research-article

Concerto: A High Concurrency Key-Value Store with Integrity

Authors:

Raghav Kaushik,

Donald Kossmann,

Ravi RamamurthyAuthors Info & Claims

SIGMOD '17: Proceedings of the 2017 ACM International Conference on Management of Data

Pages 251 - 266

https://doi.org/10.1145/3035918.3064030

Published: 09 May 2017 Publication History

Abstract

Verifying the integrity of outsourced data is a classic, well-studied problem. However current techniques have fundamental performance and concurrency limitations for update-heavy workloads. In this paper, we investigate the potential advantages of deferred and batched verification rather than the per-operation verification used in prior work. We present Concerto, a comprehensive key-value store designed around this idea. Using Concerto, we argue that deferred verification preserves the utility of online verification and improves concurrency resulting in orders-of-magnitude performance improvement. On standard benchmarks, the performance of Concerto is within a factor of two when compared to state-of-the-art key-value stores without integrity.

References

[1]

A. Arasu, K. Eguro, R. Kaushik, et al. Concerto: A high concurrency key-value store with integrity (full version). Technical report, Microsoft Research, 2017.

[2]

S. Bajaj and R. Sion. CorrectDB: SQL engine with practical query authentication. PVLDB, 6(7):529--540, 2013.

Digital Library

[3]

S. Bajaj and R. Sion. Trusteddb: A trusted hardware-based database with privacy and data confidentiality. IEEE Trans. Knowl. Data Eng., 26(3):752--765, 2014.

Digital Library

[4]

A. Baumann, M. Peinado, and G. C. Hunt. Shielding applications from an untrusted cloud with Haven. In OSDI, pages 267--283, 2014.

Digital Library

[5]

M. Blum, W. S. Evans, et al. Checking the correctness of memories. Algorithmica, 12(2/3):225--244, 1994.

Digital Library

[6]

C. Brzuska, H. Busch, Ö. Dagdelen, et al. Redactable signatures for tree-structured data: Definitions and constructions. In ACNS, pages 87--104, 2010.

Digital Library

[7]

B. F. Cooper, A. Silberstein, et al. Benchmarking cloud serving systems with YCSB. In SoCC, pages 143--154, 2010.

Digital Library

[8]

P. T. Devanbu, M. Gertz, C. U. Martel, and S. G. Stubblebine. Authentic data publication over the internet. Journal of Computer Security, 11(3):291--314, 2003.

Digital Library

[9]

C. Dwork, M. Naor, G. N. Rothblum, et al. How efficient can memory checking be? In TCC, pages 503--520, 2009.

Digital Library

[10]

K. Eguro and R. Venkatesan. FPGAs for trusted cloud computing. In FPL, pages 63--70, 2012.

[11]

E. Goh, H. Shacham, N. Modadugu, and D. Boneh. Sirius: Securing remote untrusted storage. In NDSS, 2003.

[12]

M. T. Goodrich, C. Papamanthou, R. Tamassia, and N. Triandopoulos. Athos: Efficient authentication of outsourced file systems. In ISC, pages 80--96, 2008.

Digital Library

[13]

R. Jain and S. Prabhakar. Trustworthy data from untrusted databases. In ICDE, pages 529--540, 2013.

Digital Library

[14]

J. Jannink. Implementing deletion in B+-trees. SIGMOD Record, 24(1):33--38, 1995.

Digital Library

[15]

N. Karapanos, A. Filios, R. A. Popa, and S. Capkun. Verena: End-to-end integrity protection for web applications. In IEEE Security and Privacy (SP), pages 895--913, 2016.

[16]

J. Katz and Y. Lindell. Introduction to Modern Cryptography. Chapman and Hall/CRC Press, 2007.

Digital Library

[17]

A. Kundu, M. J. Atallah, and E. Bertino. Leakage-free redactable signatures. In CODASPY, pages 307--316, 2012.

Digital Library

[18]

A. Kundu and E. Bertino. Structural signatures for tree data structures. PVLDB, 1(1):138--150, 2008.

Digital Library

[19]

L. Lamport. Time, clocks, and the ordering of events in a distributed system. Commun. ACM, 21(7):558--565, 1978.

Digital Library

[20]

L. Lamport. How to make a multiprocessor computer that correctly executes multiprocess programs. IEEE Trans. Computers, 28(9):690--691, 1979.

Digital Library

[21]

J. J. Levandoski, D. B. Lomet, and S. Sengupta. The Bw-Tree: A B+-tree for new hardware platforms. In ICDE, pages 302--313, 2013.

Digital Library

[22]

J. Li, M. N. Krohn, D. Mazières, et al. Secure untrusted data repository (SUNDR). In OSDI, pages 121--136, 2004.

Digital Library

[23]

F. McKeen, I. Alexandrovich, A. Berenzon, et al. Innovative instructions and software model for isolated execution. In HASP, 2013.

Digital Library

[24]

R. C. Merkle. A digital signature based on a conventional encryption function. In CRYPTO, pages 369--378, 1987.

Digital Library

[25]

S. Micali. Efficient certificate revocation. Technical report, MIT Laboratory for Computer Science, 1996.

Digital Library

[26]

E. Mykletun, M. Narasimha, and G. Tsudik. Authentication and integrity in outsourced databases. In Proceedings of the Network and Distributed System Security Symposium (NDSS), 2004.

[27]

E. Mykletun, M. Narasimha, and G. Tsudik. Authentication and integrity in outsourced databases. TOS, 2(2):107--138, 2006.

Digital Library

[28]

M. Narasimha and G. Tsudik. Authentication of outsourced databases using signature aggregation and chaining. In DASFAA, pages 420--436, 2006.

Digital Library

[29]

H. Pang, A. Jain, K. Ramamritham, and K. Tan. Verifying completeness of relational query results in data publishing. In SIGMOD, pages 407--418, 2005.

Digital Library

[30]

H. Pang and K. Tan. Authenticating query results in edge computing. In ICDE, pages 560--571, 2004.

Digital Library

[31]

H. Pang, J. Zhang, and K. Mouratidis. Scalable verification for outsourced dynamic databases. PVLDB, 2(1):802--813, 2009.

Digital Library

[32]

C. Papamanthou, R. Tamassia, and N. Triandopoulos. Optimal verification of operations on dynamic sets. In CRYPTO, pages 91--110, 2011.

Digital Library

[33]

B. Parno, J. R. Lorch, J. R. Douceur, et al. Memoir: Practical state continuity for protected modules. In IEEE Security and Privacy (SP), pages 379--394, 2011.

Digital Library

[34]

F. Schuster, M. Costa, C. Fournet, et al. VC3: trustworthy data analytics in the cloud using SGX. In IEEE Security and Privacy (SP), pages 38--54, 2015.

Digital Library

[35]

S. Singh and S. Prabhakar. Ensuring correctness over untrusted private database. In EDBT, pages 476--486, 2008.

Digital Library

[36]

J. Song, R. Poovendran, J. Lee, et al. The advanced encryption standard-cipher-based message authentication code-pseudo-random-function-128 (aes-cmac-prf-128) for the internet key exchange protocol (ike), 2006. RFC 4615.

Digital Library

[37]

S. Tu, W. Zheng, E. Kohler, et al. Speedy transactions in multicore in-memory databases. In SOSP, pages 18--32, 2013.

Digital Library

[38]

H. Yang, V. Costan, N. Zeldovich, et al. Authenticated storage using small trusted hardware. In CCSW, pages 35--46, 2013.

Digital Library

[39]

Y. Zhang, J. Katz, and C. Papamanthou. IntegriDB: Verifiable SQL for outsourced databases. In CCS, pages 1480--1491, 2015.

Digital Library

[40]

F. Li, M. Hadjieleftheriou, G. Kollios, and L. Reyzin. Dynamic authenticated index structures for outsourced databases. In SIGMOD, pages 121--132, 2006.

Digital Library

Cited By

SUN YYANG FCHEN XDU XLIN W(2024)Research progress of verifiable technologies for outsourcing servicesSCIENTIA SINICA Informationis10.1360/SSI-2022-036054:3(514)Online publication date: 6-Mar-2024
https://doi.org/10.1360/SSI-2022-0360
Sha MCai YWang SPhan LLi FTan K(2024)Object-oriented Unified Encrypted Memory Management for Heterogeneous Memory ArchitecturesProceedings of the ACM on Management of Data10.1145/36549582:3(1-29)Online publication date: 30-May-2024
https://dl.acm.org/doi/10.1145/3654958
Niu XTian X(2024)Efficient Verifiable Range Query For The Light Client in DBaaSProceedings of the 2024 10th International Conference on Computing and Data Engineering10.1145/3641181.3641195(1-7)Online publication date: 15-Jan-2024
https://dl.acm.org/doi/10.1145/3641181.3641195
Show More Cited By

Index Terms

Concerto: A High Concurrency Key-Value Store with Integrity
1. Information systems
  1. Data management systems
    1. Database management system engines
      1. Database transaction processing
      2. Parallel and distributed DBMSs
        Key-value stores
2. Security and privacy

Recommendations

PebblesDB: Building Key-Value Stores using Fragmented Log-Structured Merge Trees
SOSP '17: Proceedings of the 26th Symposium on Operating Systems Principles

Key-value stores such as LevelDB and RocksDB offer excellent write throughput, but suffer high write amplification. The write amplification problem is due to the Log-Structured Merge Trees data structure that underlies these key-value stores. To remedy ...
Cooperative Concurrency Control for Write-Intensive Key-Value Workloads
ASPLOS 2023: Proceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 1

Key-Value Stores (KVS) are foundational infrastructure components for online services. Due to their latency-critical nature, today’s best-performing KVS contain a plethora of full-stack optimizations commonly targeting read-mostly, popularity-skewed ...
Sequential verification of serializability
POPL '10

Serializability is a commonly used correctness condition in concurrent programming. When a concurrent module is serializable, certain other properties of the module can be verified by considering only its sequential executions. In many cases, concurrent ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SIGMOD '17: Proceedings of the 2017 ACM International Conference on Management of Data

May 2017

1810 pages

ISBN:9781450341974

DOI:10.1145/3035918

General Chairs:
Rada Chirkova
North Carolina State University, USA
,
Jun Yang
Duke University, USA
,
Program Chair:
Dan Suciu
University of Washington, USA

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGMOD: ACM Special Interest Group on Management of Data

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 May 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SIGMOD/PODS'17

Sponsor:

SIGMOD

SIGMOD/PODS'17: International Conference on Management of Data

May 14 - 19, 2017

Illinois, Chicago, USA

Acceptance Rates

Overall Acceptance Rate 785 of 4,003 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

35
Total Citations
View Citations
1,624
Total Downloads

Downloads (Last 12 months)59
Downloads (Last 6 weeks)4

Reflects downloads up to 22 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

SUN YYANG FCHEN XDU XLIN W(2024)Research progress of verifiable technologies for outsourcing servicesSCIENTIA SINICA Informationis10.1360/SSI-2022-036054:3(514)Online publication date: 6-Mar-2024
https://doi.org/10.1360/SSI-2022-0360
Sha MCai YWang SPhan LLi FTan K(2024)Object-oriented Unified Encrypted Memory Management for Heterogeneous Memory ArchitecturesProceedings of the ACM on Management of Data10.1145/36549582:3(1-29)Online publication date: 30-May-2024
https://dl.acm.org/doi/10.1145/3654958
Niu XTian X(2024)Efficient Verifiable Range Query For The Light Client in DBaaSProceedings of the 2024 10th International Conference on Computing and Data Engineering10.1145/3641181.3641195(1-7)Online publication date: 15-Jan-2024
https://dl.acm.org/doi/10.1145/3641181.3641195
Li SZhang ZXiao JZhang MYuan YWang G(2024)Authenticated Keyword Search on Large-Scale Graphs in Hybrid-Storage Blockchains2024 IEEE 40th International Conference on Data Engineering (ICDE)10.1109/ICDE60146.2024.00155(1958-1971)Online publication date: 13-May-2024
https://doi.org/10.1109/ICDE60146.2024.00155
Li F(2023)Modernization of Databases in the Cloud Era: Building Databases that Run Like LegosProceedings of the VLDB Endowment10.14778/3611540.361163916:12(4140-4151)Online publication date: 1-Aug-2023
https://dl.acm.org/doi/10.14778/3611540.3611639
You JLee KMoon HCho YPaek Y(2023)KVSEVProceedings of the 2023 ACM Symposium on Cloud Computing10.1145/3620678.3624658(233-248)Online publication date: 30-Oct-2023
https://dl.acm.org/doi/10.1145/3620678.3624658
El-Hindi MZiegler TBinnig C(2023)Towards Merkle Trees for High-Performance Data SystemsProceedings of the 1st Workshop on Verifiable Database Systems10.1145/3595647.3595651(28-33)Online publication date: 23-Jun-2023
https://dl.acm.org/doi/10.1145/3595647.3595651
De Capitani di Vimercati SForesti SJajodia SParaboschi SSamarati PSassi R(2023)Sentinels and Twins: Effective Integrity Assessment for Distributed ComputationIEEE Transactions on Parallel and Distributed Systems10.1109/TPDS.2022.321586334:1(108-122)Online publication date: 1-Jan-2023
https://doi.org/10.1109/TPDS.2022.3215863
Mathialagan S(2023)Memory Checking for Parallel RAMsTheory of Cryptography10.1007/978-3-031-48618-0_15(436-464)Online publication date: 27-Nov-2023
https://doi.org/10.1007/978-3-031-48618-0_15
Mathialagan SVafa N(2023)MacORAMa: Optimal Oblivious RAM with IntegrityAdvances in Cryptology – CRYPTO 202310.1007/978-3-031-38551-3_4(95-127)Online publication date: 9-Aug-2023
https://doi.org/10.1007/978-3-031-38551-3_4
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents