research-article

RunTest: assuring integrity of dataflow processing in cloud computing infrastructures

Authors:

Ting YuAuthors Info & Claims

ASIACCS '10: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security

Pages 293 - 304

https://doi.org/10.1145/1755688.1755724

Published: 13 April 2010 Publication History

Abstract

Cloud computing has emerged as a multi-tenant resource sharing platform, which allows different service providers to deliver software as services in an economical way. However, for many security sensitive applications such as critical data processing, we must provide necessary security protection for migrating those critical application services into shared open cloud infrastructures. In this paper, we present RunTest, a scalable runtime integrity attestation framework to assure the integrity of dataflow processing in cloud infrastructures. RunTest provides light-weight application-level attestation methods to dynamically verify the integrity of data processing results and pinpoint malicious service providers when inconsistent results are detected. We have implemented RunTest within IBM System S dataflow processing system and tested it on NCSU virtual computing lab. Our experimental results show that our scheme is effective and imposes low performance impact for dataflow processing in the cloud infrastructure.

References

[1]

Amazon Elastic Compute Cloud. http://aws.amazon.com/ec2/.

[2]

Apache Hadoop System. http://hadoop.apache.org/core/.

[3]

Microsoft Azure Services Platform. http://www.microsoft.com/azure/default.mspx.

[4]

Software as a Service. http://en.wikipedia.org/wiki/Software_as_a_Service.

[5]

Virtual Computing Lab. http://vcl.ncsu.edu/.

[6]

D. J. Abadi and et al. The Design of the Borealis Stream Processing Engine. Proc. of CIDR, 2005.

[7]

M. Alam, M. Nauman, X. Zhang, T. Ali, and P. C. K. Hung. Behavioral attestation for business processes. In IEEE International Conference on Web Services, 2009.

Digital Library

[8]

L. Alchaal, V. Roca, and M. Habert. Managing and securing web services with vpns. In IEEE International Conference on Web Services, pages 236--243, San Diego, CA, June 2004.

Digital Library

[9]

G. Alonso amd F. Casati, H. Kuno, and V. Machiraju. Web Services Concepts, Architectures and Applications Series: Data-Centric Systems and Applications. Addison-Wesley Professional, 2002.

Digital Library

[10]

Y. Amir, C. Danilov, D. Dolev, J. Kirsch, J. Lane, C. Nita-Rotaru, J. Olsen, and D. Zage. Steward: Scaling byzantine fault-tolerant systems to wide area networks. In In The International Conference on Dependable Systems and Networks (DSN), 2006.

Digital Library

[11]

T. Araki and Y. Shibata. (t, k)-diagnosable system: A generalization of the pmc models. IEEE Trans. on Computers, 52(7), 2003.

Digital Library

[12]

M. Balazinska, H. Balakrishnan, S. Madden, and M. Stonebraker. Fault-Tolerance in the Borealis Distributed Stream Processing System. In ACM SIGMOD International Conference on Management of Data (SIGMOD 2005), 2005.

Digital Library

[13]

S. Berger, R. Caceres, D. Pendarakis, R. Sailer, E. Valdez, R. Perez, W. Schildhauer, and D. Srinivasan. Tvdc: Managing security n the trusted virtual datacenter. ACM SIGOPS Operating Systems Review, 42(1):40--47, 2008.

Digital Library

[14]

C. Bron and J. Kerbosch. Algorithm 457: finding all cliques of an undirected graph. Communications of the ACM, 16(9):575--577, 1973.

Digital Library

[15]

F. Cazals and C. Karande. A note on the problem of reporting maximal cliques. Theoretical Computer Science, 407(1--3), 2008.

Digital Library

[16]

A. Dahbura, K. Sabnani, and L. King. The comparison approach to multiprocessor fault diagnosis. IEEE Trans. on Computers, C-36(3):373--378, 1987.

Digital Library

[17]

J. Dean and S. Ghemawat. MapReduce: Simplified Data Processing on Large Clusters. Proc. of USENIX Symposium on Operating System Design and Implementation, 2004.

Digital Library

[18]

T. Erl. Service-Oriented Architecture (SOA): Concepts, Technology, and Design. Prentice Hall, 2005.

Digital Library

[19]

J. Garay and L. Huelsbergen. Software integrity protection using timed executable agents. In Proceedings of ACM Symposium on Information, Computer and Communications Security (ASIACCS), Taiwan, March 2006.

Digital Library

[20]

T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. Terra: A virtual machine-based platform for trusted computing. In Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP), October 2003.

Digital Library

[21]

B. Gedik, H. Andrade, K.-L. Wu, P. S. Yu, and M. Doo. SPADE: the systems declarative stream processing engine. Proc. of SIGMOD, April 2008.

Digital Library

[22]

J. L. Griffin, T. Jaeger, R. Perez, and R. Sailer. Trusted virtual domains: Toward secure distributed services. In Proceedings of First Workshop on Hot Topics in System Dependability, June 2005.

Digital Library

[23]

The STREAM Group. STREAM: The Stanford Stream Data Manager. IEEE Data Engineering Bulletin, 26(1):19--26, March 2003.

[24]

X. Gu, K. Nahrstedt, R. N. Chang, and C. Ward. QoS-Assured Service Composition in Managed Service Overlay Networks. Proc. of IEEE 23nd International Conference on Distributed Computing Systems (ICDCS 2003), 2003.

Digital Library

[25]

X. Gu, K. Nahrstedt, and B. Yu. SpiderNet: An Integrated Peer-to-Peer Service Composition Framework. Proc. of IEEE International Symposium on High-Performance Distributed Computing (HPDC-13), Honolulu, Hawaii, June 2004.

Digital Library

[26]

A. Haeberlen, P. Kuznetsov, and P. Druschel. Peerreview: Practical accountability for distributed systems. In ACM Symposium on Operating Systems Principles, 2007.

Digital Library

[27]

P. C. K. Hung, E. Ferrari, and B. Carminati. Towards standardized web services privacy technologies. In IEEE International Conference on Web Services, pages 174--183, San Diego, CA, June 2004.

Digital Library

[28]

M. Isard, M. Budiu, Y. Yu, A. Birrell, and D. Fetterly. Dryad: Distributed data-parallel programs from sequential building blocks. Proc. of European Conference on Computer Systems (EuroSys), Lisbon, Portugal, 2007.

Digital Library

[29]

N. Jain and et al. Design, Implementation, and Evaluation of the Linear Road Benchmark on the Stream Processing Core. Proc. of SIGMOD, 2006.

Digital Library

[30]

S. D. Kamvar, M. T. Schlosser, and H. Garcia-Molina. The EigenTrust Algorithm for Reputation Management in P2P Networks. In Proceedings of the 12th International World Wide Web Conference, 2003.

Digital Library

[31]

I. Koch. Fundamental study: Enumerating all connected maximal common subgraphs in two graphs. Theoretical Computer Science, 250(1--2):1--30, 2001.

Digital Library

[32]

L. Lamport, R. Shostak, and M. Pease. The byzantine generals problem. ACM Transactions on Programming Languages and Systems, 4(3), 1982.

Digital Library

[33]

S. Pandit, D. H. Chau, S. Wang, and C. Faloutsos. NetProbe: A Fast and Scalable System for Fraud Detection in Online Auction Networks. In Proceedings of the 16th international conference on World Wide Web (WWW), 2007.

Digital Library

[34]

P. Pietzuch, J. Ledlie, J. Shneidman, M. Roussopoulos, M. Welsh, and M. Seltzer. Network-Aware Operator Placement for Stream-Processing Systems. Proc. of ICDE'06, April 2006.

Digital Library

[35]

F. P. Preparata, G. Metze, and R. T. Chien. On the connection assignment problem of diagosable systems. IEEE Trans. on Electronic Computers, 16(6):848--854, 1967.

[36]

B. Raman and et. al. The SAHARA Model for Service Composition Across Multiple Providers. International Conference on Pervasive Computing (Pervasive 2002), August 2002.

Digital Library

[37]

A. Seshadri, M. Luk, E. Shi, A. Perrig, L. van Doorn, and P. Khosla. Pioneer: Verifying code integrity and enforcing untampered code execution on legacy systems. In Proceedings of the 20th ACM Symposium on Operating Systems Principles (SOSP), October 2005.

Digital Library

[38]

E. Shi, A. Perrig, and L. V. Doorn. Bind: A fine-grained attestation service for secure distributed systems. In Proceedings of the IEEE Symposium on Security and Privacy, 2005.

Digital Library

[39]

E. Shi, A. Perrig, and L. van Doorn. Bind: A time-of-use attestaion service for secure distributed systems. In Proceedings of the IEEE Symposium on Security and benign, Oakland, CA, May 2005.

Digital Library

[40]

M. Srivatsa and L. Liu. Securing publish-subscribe overlay services with eventguard. Proc. of ACM Computer and Communication Security (CCS), 2005.

Digital Library

[41]

R. Koetter T. Ho, B. Leong and et. al. Byzantine modification detection in multicast networks using randomized network coding. In In IEEE International Symposium on Information Theory (ISIT), 2004.

[42]

TPM Specifications Version 1.2. https://www.trustedcomputinggroup.org/downloads/specifications/tpm/tpm.

[43]

Trusted computing group. https://www.trustedcomputinggroup.org/home.

[44]

W. Xu, V. N. Venkatakrishnan, R. Sekar, and I. V. Ramakrishnan. A framework for building privacy-conscious composite web services. In IEEE International Conference on Web Services, pages 655--662, Chicago, IL, September 2006.

Digital Library

[45]

H. Zhang, M. Savoie, S. Campbell, S. Figuerola, G. von Bochmann, and B. S. Arnaud. Service-oriented virtual private networks for grid applications. In IEEE International Conference on Web Services, pages 944--951, Salt Lake City, UT, July 2007.

Cited By

Kucab MBoryło PChołda P(2023)Hardware-Assisted Static and Runtime Attestation for Cloud DeploymentsIEEE Transactions on Cloud Computing10.1109/TCC.2023.332729011:4(3750-3765)Online publication date: Oct-2023
https://doi.org/10.1109/TCC.2023.3327290
Lee LBrink W(2019)Trust in Cloud-Based Services: A Framework for Consumer Adoption of Software as a ServiceJournal of Information Systems10.2308/isys-5262634:2(65-85)Online publication date: 18-Oct-2019
https://doi.org/10.2308/isys-52626
(2018)Security mechanism of dynamic and differentiated protection for telecommunications services based on cloud computingInternational Journal of Security and Networks10.5555/3292934.329293913:4(252-260)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.5555/3292934.3292939
Show More Cited By

Index Terms

RunTest: assuring integrity of dataflow processing in cloud computing infrastructures
1. Information systems
  1. Information systems applications

Recommendations

On verifying stateful dataflow processing services in large-scale cloud systems
CCS '10: Proceedings of the 17th ACM conference on Computer and communications security

Cloud computing needs to provide integrity assurance in order to support security sensitive application services such as critical dataflow processing. In this paper, we present a novel RObust Service Integrity Attestation (ROSIA) framework that can ...
Monitoring-based auto-scalability across hybrid clouds
SAC '18: Proceedings of the 33rd Annual ACM Symposium on Applied Computing

Cloud computing is a relatively new type of Internet-based computing that becomes more and more popular. Using methods like virtualization, adopting architectures based on microservices, automation of building and deployment processes, Cloud could ...
A Conceptual Platform of SLA in Cloud Computing
DASC '11: Proceedings of the 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing

Cloud computing is a promising technology, where the infrastructure, developing platform, software and storage are delivered as a service. With the development of cloud computing, more and more cloud service providers emerge. However, there are no ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIACCS '10: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security

April 2010

363 pages

ISBN:9781605589367

DOI:10.1145/1755688

General Chair:
Dengguo Feng
Chinese Academy of Sciences, China
,
Program Chairs:
David Basin
ETH Zurich, Switzerland
,
Peng Liu
Pennsylvania State University

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 April 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

ASIA CCS '10

Sponsor:

SIGSAC

ASIA CCS '10: 5th ACM Symposium on Information, Computer and Communications Security

April 13 - 16, 2010

Beijing, China

Acceptance Rates

ASIACCS '10 Paper Acceptance Rate 25 of 166 submissions, 15%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

20
Total Citations
View Citations
940
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)1

Reflects downloads up to 14 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Kucab MBoryło PChołda P(2023)Hardware-Assisted Static and Runtime Attestation for Cloud DeploymentsIEEE Transactions on Cloud Computing10.1109/TCC.2023.332729011:4(3750-3765)Online publication date: Oct-2023
https://doi.org/10.1109/TCC.2023.3327290
Lee LBrink W(2019)Trust in Cloud-Based Services: A Framework for Consumer Adoption of Software as a ServiceJournal of Information Systems10.2308/isys-5262634:2(65-85)Online publication date: 18-Oct-2019
https://doi.org/10.2308/isys-52626
(2018)Security mechanism of dynamic and differentiated protection for telecommunications services based on cloud computingInternational Journal of Security and Networks10.5555/3292934.329293913:4(252-260)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.5555/3292934.3292939
(2018)Trust modelling for opportunistic cloud servicesInternational Journal of Grid and Utility Computing10.5555/3292801.32928029:4(289-306)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.5555/3292801.3292802
Bendahmane ABennasar HEssaaidi M(2018)An Efficient Approach to Improve Security for MapReduce Computation in Cloud SystemProceedings of the International Conference on Learning and Optimization Algorithms: Theory and Applications10.1145/3230905.3230954(1-6)Online publication date: 2-May-2018
https://dl.acm.org/doi/10.1145/3230905.3230954
Xie ZZhu SLi QWang WSchwab SRobertson WBalzarotti D(2016)You can promote, but you can't hideProceedings of the 32nd Annual Conference on Computer Security Applications10.1145/2991079.2991099(374-385)Online publication date: 5-Dec-2016
https://dl.acm.org/doi/10.1145/2991079.2991099
Kazim MEvans D(2016)Threat Modeling for Services in Cloud2016 IEEE Symposium on Service-Oriented System Engineering (SOSE)10.1109/SOSE.2016.55(66-72)Online publication date: Mar-2016
https://doi.org/10.1109/SOSE.2016.55
Elsayed MZulkernine M(2015)A Classification of Intrusion Detection Systems in the CloudJournal of Information Processing10.2197/ipsjjip.23.39223:4(392-401)Online publication date: 2015
https://doi.org/10.2197/ipsjjip.23.392
Pawloski AWu LDu XQian L(2015)A practical approach to the attestation of computational integrity in hybrid cloud2015 International Conference on Computing, Networking and Communications (ICNC)10.1109/ICCNC.2015.7069318(72-76)Online publication date: Feb-2015
https://doi.org/10.1109/ICCNC.2015.7069318
DING YWANG HWEI LCHEN SFU HXU X(2014)VAWS: Constructing Trusted Open Computing System of MapReduce with Verified ParticipantsIEICE Transactions on Information and Systems10.1587/transinf.E97.D.721E97.D:4(721-732)Online publication date: 2014
https://doi.org/10.1587/transinf.E97.D.721
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents