Konrad Jünemann

Confidential database-as-a-service approaches: taxonomy and survey

Outsourcing data to external providers has gained momentum with the advent of cloud computing. Encryption allows data confidentiality to be preserved when outsourcing data to untrusted external providers that may be compromised by attackers. However, encryption has to be applied in a way that still allows the external provider to evaluate queries received from the client. Even though confidential database-as-a-service (DaaS) is still an active field of research, various techniques already address this problem, which we call confidentiality preserving indexing approaches (CPIs). CPIs make individual tradeoffs between the functionality provided, i.e., the types of queries that can be evaluated, the level of protection achieved, and performance.In this paper, we present a taxonomy of requirements that CPIs have to satisfy in deployment scenarios including the required functionality and the required level of protection against various attackers. We show that the taxonomy’s underlying principles serve as a methodology to assess CPIs, primarily by linking attacker models to CPI security properties. By use of this methodology, we survey and assess ten previously proposed CPIs. The resulting CPI catalog can help the reader who would like to build DaaS solutions to facilitate DaaS design decisions while the proposed taxonomy and methodology can also be applied to assess upcoming CPI approaches.

Data Outsourcing Simplified: Generating Data Connectors from Confidentiality and Access Policies

For cloud-based outsourcing of confidential data, various techniques based on cryptography or data-fragmentation have been proposed, each with its own tradeoff between confidentiality, performance, and the set of supported queries. However, it is complex and error-prone to select appropriate techniques to individual scenarios manually. In this paper, we present a policy-based approach consisting of a domain specific language and a policy-transformator to automatically generate scenario-specific software adapters called mediators that set up data outsourcing and govern data access. Mediators combine state-of-the-art confidentiality techniques to ensure a user-specified level of confidentiality while still offering efficient data access. Thus, our approach simplifies data outsourcing by decoupling policy decisions from their technical implementation and realizes appropriate tradeoffs between confidentiality and efficiency.

Securus: From Confidentiality and Access Requirements to Data Outsourcing Solutions

To preserve data confidentiality in database outsourcing scenarios, various techniques have been proposed that preserve a certain degree of confidentiality while still allowing to efficiently execute certain queries. Typically, several of those techniques have to be combined to achieve a certain degree of confidentiality. However, finding an appropriate combination is not a trivial task, as expert knowledge is required and interdependencies between the techniques exist. Securus, an approach we previously proposed, addresses this problem. Securus allows users to model their requirements regarding the information in the outsourced dataset that has to be protected. Furthermore, queries that have to be efficiently executable on the outsourced data can be specified. Based on these requirements, Securus uses Integer Linear Programming (ILP) to find a suitable combination of confidentiality enhancing techniques and generates a software adapter. This software adapter transparently applies the techniques to fulfill the specified requirements and can be used to seamlessly outsource and query the data. In this paper, we present an outline of Securus and extend our previous work by highlighting the differences to other approaches in the field. Furthermore, we show how Securus can be extended to allow for more efficient solutions if the attacker’s capabilities can be modeled by the user.

OvlVis: visualization of peer-to-peer networks in simulation and testbed environments

Peer-to-Peer (P2P) networks are realized as overlay networks and hence connections between arbitrary P2P nodes can exist. In addition, P2P networks dynamically adapt to changes in the environment in order to be scalable and robust. Thus, network topologies constantly change and development of P2P systems becomes often a cumbersome task. Network simulators as well as testbeds are commonly used to develop and analyze characteristics and performance of P2P protocols. Thus, we present in this paper a tool for simulation and testbed environments that facilitates the development process by graph-based visualization and animation. Our requirements for a visualization tool comprises multi-P2P-protocol simulations, multilayer simulations (from network topologies to business processes) and real-time monitoring capabilities needed in field tests. In this paper, we list the specific requirements for visualizing P2P networks. Then we describe the design of our proposed tool, OvlVis, that is implemented in Java and freely available for download under the LGPL. Finally, we evaluate core performance issues like CPU load and network utilization.

Self-optimization of DHT lookups through run-time performance analysis

Distributed Hash Tables (DHTs) provide information lookup within a Peer-to-Peer (P2P) network. A multitude of distributed applications leverages DHTs for offering more advanced services such as distributed file systems, web caches or distributed DNS. For such DHT-based applications, lookup performance is highly important. However, lookup performance is severely affected by network characteristics, i.e., churn and connectivity issues due to NAT routers. As those characteristics are heavily influenced by user behavior, changes are not only likely but also hard to predict. Although DHTs are known for their self-organization, current implementations often do not adapt optimally to variation in network characteristics. In this paper, we propose to dynamically optimize the client through tuning its parameters at run-time. For doing so, different configurations are tested and compared automatically. To reduce overhead, requests sent to other peers are recorded and replayed by a simulation engine, if the same peer is queried again using the same parameter. We evaluated our approach at two exemplary scenarios of the future state of the BitTorrent Mainline DHT (MDHT), one of the most widely used public DHTs. In these scenarios, the lookups of a client using static parameters were more than three times slower and had a 25% higher network overhead than those of an adaptive client. With only 4 additional UDP packets sent per second and a one-digit CPU load, the proposed approach also induces minimal overhead.

Confidential Data-Outsourcing and Self-Optimizing P2P-Networks: Coping with the Challenges of Multi-Party Systems

This work addresses the inherent lack of control and trust in Multi-Party Systems at the examples of the Database-as-a-Service (DaaS) scenario and public Distributed Hash Tables (DHTs). In the DaaS field, it is shown how confidential information in a database can be protected while still allowing the external storage provider to process incoming queries. For public DHTs, it is shown how these highly dynamic systems can be managed by facilitating monitoring, simulation, and self-adaptation.

SECURUS: Composition of Confidentiality Preserving Indexing Approaches for Secure Database-as-a-Service

The Database-as-a-Service (DaaS) paradigm addresses the outsourcing of databases to specialized storage providers, potentially reducing costs and increasing robustness. A common DaaS requirement is to prevent the storage provider from retrieving information from the outsourced data while still allowing it to execute queries. Various confidentiality preserving indexing approaches (CPIs) have been proposed that preserve confidentiality while allowing the SP to participate in query execution. However, these approaches only allow the execution of specific kinds of queries, for instance queries that select records based on the equality of a certain attribute to a search term. Choosing an optimal set of CPIs that matches the users specific requirements is a hard task, as it requires expert knowledge about both the scenario and the available CPIs. In this article, we provide an overview of the Securus framework [10] that tackles this issue. Securus allows the user to define her confidentiality needs and query workload in a Policy Profile. Securus then computes a set of CPIs that matches the specified requirements. Furthermore, a software adapter called Mediator is generated that implements the chosen CPIs and can be used to seamlessly outsource and query data.

Ensuring reproducibility through tool-based simulation process management

For credibility of simulation results, reproducibility of simulation runs is a must. However, reproducibility requires a thorough management of all data involved in the simulation process. The corresponding management of data can be error-prone and time consuming if performed manually. In this paper we introduce a simulation management approach that ensures reproducibility and traceability of simulation runs as well as improves efficiency of simulation processes by automation of common simulation tasks. We implemented our approach as an Eclipse plugin. We show that information gained by explicit simulation management can be used to automatically organize and archive all necessary data to reproduce a simulation. While our tool was implemented with focus on the network simulator ns-2, our concepts can be applied to other simulation environments, too.

Autonome Kommunikationsinfrastrukturen. Eine praxisnahe Betrachtung

ZUSAMMENFASSUNG Peer-to-Peer-(P2P-)Systeme bieten sich auf natürliche Weise zur Realisierung von autonomen Kommunikationsinfrastrukturen für geschlossene Benutzergruppen mit sehr wenigen Teilnehmern an. In dieser Arbeit wird ein zweistufiger Ansatz vorgestellt, der es ermöglicht, solche P2P-Systeme ohne Verwendung von zentralen Komponenten wie Servern oder Verzeichnisdiensten zu realisieren. Als Hilfsmittel nutzt der Ansatz das weit verbreitete P2P-Dateitauschsystem BitTorrent und realisiert den Beitritt zu diesem System mittels einer Suche nach bereits aktiven BitTorrent-Knoten. Nach dem erfolgreichen Beitritt wird BitTorrent zur Lokalisierung anderer Mitglieder der geschlossenen Benutzergruppe verwendet, zwischen denen dann ein P2P-Netz aufgebaut wird. Die Umsetzbarkeit des vorgeschlagenen Ansatzes wird anhand umfangreicher Messungen in realistischen Umgebungen veranschaulicht. Dabei zeigen sich deutlich in der Praxis zu erwartende Einschränkungen, z.B. durch das so genannte Connection Tracking in typischer DSL-Hardware wie NAT-Routern mit integrierter Firewall. Diese Einschränkungen verlangen eine entsprechende Anpassung der verwendeten Mechanismen.