|
Many big-data workloads are hosted on the cloud to facilitate sharing and low cost. Many of these workloads deal with sensitive data, e.g., electronic health records. Cloud infrastructures are vulnerable to attacks from untrusted operators with physical access to the computers. These attacks can take many forms and may compromise privacy or integrity. To guarantee the security of sensitive data and ensure the cost-effectiveness of shared cyberinfrastructure, it is vital that these attacks be thwarted while not incurring a significant penalty in terms of performance, energy, or cost.
Currently, the above attacks are thwarted with oblivious RAM (ORAM) and integrity trees. These solutions incur significant bandwidth and capacity overheads and can degrade performance by 1-2 orders of magnitude. These solutions also show different behaviors on different workloads, i.e., one cannot ignore system, hardware, and workload effects when evaluating algorithms for security. To address these problems, the PIs are designing novel secure hardware, and leveraging commodity secure hardware to design novel secure systems. The PIs are developing new secure algorithms that require hardware/software co-design because their behavior is a function of workload locality properties and hardware constraints, e.g., a distributed implementation of ORAM enabled by custom memory modules. These new algorithms are being integrated into scalable in-memory database systems that run on a cluster of state-of-the-art secure nodes. The project is thus attempting to secure cyberinfrastructure for sensitive applications, moving well-known approaches (ORAM and integrity trees) into the practical realm. The PIs are also continuing their outreach and education efforts.
|
SaTC: CORE: Small: Efficient Hardware-Aware and Hardware-Enabled Algorithms for Secure In-Memory Databases