UNIC: Secure Deduplication of General Computations. Yang Tang and Junfeng Yang Columbia University

Transcription

1 UNIC: Secure Deduplication of General Computations Yang Tang and Junfeng Yang Columbia University

2 The world s data is fast exploding A significant portion of the data is redundant. Data deduplication can hugely save storage and simplify management.

3 Not only is the data redundant The computations on top of the data are also redundant. Can we deduplicate computations as well?

4 Challenges How can we deduplicate computations done by mutually distrusting users? Users can t put wrong results in the cache. Users can t query the cache if they shouldn t. Don t authenticate users. Authenticate computations! The UNIC way: leverage code attestation. 4

5 More challenges How can we deduplicate general computations? s: virus scanning, compiling source code, compression, big-data analysis, CommonCrawl Impossible to understand every computation. With developer s support, much more can be done. The UNIC way: provide a simple yet expressive. 5

6 UNIC overview UNIC: secure deduplication of general computations. Application UNIC Code attestation for integrity and secrecy UNIC UNIC cache 6

7 Outline Introduction design UNIC 7

8 Threats Cache poisoning A malicious user may try to put wrong results. Query forging A malicious user may try to query entries in the result cache that she cannot access. UNIC leverages code attestation to enforce both integrity and secrecy of the result cache. 8

9 Code attestation A computation is code input mov %edi,%ebp sub $0x3a8,%rsp mov (%rsi),%rdi mov %fs:0x28,%rax mov %rax,0x398(%rsp) xor %eax,%eax result Signature Code attestation cryptographically binds the result with the code and input that produced the result. 9

10 UNIC design code UNIC computes (1) result = code(input) input mov %edi,%ebp sub $0x3a8,%rsp mov (%rsi),%rdi mov %fs:0x28,%rax mov %rax,0x398(%rsp) xor %eax,%eax result Signature Run code on input to compute result. (2) sig = HMAC(hash(code) hash(input) result, K) Bind result with code and input. K is distributed among the trusted OSes. 10

11 UNIC protocol When an application wants to compute code(input) Application UNIC cache hash(code) hash(input) 11

12 UNIC protocol If cache hits Application UNIC cache hash(code) hash(input) result 12

13 UNIC protocol If cache misses Application UNIC cache hash(code) hash(input) cache does not exist compute result = code(input) and sig = HMAC(hash(code) hash(input) result, K) hash(code) hash(input), result, sig validate sig and update cache 13

14 void simple_virus_scanner(file, options) { buffer = read(file); result = scan_signature(buffer, options); print(result); } A simple virus scanning application 14

15 void simple_virus_scanner(file, options) { buffer = read(file); if (exists(scan_signature, buffer, options)) { result = get(scan_signature, buffer, options); } else { result = scan_signature(buffer, options); put(scan_signature, buffer, options, result); } print(result); } // red font: UNIC 15

16 void simple_virus_scanner(file, options) { buffer = read(file); if (exists(scan_signature, buffer, options)) { result = get(scan_signature, buffer, options); } else { result = scan_signature(buffer, options); put(scan_signature, buffer, options, result); } print(result); } // red font: UNIC 16

17 void simple_virus_scanner(file, options) { hash = get_file_hash(file); if (exists(scan_signature, hash, options)) { result = get(scan_signature, hash, options); } else { buffer = read(file); result = scan_signature(buffer, options); put(scan_signature, hash, options, result); } print(result); } // red font: UNIC 17

18 UNIC init() get_file_hash(file) exists(computation, hash, id) get(computation, hash, id) put(computation, hash, id, result, ttl) 18

19 UNIC init() Leverages deduplication metadata from the underlying storage get_file_hash(file) exists(computation, hash, id) get(computation, hash, id) put(computation, hash, id, result, ttl) 19

20 UNIC init() get_file_hash(file) Application-defined string identifier exists(computation, hash, id) get(computation, hash, id) put(computation, hash, id, result) 20

21 Our experiments aim to answer: Is UNIC easy to use? Does UNIC reduce computation time? What is UNIC s storage overhead? 21

22 We evaluated UNIC on 4 popular open-source apps: clamav: anti-virus software. pbzip2: multi-threaded compression utility. grep: pattern searching tool. gcc: compiler (using ccache). 22

23 Application adaptation effort Application Total LoC Changes Percentage clamav 1,732, <0.01% pbzip2 4, % grep 9, % gcc (ccache) 29, % UNIC is easy to use. 23

24 Application performance Relative running time 400% 300% 200% 100% 0% 145 cache miss cache hit clamav-l clamav-d pbzip2-l grep-ls grep-lc grep-ts grep-tc gcc-l (L: Linux source code, T: ctags file, D: Dropbox folder, s: simple query, c: complex query) 30 Baseline: without UNIC Reusing cached result is much faster. Average speedup =

25 Working with changing data original with UNIC Running time (s) Average speedup = Linux source code version UNIC also works well with partially duplicate data. 25

26 Storage overhead Application Dataset size Cache size Percentage clamav-l 508.1MB 2.8MB 0.55% clamav-d 10.8GB 4.4MB 0.04% pbzip2-l 544.0MB 106.4MB 19.55% grep-ls 508.1MB 11.2MB 2.21% grep-lc 508.1MB 4.2MB 0.83% grep-ts 250.0MB 5.3MB 2.13% grep-tc 250.0MB 4.5MB 1.80% gcc-l 508.1MB 2.3MB 0.46% (L: Linux source code, T: ctags file, D: Dropbox folder, s: simple query, c: complex query) UNIC incurs little storage overhead. 26

27 Conclusion UNIC: secure deduplication of general computations. It uses code attestation for secrecy and integrity. It exports a simple yet expressive. It explores a cross-layer design to leverage storage deduplication. 27