Diverse intrusion-tolerant database replication

Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2012A combinação da replicação de bases de dados com mecanismos de tolerância a falhas bizantinas ainda é um campo de pesquisa recente com projetos a surgirem nestes últimos anos. No entanto, a maioria dos protótipos desenvolvidos ou se focam em problemas muito específicos, ou são baseados em suposições que são muito difíceis de garantir numa situação do mundo real, como por exemplo ter um componente confiável. Nesta tese apresentamos DivDB, um sistema de replicação de bases de dados diverso e tolerante a intrusões. O sistema está desenhado para ser incorporado dentro de um driver JDBC, o qual irá abstrair o utilizador de qualquer complexidade adicional dos mecanismos de tolerância a falhas bizantinas. O DivDB baseia-se na combinação de máquinas de estados replicadas com um algoritmo de processamento de transações, a fim de melhorar o seu desempenho. Para além disso, no DivDB é possível ligar cada réplica a um sistema de gestão de base de dados diferente, proporcionando assim diversidade ao sistema. Propusemos, resolvemos e implementamos três problemas em aberto, existentes na conceção de um sistema de gestão de base de dados replicado: autenticação, processamento de transações e transferência de estado. Estas características torna o DivDB exclusivo, pois é o único sistema que compreende essas três funcionalidades implementadas num sistema de base de dados replicado. A nossa implementação é suficientemente robusta para funcionar de forma segura num simples sistema de processamento de transações online. Para testar isso, utilizou-se o TPC-C, uma ferramenta de benchmarking que simula esse tipo de ambientes.The combination of database replication with Byzantine fault tolerance mechanism is a recent field of research with projects appearing in the last few years. However most of the prototypes produced are either focused on very specific problems or are based on assumptions that are very hard to accomplish in a real world scenario (e.g., trusted component). In this thesis we present DivDB, a Diverse Intrusion-Tolerant Database Replication system. It is designed to be incorporated inside a JDBC driver so that it abstracts the user from any added complexity from Byzantine Fault Tolerance mechanism. DivDB is based in State Machine Replication combined with a transaction handling algorithm in order to enhance its performance. DivDB is also able to have different database systems connected at each replica, enabling to achieve diversity. We proposed, solved and implemented three open problems in the design of a replicated database system: authentication, transaction handling and state-transfer. This makes DivDB unique since it is the only system that comprises all these three features in a single database replication system. Our implementation is robust enough to operate reliably in a simple Online Transaction Processing system. To test that, we used TPC-C, a benchmark tool that simulates that kind of environments

‘Enhanced Encryption and Fine-Grained Authorization for Database Systems

The aim of this research is to enhance fine-grained authorization and encryption so that database systems are equipped with the controls necessary to help enterprises adhere to zero-trust security more effectively. For fine-grained authorization, this thesis has extended database systems with three new concepts: Row permissions, column masks and trusted contexts. Row permissions and column masks provide data-centric security so the security policy cannot be bypassed as with database views, for example. They also coexist in harmony with the rest of the database core tenets so that enterprises are not forced to compromise neither security nor database functionality. Trusted contexts provide applications in multitiered environments with a secure and controlled manner to propagate user identities to the database and therefore enable such applications to delegate the security policy to the database system where it is enforced more effectively. Trusted contexts also protect against application bypass so the application credentials cannot be abused to make database changes outside the scope of the application’s business logic. For encryption, this thesis has introduced a holistic database encryption solution to address the limitations of traditional database encryption methods. It too coexists in harmony with the rest of the database core tenets so that enterprises are not forced to choose between security and performance as with column encryption, for example. Lastly, row permissions, column masks, trusted contexts and holistic database encryption have all been implemented IBM DB2, where they are relied upon by thousands of organizations from around the world to protect critical data and adhere to zero-trust security more effectively

Developing Resource Usage Service in WLCG

According to the Memorandum of Understanding (MoU) of the World-wide LHC Computing Grid (WLCG) project, participating sites are required to provide resource usage or accounting data to the Grid Operational Centre (GOC) to enrich the understanding of how shared resources are used, and to provide information for improving the effectiveness of resource allocation. As a multi-grid environment, the accounting process of WLCG is currently enabled by four accounting systems, each of which was developed independently by constituent grid projects. These accounting systems were designed and implemented based on project-specific local understanding of requirements, and therefore lack interoperability. In order to automate the accounting process in WLCG, three transportation methods are being introduced for streaming accounting data metered by heterogeneous accounting systems into GOC at Rutherford Appleton Laboratory (RAL) in the UK, where accounting data are aggregated and accumulated throughout the year. These transportation methods, however, were introduced on a per accounting-system basis, i.e. targeting at a particular accounting system, making them hard to reuse and customize to new requirements. This paper presents the design of WLCG-RUS system, a standards-compatible solution providing a consistent process for streaming resource usage data across various accounting systems, while ensuring interoperability, portability, and customization

Processing Over Encrypted Query Data In Internet of Things (IoTs) : CryptDBs, MONOMI and SDB

Internet of Things (IoT) is the developing technologies that would be the biggest agents to modify the current world. Machine-to-machine communications perform with virtual, mobile and instantaneous connections. In IoT system, it consists of data-gathering sensors various other household devices. Intended for protecting IoT system, the end-to-end secure communication is a necessary measure to protect against unauthorized entities (e.g., modification attacks and eavesdropping,) and the data unprotected on the Cloud. The most important concern hereby is how to preserve the insightful information and to provide the privacy of user data. In IoT, the encrypted data computing is based on techniques appear to be promising approaches. In this paper, we discuss about the recent secure database systems, which are capable to execute SQL queries over encrypted data

SafeSpark: a secure data analytics platform using cryptographic techniques and trusted hardware

Dissertação de mestrado em Informatics EngineeringNowadays, most companies resort to data analytics frameworks to extract value from the increasing amounts of digital information. These systems give substantial competitive ad vantages to companies since they allow to support situations such as possible marketing decisions or predict user behaviors. Therefore, organizations tend to leverage the cloud to store and perform analytics over the data. Database services in the cloud present significant advantages as a high level of efficiency and flexibility, and the reduction of costs inherent to the maintenance and management of private infrastructures. The problem is that these services are often a target for malicious attacks, which means that sensitive and private personal information can be compromised. The current secure analytical processing solutions use a limited set of cryptographic techniques or technologies, which makes it impossible to explore different trade-offs of performance, security, and functionality requirements for different applications. Moreover, these systems also do not explore the combination of multiple cryptographic techniques and trusted hardware to protect sensitive data. The work presented here addresses this challenge, by using cryptographic schemes and the Intel SGX technology to protect confidential information, ensuring a practical solution which can be adapted to applications with different requirements. In detail, this dissertation begins by exposing a baseline study about cryptographic schemes and the Intel SGX tech nology, followed by the state-of-the-art revision about secure data analytics frameworks. A new solution based on the Apache Spark framework, called SafeSpark, is proposed. It provides a modular and extensible architecture and prototype, which allows protecting in formation and processing analytical queries over encrypted data, using three cryptographic schemes and the SGX technology. We validated the prototype with an experimental evalu ation, where we analyze the performance costs of the solution and also its resource usage. For this purpose, we use the TPC-DS benchmark to evaluate the proposed solution, and the results show that it is possible to perform analytical processing on protected data with a performance impact between 1.13x and 4.1x.Atualmente, um grande número de empresas recorre a ferramentas de análise de dados para extrair valor da quantidade crescente de informações digitais que são geradas. Estes sistemas apresentam consideráveis vantagens competitivas para as empresas, uma vez que permitem suportar situações como melhores decisões de marketing, ou até mesmo prever o comportamento dos seus clientes. Neste sentido, estas organizações tendem a recorrer a serviços de bases de dados na nuvem para armazenar e processar informação, uma vez que estas apresentam vantagens significativas como alto nível de eficiência e flexibilidade, bem como a redução de custos inerentes a manter e gerir uma infraestrutura privada. No entanto, estes serviços são frequentemente alvo de ataques maliciosos, o que leva a que informações pessoais privadas possam estar comprometidas. As soluções atuais de processamento analítico seguro utilizam um conjunto limitado de técnicas criptográficas ou tecnologias, o que impossibilita o balanceamento de diferentes compromissos entre performance, segurança e funcionalidade para diferentes aplicações. Ainda, estes sistemas não permitem explorar a simultânea utilização de técnicas criptográficas e de hardware confiável para proteger informação sensível. O trabalho apresentado nesta dissertação tem como objetivo responder a este desafio, utilizando esquemas criptográficos e a tecnologia Intel SGX para proteger informação confidencial, garantindo unia solução prática que pode ser adaptada a aplicações com diferentes requisitos. Em detalhe, este documento começa por expor um estudo de base sobre esquemas criptográficos e sobre a tecnologia SGX, seguido de uma revisão do estado de arte atual sobre ferramentas de processamento analítico seguro. Uma nova solução baseada na plataforma Apache Spark, chamada SafeSpark, é proposta. Esta providencia uma arquitetura modular e extensível, bem como um protótipo, que possibilita proteger informação e executar interrogações analíticas sobre dados cifrados, utilizando três esquemas criptográficos e a tecnologia Intel SGX. O protótipo foi validado com uma avaliação experimental, onde analisamos a penalização de desempenho da solução, bem como a sua utilização de recursos computacionais. Com este propósito, foi utilizada a plataforma de avaliação TPC-DS para avaliar a solução proposta, e os resultados mostram que é possível executar processamento analítico sobre dados protegidos, apresentando um impacto no desempenho entre 1.13x e 4.1x.This work was partially funded by FCT - Fundação para a Ciência e a Tecnologia, I.P., (Portuguese Foundation for Science and Technology) within project UID/EEA/50014/2019

CryptDB: A Practical Encrypted Relational DBMS

CryptDB is a DBMS that provides provable and practical privacy in the face of a compromised database server or curious database administrators. CryptDB works by executing SQL queries over encrypted data. At its core are three novel ideas: an SQL-aware encryption strategy that maps SQL operations to encryption schemes, adjustable query-based encryption which allows CryptDB to adjust the encryption level of each data item based on user queries, and onion encryption to efficiently change data encryption levels. CryptDB only empowers the server to execute queries that the users requested, and achieves maximum privacy given the mix of queries issued by the users. The database server fully evaluates queries on encrypted data and sends the result back to the client for final decryption; client machines do not perform any query processing and client-side applications run unchanged. Our evaluation shows that CryptDB has modest overhead: on the TPC-C benchmark on Postgres, CryptDB reduces throughput by 27% compared to regular Postgres. Importantly, CryptDB does not change the innards of existing DBMSs: we realized the implementation of CryptDB using client-side query rewriting/encrypting, user-defined functions, and server-side tables for public key information. As such, CryptDB is portable; porting CryptDB to MySQL required changing 86 lines of code, mostly at the connectivity layer