Towards a scenario where failures on large-scale systems are inevitable, fault tolerant mechanisms must be efficiently applied. Checkpoint is a widely used technique that consists in saving data states for a fast recovery in case of failure. On Apache Spark – framework that uses in-memory data abstraction –, checkpoint serves to store datasets in a reliable source, so it helps on recovery process of complex datasets. However, once checkpoints must be defined by developer via source code, it may be a hard challenge to choose proper checkpoint scenarios. Therefore, this work proposes an automatic mechanism for checkpoint on Spark, which consists in monitoring system behavior and taking automatic checkpoint process according to defined policies.
{"title":"Definition of an Architecture for Dynamic and Automatic Checkpoints on Apache Spark","authors":"Paulo Vinicius Cardoso, P. Barcelos","doi":"10.1109/SRDS.2018.00041","DOIUrl":"https://doi.org/10.1109/SRDS.2018.00041","url":null,"abstract":"Towards a scenario where failures on large-scale systems are inevitable, fault tolerant mechanisms must be efficiently applied. Checkpoint is a widely used technique that consists in saving data states for a fast recovery in case of failure. On Apache Spark – framework that uses in-memory data abstraction –, checkpoint serves to store datasets in a reliable source, so it helps on recovery process of complex datasets. However, once checkpoints must be defined by developer via source code, it may be a hard challenge to choose proper checkpoint scenarios. Therefore, this work proposes an automatic mechanism for checkpoint on Spark, which consists in monitoring system behavior and taking automatic checkpoint process according to defined policies.","PeriodicalId":219374,"journal":{"name":"2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125672098","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper we tackle the practical challenges of searching encrypted multimodal data (i.e., data containing multiple media formats simultaneously), stored in public cloud servers, with reduced information leakage. To this end we propose MuSE, a Multimodal Searchable Encryption scheme that, by combining only standard cryptographic primitives and symmetric-key block ciphers, allows cloud-backed applications to dynamically store, update, and search multimodal datasets with privacy and efficiency guarantees. As searching encrypted data requires a tradeoff between privacy and efficiency, we also propose a variant of MuSE that resorts to partially homomorphic encryption to further reduce information leakage, but at the cost of additional computational overhead. Both schemes are formally proven secure and experimentally evaluated regarding performance and search precision. Experiments with realistic datasets show that our contributions achieve interesting levels of efficiency and privacy, making MuSE particularly suitable for practical application scenarios.
{"title":"MuSE: Multimodal Searchable Encryption for Cloud Applications","authors":"Bernardo Ferreira, J. Leitao, H. Domingos","doi":"10.1109/SRDS.2018.00029","DOIUrl":"https://doi.org/10.1109/SRDS.2018.00029","url":null,"abstract":"In this paper we tackle the practical challenges of searching encrypted multimodal data (i.e., data containing multiple media formats simultaneously), stored in public cloud servers, with reduced information leakage. To this end we propose MuSE, a Multimodal Searchable Encryption scheme that, by combining only standard cryptographic primitives and symmetric-key block ciphers, allows cloud-backed applications to dynamically store, update, and search multimodal datasets with privacy and efficiency guarantees. As searching encrypted data requires a tradeoff between privacy and efficiency, we also propose a variant of MuSE that resorts to partially homomorphic encryption to further reduce information leakage, but at the cost of additional computational overhead. Both schemes are formally proven secure and experimentally evaluated regarding performance and search precision. Experiments with realistic datasets show that our contributions achieve interesting levels of efficiency and privacy, making MuSE particularly suitable for practical application scenarios.","PeriodicalId":219374,"journal":{"name":"2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128521010","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Christian Göttel, Rafael Pires, Isabelly Rocha, Sébastien Vaucher, P. Felber, Marcelo Pasin, V. Schiavoni
The deployment of large-scale distributed systems, e.g., publish-subscribe platforms, that operate over sensitive data using the infrastructure of public cloud providers, is nowadays heavily hindered by the surging lack of trust toward the cloud operators. Although purely software-based solutions exist to protect the confidentiality of data and the processing itself, such as homomorphic encryption schemes, their performance is far from being practical under real-world workloads. The performance trade-offs of two novel hardware-assisted memory protection mechanisms, namely AMD SEV and Intel SGX - currently available on the market to tackle this problem, are ADD described in this practical experience. Specifically, we implement and evaluate a publish/subscribe use-case and evaluate the impact of the memory protection mechanisms and the resulting performance. This paper reports on the experience gained while building this system, in particular when having to cope with the technical limitations imposed by SEV and SGX. Several tradeoffs that provide valuable insights in terms of latency, throughput, processing time and energy requirements are exhibited by means of micro-and macro-benchmarks.
{"title":"Security, Performance and Energy Trade-Offs of Hardware-Assisted Memory Protection Mechanisms","authors":"Christian Göttel, Rafael Pires, Isabelly Rocha, Sébastien Vaucher, P. Felber, Marcelo Pasin, V. Schiavoni","doi":"10.1109/SRDS.2018.00024","DOIUrl":"https://doi.org/10.1109/SRDS.2018.00024","url":null,"abstract":"The deployment of large-scale distributed systems, e.g., publish-subscribe platforms, that operate over sensitive data using the infrastructure of public cloud providers, is nowadays heavily hindered by the surging lack of trust toward the cloud operators. Although purely software-based solutions exist to protect the confidentiality of data and the processing itself, such as homomorphic encryption schemes, their performance is far from being practical under real-world workloads. The performance trade-offs of two novel hardware-assisted memory protection mechanisms, namely AMD SEV and Intel SGX - currently available on the market to tackle this problem, are ADD described in this practical experience. Specifically, we implement and evaluate a publish/subscribe use-case and evaluate the impact of the memory protection mechanisms and the resulting performance. This paper reports on the experience gained while building this system, in particular when having to cope with the technical limitations imposed by SEV and SGX. Several tradeoffs that provide valuable insights in terms of latency, throughput, processing time and energy requirements are exhibited by means of micro-and macro-benchmarks.","PeriodicalId":219374,"journal":{"name":"2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS)","volume":"71 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121350637","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Christoph Lambert, M. Völp, Jérémie Decouchant, P. Veríssimo
Technologies such as Industry 4.0 or assisted/autonomous driving are relying on highly customized cyber-physical realtime systems. Those systems are designed to match functional safety regulations and requirements such as EN ISO 13849, EN IEC 62061 or ISO 26262. However, as systems – especially vehicles – are becoming more connected and autonomous, they become more likely to suffer from new attack vectors. New features may meet the corresponding safety requirements but they do not consider adversaries intruding through security holes with the purpose of bringing vehicles into unsafe states. As research goal, we want to bridge the gap between security and safety in cyber-physical real-time systems by investigating real-time-aware intrusion-tolerant architectures for automotive use-cases.
工业4.0或辅助/自动驾驶等技术依赖于高度定制的网络物理实时系统。这些系统的设计符合功能安全法规和要求,如EN ISO 13849, EN IEC 62061或ISO 26262。然而,随着系统(尤其是车辆)变得越来越互联和自动化,它们更有可能遭受新的攻击媒介。新功能可能会满足相应的安全要求,但它们不会考虑攻击者通过安全漏洞入侵,将车辆带入不安全状态。作为研究目标,我们希望通过研究汽车用例的实时感知入侵容忍架构,弥合网络物理实时系统中安全性与安全性之间的差距。
{"title":"Towards Real-Time-Aware Intrusion Tolerance","authors":"Christoph Lambert, M. Völp, Jérémie Decouchant, P. Veríssimo","doi":"10.1109/SRDS.2018.00040","DOIUrl":"https://doi.org/10.1109/SRDS.2018.00040","url":null,"abstract":"Technologies such as Industry 4.0 or assisted/autonomous driving are relying on highly customized cyber-physical realtime systems. Those systems are designed to match functional safety regulations and requirements such as EN ISO 13849, EN IEC 62061 or ISO 26262. However, as systems – especially vehicles – are becoming more connected and autonomous, they become more likely to suffer from new attack vectors. New features may meet the corresponding safety requirements but they do not consider adversaries intruding through security holes with the purpose of bringing vehicles into unsafe states. As research goal, we want to bridge the gap between security and safety in cyber-physical real-time systems by investigating real-time-aware intrusion-tolerant architectures for automotive use-cases.","PeriodicalId":219374,"journal":{"name":"2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS)","volume":"88 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121898114","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Vikas Jaiman, Sonia Ben Mokhtar, Vivien Quéma, L. Chen, E. Rivière
Avoiding latency variability in distributed storage systems is challenging. Even in well-provisioned systems, factors such as the contention on shared resources or the unbalanced load between servers affect the latencies of requests and in particular the tail (95th and 99th percentile) of their distribution. One effective counter measure for reducing tail latency in key-value stores is to provide efficient replica selection algorithms. However, existing solutions are based on the assumption that all requests have almost the same execution time. This is not true for real workloads. This mismatch leads to increased latencies for requests with short execution time that get scheduled behind requests with large execution times. We propose Héron, a replica selection algorithm that supports workloads with heterogeneous request execution times. We evaluate Héron in a cluster of machines using a synthetic dataset inspired from the Facebook dataset as well as two real datasets from Flickr and WikiMedia. Our results show that Héron outperforms state-of-the-art algorithms by reducing both median and tail latency by up to 41%.
{"title":"Héron: Taming Tail Latencies in Key-Value Stores Under Heterogeneous Workloads","authors":"Vikas Jaiman, Sonia Ben Mokhtar, Vivien Quéma, L. Chen, E. Rivière","doi":"10.1109/SRDS.2018.00030","DOIUrl":"https://doi.org/10.1109/SRDS.2018.00030","url":null,"abstract":"Avoiding latency variability in distributed storage systems is challenging. Even in well-provisioned systems, factors such as the contention on shared resources or the unbalanced load between servers affect the latencies of requests and in particular the tail (95th and 99th percentile) of their distribution. One effective counter measure for reducing tail latency in key-value stores is to provide efficient replica selection algorithms. However, existing solutions are based on the assumption that all requests have almost the same execution time. This is not true for real workloads. This mismatch leads to increased latencies for requests with short execution time that get scheduled behind requests with large execution times. We propose Héron, a replica selection algorithm that supports workloads with heterogeneous request execution times. We evaluate Héron in a cluster of machines using a synthetic dataset inspired from the Facebook dataset as well as two real datasets from Flickr and WikiMedia. Our results show that Héron outperforms state-of-the-art algorithms by reducing both median and tail latency by up to 41%.","PeriodicalId":219374,"journal":{"name":"2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS)","volume":"90 8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123490651","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Manuel Bravo, L. Rodrigues, Ray Neiheiser, Luciana Rech
Modern fault-tolerant distributed architectures can be configured to tolerate a wide-range of faults. For instance, Fireplug is a distributed BFT graph database, based on n-version programming, that can be configured to tolerate crash or Byzantine faults, uncorrelated faults in individual machines, correlated faults that affect all replicas running a given software version, or correlated faults that affect an entire datacenter. Interestingly, in such a system, fault handling heavily depends on the type of faults the system is configured to tolerate. To hardwire all possible behaviours in the fault-handling code is inflexible and may even be impractical. In this paper, we explore a different alternative that consists in specifying not only the system configuration, but also the fault-handling behaviour, and how the system adapts to changes in the workload, in a policy language, that is processed externally to the managed system. We show that, using this approach, a single simplified codebase of the managed system can be used effectively to address a wide range of dependability constraints.
{"title":"Policy-Based Adaptation of a Byzantine Fault Tolerant Distributed Graph Database","authors":"Manuel Bravo, L. Rodrigues, Ray Neiheiser, Luciana Rech","doi":"10.1109/SRDS.2018.00017","DOIUrl":"https://doi.org/10.1109/SRDS.2018.00017","url":null,"abstract":"Modern fault-tolerant distributed architectures can be configured to tolerate a wide-range of faults. For instance, Fireplug is a distributed BFT graph database, based on n-version programming, that can be configured to tolerate crash or Byzantine faults, uncorrelated faults in individual machines, correlated faults that affect all replicas running a given software version, or correlated faults that affect an entire datacenter. Interestingly, in such a system, fault handling heavily depends on the type of faults the system is configured to tolerate. To hardwire all possible behaviours in the fault-handling code is inflexible and may even be impractical. In this paper, we explore a different alternative that consists in specifying not only the system configuration, but also the fault-handling behaviour, and how the system adapts to changes in the workload, in a policy language, that is processed externally to the managed system. We show that, using this approach, a single simplified codebase of the managed system can be used effectively to address a wide range of dependability constraints.","PeriodicalId":219374,"journal":{"name":"2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS)","volume":"140 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132574646","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Cooperative autonomous systems gain increasing popularity nowadays. Most of these systems demand for high fault-resilience, otherwise a single faulty node could render the whole system useless. This essentially calls for a Byzantine fault-tolerant consensus. However, in such algorithms typically only (n-1)/3 faulty nodes can be tolerated in a group of n nodes and the message complexity is high. Even worse, systems with only 3 nodes are too small to even tolerate a single Byzantine node. In this work we present a novel consensus algorithm, RATCHETA. On the one hand it increases the maximum tolerable faulty nodes to (n-1)/2 and lowers the message complexity. This is achieved by assuming a hybrid fault model, which features the use of a small trusted subsystem that hosts a pair of monotonic counters for message authentication to prevent equivocation. Moreover, it can ensure an upper bound of the memory usage and message size, which is not addressed by most other hybrid consensus algorithms. On the other hand RATCHETA is tailored for wireless embedded systems. It uses multicast to reduce the communication overhead, and it does not rely on any packet loss detection or retransmission mechanisms. We implemented RATCHETA with its trusted subsystem built on top of ARM TrustZone. Our experimental results show that RATCHETA can tolerate both Byzantine faults and a certain amount of omission faults. With 20% message omissions, a 10- node group needs less than 1 second on average to reach a consensus. If 4 nodes out of 10 become Byzantine, the consensus latency is only about 1-3.6 seconds even under rough network conditions.
{"title":"RATCHETA: Memory-Bounded Hybrid Byzantine Consensus for Cooperative Embedded Systems","authors":"Wenbo Xu, R. Kapitza","doi":"10.1109/SRDS.2018.00021","DOIUrl":"https://doi.org/10.1109/SRDS.2018.00021","url":null,"abstract":"Cooperative autonomous systems gain increasing popularity nowadays. Most of these systems demand for high fault-resilience, otherwise a single faulty node could render the whole system useless. This essentially calls for a Byzantine fault-tolerant consensus. However, in such algorithms typically only (n-1)/3 faulty nodes can be tolerated in a group of n nodes and the message complexity is high. Even worse, systems with only 3 nodes are too small to even tolerate a single Byzantine node. In this work we present a novel consensus algorithm, RATCHETA. On the one hand it increases the maximum tolerable faulty nodes to (n-1)/2 and lowers the message complexity. This is achieved by assuming a hybrid fault model, which features the use of a small trusted subsystem that hosts a pair of monotonic counters for message authentication to prevent equivocation. Moreover, it can ensure an upper bound of the memory usage and message size, which is not addressed by most other hybrid consensus algorithms. On the other hand RATCHETA is tailored for wireless embedded systems. It uses multicast to reduce the communication overhead, and it does not rely on any packet loss detection or retransmission mechanisms. We implemented RATCHETA with its trusted subsystem built on top of ARM TrustZone. Our experimental results show that RATCHETA can tolerate both Byzantine faults and a certain amount of omission faults. With 20% message omissions, a 10- node group needs less than 1 second on average to reach a consensus. If 4 nodes out of 10 become Byzantine, the consensus latency is only about 1-3.6 seconds even under rough network conditions.","PeriodicalId":219374,"journal":{"name":"2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS)","volume":"144 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131025472","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Sergei Arnautov, Andrey Brito, P. Felber, C. Fetzer, Franz Gregor, R. Krahn, W. Ożga, André Martin, V. Schiavoni, Fábio Silva, Marcus Tenorio, Nikolaus Thummel
This paper presents PUBSUB-SGX, a content-based publish-subscribe system that exploits trusted execution environments (TEEs), such as Intel SGX, to guarantee confidentiality and integrity of data as well as anonymity and privacy of publishers and subscribers. We describe the technical details of our Python implementation, as well as the required system support introduced to deploy our system in a container-based runtime. Our evaluation results show that our approach is sound, while at the same time highlighting the performance and scalability trade-offs. In particular, by supporting just-in-time compilation inside of TEEs, Python programs inside of TEEs are in general faster than when executed natively using standard CPython.
{"title":"PubSub-SGX: Exploiting Trusted Execution Environments for Privacy-Preserving Publish/Subscribe Systems","authors":"Sergei Arnautov, Andrey Brito, P. Felber, C. Fetzer, Franz Gregor, R. Krahn, W. Ożga, André Martin, V. Schiavoni, Fábio Silva, Marcus Tenorio, Nikolaus Thummel","doi":"10.1109/SRDS.2018.00023","DOIUrl":"https://doi.org/10.1109/SRDS.2018.00023","url":null,"abstract":"This paper presents PUBSUB-SGX, a content-based publish-subscribe system that exploits trusted execution environments (TEEs), such as Intel SGX, to guarantee confidentiality and integrity of data as well as anonymity and privacy of publishers and subscribers. We describe the technical details of our Python implementation, as well as the required system support introduced to deploy our system in a container-based runtime. Our evaluation results show that our approach is sound, while at the same time highlighting the performance and scalability trade-offs. In particular, by supporting just-in-time compilation inside of TEEs, Python programs inside of TEEs are in general faster than when executed natively using standard CPython.","PeriodicalId":219374,"journal":{"name":"2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS)","volume":"92 6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116299012","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: