UT DALLAS Erik Jonsson School of Engineering & Computer Science
FEARLESS engineering
BigSecret: A Secure Data Management Framework for
Key-Value StoresErman Pattuk
Murat KantarciogluVaibhav KhadilkarHuseyin Ulusoy
Sharad Mehrotra (Univ. of California at Irvine)
FEARLESS engineering
Introduction
• Increasing amount of internet usage– Number of active users– Number of transactions per unit time– Size of the stored data– A new concept: BigData
• Existing techniques failed to satisfy new requirements
• To cope with BigData, Key-Value Stores emerge as a popular option– Efficiency and Scalability
FEARLESS engineering
Introduction
AmazonSimpleDB
GoogleBigTable
MicrosoftAzure…
Key Valuepattuk_erman:bank 1919381pattuk_erman:ssn 1928319ulusoy_huseyin:bank 4476861
ulusoy_huseyin:ssn 1148793
FEARLESS engineering
Proposed Framework: BigSecret
Public
Private
AmazonSimpleDB
GoogleBigTable
MicrosoftAzure
…
BigSecret
Dept 1
Dept 2
FEARLESS engineering
Outline
• Partitioning data among multiple cloud providers
• Storing data on a provider, while protecting efficiency and privacy
• Querying outsourced data• Experiments
FEARLESS engineering
Data and Workload Sharing
BigSecret
Data Owner
Provider-1
Provider-2
Provider-3
Constraints
FEARLESS engineering
Constraints in Partitioning
BigSecret
Provider-1
Provider-2
Provider-N…Monetary Cost < 10
Security Disclosure < 5%Optimize Execution Time
10% Data20% Workload
20% Data10% Workload
15% Data13% Workload
FEARLESS engineering
Storing Data in Secure Form
• Transform data using Encryption Models
FEARLESS engineering
Query Execution
BigSecret Provider-1
GET:“John” – “traits” – “height”
GET:A12C04 – BF2139 – 51231D
RESULT:1295DC10
RESULT:“170 cm”
FEARLESS engineering
Experiments
• Performed experiments using Yahoo! Cloud Serving Benchmark
• Created tables consisting of 1,2,4,8,16, and 32 Millions of rows– Each row has 10 Key-Value entries of 100B
• Created 3 different workloads– 1K queries for single-cloud experiments– 100K queries for multi-cloud experiments
FEARLESS engineering
Single-Cloud Experiments
Workload – 1 (Get intensive)
FEARLESS engineering
Single-Cloud Experiments
Workload – 2 (Put intensive)
FEARLESS engineering
Single-Cloud Experiments
Workload – 3 (Scan intensive)
FEARLESS engineering
Multi-Cloud Experiments
ProviderProperties Provider 1 Provider 2
Storage Plaintext Model-1
Risk weight 1 0.7
Speed Fast Slow
Monetary cost $700 $3700
Sensitivity disclosure risk %100 %70
FEARLESS engineering
Multi-Cloud Experiments
Workload – 3 (Scan intensive)
FEARLESS engineering
Conclusion
• If Scan is needed, Model-1 can be used– Otherwise, it’s not so efficient– May use other techniques to support Scan
• Model-2 and 3 perform well with minor overhead
• We plan to add support for other Key-Value stores
• BigSecret is open source– https://github.com/ermanpattuk/BigSecret
FEARLESS engineering
Q&A
Thank You