35th Annual Computer Security Applications Conference (ACSAC 2019)

Full Program »
View File
View File

SecDATAVIEW: A Secure Big Data Workflow Management System for Heterogeneous Computing Environments

Big data workflow management systems (BDWFMSs) have recently emerged as popular platforms to perform large-scale data analytics in the cloud. However, the protection of data confidentiality and secure execution of workflow applications remains an important and challenging problem. Although a few data analytics systems were developed to address this problem, they are limited to specific structures such as Map-Reduce-style workflows and SQL queries. This paper proposes SecDATAVIEW, a BDWFMS that leverages Intel Software Guard eXtensions (SGX) and AMD Secure Encrypted Virtualization (SEV) to develop a heterogeneous trusted execution environment for workflows. SecDATAVIEW aims to (1) provide the confidentiality and integrity of code and data for workflows running on public untrusted clouds, (2) minimize the TCB size for a BDWFMS, (3) enable the trade-off between security and performance for workflows, and (4) support the execution of Java-based workflow tasks in SGX. Our experimental results show that SecDATAVIEW imposes $1.69x$ to $2.62x$ overhead on workflow execution time on SGX worker nodes, $1.04x$ to $1.29x$ overhead on SEV worker nodes, and $1.20x$ to $1.43x$ overhead on a heterogeneous setting in which both SGX and SEV worker nodes are used.

Saeid Mofrad
Wayne State University

Ishtiaq Ahmed
Wayne State University

Shiyong Lu
Wayne State University

Ping Yang
State University of New York at Binghamton

Heming Cui
University of Hong Kong

Fengwei Zhang
Wayne State University


Powered by OpenConf®
Copyright©2002-2020 Zakon Group LLC