Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) October 2011Team MembersOutlineObjectivesLayered FrameworkSecure Query Processing with Hadoop/MapReduceSlide 7Slide 8Demonstration: Concept of OperationRDF-based Policy Engine on the CloudIntegration with Assured Information Sharing:Secure Storage and Query Processing in a Hybrid Cloud: Problem MotivationResearch ResultsHypervisor integrity and forensics in the CloudCloud-based Malware Detection Dr. MehedyCloud-based Malware DetectionSlide 17DirectionsOctober 2011Identity Management Considerations in a CloudDr. Bhavani ThuraisinghamThe University of Texas at Dallas (UTD)October 2011Cloud-based Assured Information Sharing and Identity ManagementTeam Members•Sponsor: Air Force Office of Scientific Research•The University of Texas at Dallas–Faculty: Dr. Murat Kantarcioglu; Dr. Latifur Khan; Dr. Kevin Hamlen; Dr. Zhiqiang Lin•Sub-contractors–Prof. Elisa Bertino (Purdue)–Ms. Anita Miller, Dr. Bob Johnson (North Texas Fusion Center)•Collaborators–Dr. Steve Barker, Kings College, U of London (EOARD)–Dr. Barbara Carminati; Dr. Elena Ferrari, U of Insubria (EOARD)–Prof. Peng Liu, Penn State–Prof. Ting Yu, NC StateOutline•Objectives•Layered Framework•Data Security Issues for Clouds•Our Research–FY11•Cloud-based Assured Information Sharing Demonstration•RDF-based Policy Engine on the Cloud•Secure Query Processing in Hybrid Cloud•CloudMask: Purdue University•Stream-based Malware Detection on the Cloud•Hypervisor (e.g., Xen) Integrity Issues and Forensics in the Cloud•Preliminary Investigation of Identity Management–FY10•Secure Querying and Storing Relational Data with HIVE•Secure Querying and Storing RDF in Hadoop with SPARQL •XACML Implementation for Hadoop•Amazon.com Web Services and Security•Accountability and Access Control (Joint with Purdue)•Acknowledgement: Research Funded by Air Force Office of Scientific ResearchObjectives•Cloud computing is an example of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet. Users need not have knowledge of, expertise in, or control over the technology infrastructure in the "cloud" that supports them.•Our research on Cloud Computing is based on Hadoop, MapReduce, Xen•Apache Hadoop is a Java software framework that supports data intensive distributed applications under a free license. It enables applications to work with thousands of nodes and petabytes of data. Hadoop was inspired by Google's MapReduce and Google File System (GFS) papers.•XEN is a Virtual Machine Monitor developed at the University of Cambridge, England•Our goal is to build a secure cloud infrastructure to assured information sharing applications01/14/19 5Layered FrameworkUser InterfaceHadoop/MapReduc/StorageHIVE/SPARQL/QueryXEN/Linux/VMMSecure Virtual Network MonitorPoliciesXACMLRisks/CostsQoSResource AllocationCloud MonitorsFigure2. Layered Framework for Assured CloudSecure Query Processing with Hadoop/MapReduce•We have studied clouds based on Hadoop•Query rewriting and optimization techniques designed and implemented for two types of data•(i) Relational data: Secure query processing with HIVE•(ii) RDF data: Secure query processing with SPARQL•Demonstrated with XACML policies•Joint demonstration with Kings College and University of Insubria–First demo (2011): Each party submits their data and policies–Our cloud will manage the data and policies –Second demo (2012): Multiple cloudsFine-grained Access Control with HiveSystem ArchitectureTable/View definition and loading,Users can create tables as well as load data into tables. Further, they can also upload XACML policies for the table they are creating. Users can also create XACML policies for tables/views.Users can define views only if they have permissions for all tables specified in the query used to create the view. They can also either specify or create XACML policies for the views they are defining.CollaborateCom 2010ServerBackendSPARQL Query Optimizer for Secure RDF Data ProcessingWeb InterfaceData PreprocessorN-Triples ConverterPrefix GeneratorPredicate Based SplitterPredicate Object Based SplitterMapReduce FrameworkParserQuery Validator & RewriterXACML PDPPlan GeneratorPlan ExecutorQuery Rewriter By PolicyNew DataQueryAnswerTo build an efficient storage mechanism using Hadoop for large amounts of data (e.g. a billion triples); build an efficient query mechanism for data stored in Hadoop; Integrate with JenaDeveloped a query optimizer and query rewriting techniques for RDF Data with XACML policies and implemented on top of JENAIEEE Transactions on Knowledge and Data Engineering, 2011Demonstration: Concept of OperationUser Interface LayerFine-grained Access Control with Hive SPARQL Query Optimizer for Secure RDF Data ProcessingRelational DataRDF DataAgency 1 Agency 2 Agency n…RDF-based Policy Engine on the CloudA testbed for evaluating different policy sets over different data representation. Also supporting provenance as directed graph and viewing policy outcomes graphicallyDetermine how access is granted to a resource as well as how a document is sharedUser specify policy: e.g., Access Control, Redaction, Released Policy Parse a high-level policy to a low-level representationSupport Graph operations and visualization. Policy executed as graph operationsExecute policies as SPARQL queries over large RDF graphs on Hadoop Support for policies over Traditional data and its provenanceIFIP Data and Applications Security, 2010, ACM SACMAT 2011Integration with Assured Information Sharing:User Interface LayerRDF Data PreprocessorPolicy Translation and Transformation LayerMapReduce Framework for Query ProcessingHadoop HDFSAgency 1 Agency 2 Agency n…RDF Data and PoliciesSPARQL QueryResultSecure Storage and Query Processing in a Hybrid Cloud: Problem Motivation•The use of hybrid clouds is an emerging trend in cloud computing–Ability to exploit public resources for high throughput–Yet, better able to control costs and data privacy•Several key challenges–Data Design: how to store data in a hybrid cloud?•Solution must account for data representation used (unencrypted/encrypted), public cloud monetary costs and query workload characteristics–Query Processing: how to execute a query over a hybrid cloud?•Solution must provide query rewrite rules that ensure the
View Full Document
Unlocking...