SOMR: Towards a Security-Oriented MapReduce Infrastructure

MapReduce system over a cloud computing infrastructure has made an extensive use in the field of finance, medical health, scientific research, traffic, energy and so on which attracts more and more attention on the security of the platform. Due to the sensitivity of the data in these fields, the user suffers great threat on their privacy and security. And the wrong results produced by the MapReduce platform may mislead the user to a big disaster. Current solutions mainly focus on the procedure of encryption before transmission and storage and decryption when processing. However, these solutions cannot prevent the user data stolen by the data processing program and the wrong result produced by the platform. In this paper, we propose a Security-Oriented MapReduce (SOMR) infrastructure that integrates the big-data processing framework, key management system and trusted computing infrastructure to ensure the security of every operation. While big data processing framework controls the life cycle of the cloud computing platform, key management system provides the trust assurance of encryption and trusted computing infrastructure makes measurable verification on the platform, SOMR presents a persistent security guarantee on the user data and processing results. We implemented SOMR on the infrastructure of OpenStack with Sahara, Barbican and OAT. The evaluations on our prototype showed that the platform can resist many typical attacker behaviors, and the overheads can be reduced to a very low level.