 1987, IEEE Transactions on Computers.

[13]  Christos Faloutsos,et al.  Netprobe: a fast and scalable system for fraud detection in online auction networks , 2007, WWW '07.

[14]  Jennifer Widom,et al.  STREAM: The Stanford Stream Data Manager , 2003, IEEE Data Eng. Bull..

[15]  Margo I. Seltzer,et al.  Network-Aware Operator Placement for Stream-Processing Systems , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[16]  I. V. Ramakrishnan,et al.  A Framework for Building Privacy-Conscious Composite Web Services , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[17]  Tracey Ho,et al.  Byzantine modification detection in multicast networks using randomized network coding , 2004, International Symposium onInformation Theory, 2004. ISIT 2004. Proceedings..

[18]  Vincent Roca,et al.  Managing and securing Web services with VPNs , 2004, Proceedings. IEEE International Conference on Web Services, 2004..

[19]  Klara Nahrstedt,et al.  SpiderNet: an integrated peer-to-peer service composition framework , 2004, Proceedings. 13th IEEE International Symposium on High performance Distributed Computing, 2004..

[20]  Ying Xing,et al.  The Design of the Borealis Stream Processing Engine , 2005, CIDR.

[21]  Glenn Cater,et al.  Service Oriented Architecture (SOA) , 2011, Encyclopedia of Information Assurance.

[22]  GERNOT METZE,et al.  On the Connection Assignment Problem of Diagnosable Systems , 1967, IEEE Trans. Electron. Comput..

[23]  Trent Jaeger,et al.  Trusted virtual domains: toward secure distributed services , 2005 .

[24]  Mudhakar Srivatsa,et al.  Securing publish-subscribe overlay services with EventGuard , 2005, CCS '05.

[25]  Randy H. Katz,et al.  The SAHARA Model for Service Composition across Multiple Providers , 2002, Pervasive.

[26]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[27]  Michael Stonebraker,et al.  Fault-tolerance in the Borealis distributed stream processing system , 2005, SIGMOD '05.

[28]  Yukio Shibata,et al.  (t, k)-Diagnosable System: A Generalization of the PMC Models , 2003, IEEE Trans. Computers.

[29]  Yuan Yu,et al.  Dryad: distributed data-parallel programs from sequential building blocks , 2007, EuroSys '07.

[30]  Sanjay Ghemawat,et al.  MapReduce: Simplified Data Processing on Large Clusters , 2004, OSDI.

[31]  Gustavo Alonso,et al.  Web Services: Concepts, Architectures and Applications , 2009 .

[32]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[33]  Stefan Berger,et al.  TVDc: managing security in the trusted virtual datacenter , 2008, OPSR.

[34]  Navendu Jain,et al.  Design, implementation, and evaluation of the linear road bnchmark on the stream processing core , 2006, SIGMOD Conference.

[35]  Barbara Carminati,et al.  Towards standardized Web services privacy technologies , 2004, Proceedings. IEEE International Conference on Web Services, 2004..

[36]  Xinwen Zhang,et al.  Behavioral Attestation for Business Processes , 2009, 2009 IEEE International Conference on Web Services.

[37]  Thomas Erl,et al.  Service-Oriented Architecture: Concepts, Technology, and Design , 2005 .

[38]  Elaine Shi,et al.  Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems , 2005, SOSP '05.

[39]  Klara Nahrstedt,et al.  QoS-assured service composition in managed service overlay networks , 2003, 23rd International Conference on Distributed Computing Systems, 2003. Proceedings..

[40]  C. Bron,et al.  Algorithm 457: finding all cliques of an undirected graph , 1973 .

[41]  Thomas Hess,et al.  Software as a Service , 2008, Wirtschaftsinf..