The Experts below are selected from a list of 123 Experts worldwide ranked by ideXlab platform
Pascal Lafourcade - One of the best experts on this subject based on the ideXlab platform.
-
Secure Intersection with MapReduce
2019Co-Authors: Radu Ciucanu, Matthieu Giraud, Pascal LafourcadeAbstract:Relation intersection is a fundamental problem, which becomes non-trivial when the relations to be intersected are too large to fit on a single machine. Hence, a natural approach is to design parallel algorithms that are executed on a cluster of machines rented from a Public Cloud Provider. Intersection of relations becomes even more difficult when each relation belongs to a different data owner that wants to protect her data privacy. We consider the popular MapReduce paradigm for outsourcing data and computations to a semi-honest Public Cloud. Our main contribution is the SI protocol (for Secure Intersection) that allows to securely compute the intersection of an arbitrary number of relations, each of them being encrypted by its owner. The user allowed to query the intersection result has only to decrypt the result sent by the Public Cloud. SI does not leak (to the Public Cloud or to the user) any information on tuples that are not in the final relation intersection result, even if t he Public Cloud and the user collude i.e., they share all their private information. We prove the security of SI and provide an empirical evaluation showing its efficiency.
-
Secure Grouping and Aggregation with MapReduce
2018Co-Authors: Radu Ciucanu, Matthieu Giraud, Pascal LafourcadeAbstract:MapReduce programming paradigm allows to process big data sets in parallel on a large cluster. We focus on a scenario where the data owner outsources her data on an honest-but-curious server. Our aim is to evaluate grouping and aggregation with SUM, COUNT, AVG, MIN, and MAX operations for an authorized user. For each of these five operations, we assume that the Public Cloud Provider and the user do not collude i.e., the Public Cloud does not know the secret key of the user. We prove the security of our approach for each operation.
-
ICETE (2) - Secure Grouping and Aggregation with MapReduce
Proceedings of the 15th International Joint Conference on e-Business and Telecommunications, 2018Co-Authors: Radu Ciucanu, Matthieu Giraud, Pascal LafourcadeAbstract:MapReduce programming paradigm allows to process big data sets in parallel on a large cluster. We focus on a scenario where the data owner outsources her data on an honest-but-curious server. Our aim is to evaluate grouping and aggregation with SUM, COUNT, AVG, MIN, and MAX operations for an authorized user. For each of these five operations, we assume that the Public Cloud Provider and the user do not collude i.e., the Public Cloud does not know the secret key of the user. We prove the security of our approach for each operation.
-
ARES - Secure Matrix Multiplication with MapReduce
Proceedings of the 12th International Conference on Availability Reliability and Security, 2017Co-Authors: Xavier Bultel, Radu Ciucanu, Matthieu Giraud, Pascal LafourcadeAbstract:The MapReduce programming paradigm allows to process big data sets in parallel on a large cluster of commodity machines. The MapReduce users often outsource their data and computations to a Public Cloud Provider. We focus on the fundamental problem of matrix multiplication, and address the inherent security and privacy concerns that occur when outsourcing to a Public Cloud. Our goal is to enhance the two state-of-the-art algorithms for MapReduce matrix multiplication with privacy guarantees such as: none of the nodes storing an input matrix can learn the other input matrix or the output matrix, and moreover, none of the nodes computing an intermediate result can learn the input or the output matrices. To achieve our goal, we rely on the well-known Paillier's cryptosystem and we use its partially homomorphic property to develop efficient algorithms that satisfy our problem statement. We develop two different approaches called Secure-Private (SP) and Collision-Resistant-Secure-Private (CRSP), and compare their trade-offs with respect to three fundamental criteria: computation cost, communication cost, and privacy guarantees. Finally, we give security proofs of our protocols.
-
Secure Matrix Multiplication with MapReduce
2017Co-Authors: Xavier Bultel, Radu Ciucanu, Matthieu Giraud, Pascal LafourcadeAbstract:The MapReduce programming paradigm allows to process big data sets in parallel on a large cluster of commodity machines. The MapReduce users often outsource their data and computations to a Public Cloud Provider. We focus on the fundamental problem of matrix multiplication, and address the inherent security and privacy concerns that occur when outsourcing to a Public Cloud. Our goal is to enhance the two state-of-the-art algorithms for MapReduce matrix multiplication with privacy guarantees such as: none of the nodes storing an input matrix can learn the other input matrix or the output matrix, and moreover, none of the nodes computing an intermediate result can learn the input or the output matrices. To achieve our goal, we rely on the well-known Paillier's cryptosystem and we use its partially homomorphic property to develop efficient algorithms that satisfy our problem statement. We develop two different approaches called Secure-Private (SP) and Collision-Resistant-Secure-Private (CRSP), and compare their trade-offs with respect to three fundamental criteria: computation cost, communication cost, and privacy guarantees. Finally, we give security proofs of our protocols.
Marty Humphrey - One of the best experts on this subject based on the ideXlab platform.
-
UCC - Comprehensive Elastic Resource Management to Ensure Predictable Performance for Scientific Applications on Public IaaS Clouds
2014 IEEE ACM 7th International Conference on Utility and Cloud Computing, 2014Co-Authors: In Kee Kim, Jacob Steele, Marty HumphreyAbstract:Scientists have become increasingly reliant on large-scale compute resources on Public IaaS Clouds to efficiently process their applications. Unfortunately, the reactive nature of auto-scaling techniques made available by the Public Cloud Provider can cause insufficient response time and poor job deadline satisfaction rates. To solve these problems, we designed an end-to-end elastic resource management system for scientific applications on Public IaaS Clouds. This system employs the following strategies: 1) an accurate and dynamic job execution time predictor, 2) a resource evaluation scheme that balances cost and performance, and 3) an "availability-aware" job scheduling algorithm. This comprehensive system is deployed on Amazon Web Services and is compared with other state-of-the-art resource management schemes. Experimental results show that our system achieves a 9%--32% improvement with respect to the deadline satisfaction rate over other schemes. We achieve this deadline satisfaction rate improvement while still providing improved cost-efficiency over other state-of-the-art approaches.
Marin Litoiu - One of the best experts on this subject based on the ideXlab platform.
-
IP Spoofing In and Out of the Public Cloud: From Policy to Practice
Computers, 2019Co-Authors: Natalija Vlajic, Mashruf Chowdhury, Marin LitoiuAbstract:In recent years, a trend that has been gaining particular popularity among cybercriminals is the use of Public Cloud to orchestrate and launch distributed denial of service (DDoS) attacks. One of the suspected catalysts for this trend appears to be the increased tightening of regulations and controls against IP spoofing by world-wide Internet service Providers (ISPs). Three main contributions of this paper are (1) For the first time in the research literature, we provide a comprehensive look at a number of possible attacks that involve the transmission of spoofed packets from or towards the virtual private servers hosted by a Public Cloud Provider. (2) We summarize the key findings of our research on the regulation of IP spoofing in the acceptable-use and term-of-service policies of 35 real-world Cloud Providers. The findings reveal that in over 50% of cases, these policies make no explicit mention or prohibition of IP spoofing, thus failing to serve as a potential deterrent. (3) Finally, we describe the results of our experimental study on the actual practical feasibility of IP spoofing involving a select number of real-world Cloud Providers. These results show that most of the tested Public Cloud Providers do a very good job of preventing (potential) hackers from using their virtual private servers to launch spoofed-IP campaigns on third-party targets. However, the same very own virtual private servers of these Cloud Providers appear themselves vulnerable to a number of attacks that involve the use of spoofed IP packets and/or could be deployed as packet-reflectors in attacks on third party targets. We hope the paper serves as a call for awareness and action and motivates the Public Cloud Providers to deploy better techniques for detection and elimination of spoofed IP traffic.
-
CASCON - Partitioning applications for hybrid and federated Clouds
2012Co-Authors: Michael Smit, Mark Shtern, Bradley Simmons, Marin LitoiuAbstract:On-demand access to computing resources as-a-service has the potential to allow enterprises to temporarily scale out of their private data center into the infrastructure of a Public Cloud Provider during times of peak demand. However, concerns about privacy and security may limit the adoption of this technique. We describe an approach to partitioning a software application (particularly a client-facing web application) into components that can be run in the Public Cloud and components that should remain in the private data center. Static code analysis is used to automatically establish a partitioning based on low-effort input from the developer. Public and private versions of the application are created and deployed; at runtime, user navigation proceeds seamlessly with requests routed to the Public or private data center as appropriate. We present implementations for both Java and PHP web applications, tested on sample applications.
Radu Ciucanu - One of the best experts on this subject based on the ideXlab platform.
-
Secure Intersection with MapReduce
2019Co-Authors: Radu Ciucanu, Matthieu Giraud, Pascal LafourcadeAbstract:Relation intersection is a fundamental problem, which becomes non-trivial when the relations to be intersected are too large to fit on a single machine. Hence, a natural approach is to design parallel algorithms that are executed on a cluster of machines rented from a Public Cloud Provider. Intersection of relations becomes even more difficult when each relation belongs to a different data owner that wants to protect her data privacy. We consider the popular MapReduce paradigm for outsourcing data and computations to a semi-honest Public Cloud. Our main contribution is the SI protocol (for Secure Intersection) that allows to securely compute the intersection of an arbitrary number of relations, each of them being encrypted by its owner. The user allowed to query the intersection result has only to decrypt the result sent by the Public Cloud. SI does not leak (to the Public Cloud or to the user) any information on tuples that are not in the final relation intersection result, even if t he Public Cloud and the user collude i.e., they share all their private information. We prove the security of SI and provide an empirical evaluation showing its efficiency.
-
Secure Grouping and Aggregation with MapReduce
2018Co-Authors: Radu Ciucanu, Matthieu Giraud, Pascal LafourcadeAbstract:MapReduce programming paradigm allows to process big data sets in parallel on a large cluster. We focus on a scenario where the data owner outsources her data on an honest-but-curious server. Our aim is to evaluate grouping and aggregation with SUM, COUNT, AVG, MIN, and MAX operations for an authorized user. For each of these five operations, we assume that the Public Cloud Provider and the user do not collude i.e., the Public Cloud does not know the secret key of the user. We prove the security of our approach for each operation.
-
ICETE (2) - Secure Grouping and Aggregation with MapReduce
Proceedings of the 15th International Joint Conference on e-Business and Telecommunications, 2018Co-Authors: Radu Ciucanu, Matthieu Giraud, Pascal LafourcadeAbstract:MapReduce programming paradigm allows to process big data sets in parallel on a large cluster. We focus on a scenario where the data owner outsources her data on an honest-but-curious server. Our aim is to evaluate grouping and aggregation with SUM, COUNT, AVG, MIN, and MAX operations for an authorized user. For each of these five operations, we assume that the Public Cloud Provider and the user do not collude i.e., the Public Cloud does not know the secret key of the user. We prove the security of our approach for each operation.
-
ARES - Secure Matrix Multiplication with MapReduce
Proceedings of the 12th International Conference on Availability Reliability and Security, 2017Co-Authors: Xavier Bultel, Radu Ciucanu, Matthieu Giraud, Pascal LafourcadeAbstract:The MapReduce programming paradigm allows to process big data sets in parallel on a large cluster of commodity machines. The MapReduce users often outsource their data and computations to a Public Cloud Provider. We focus on the fundamental problem of matrix multiplication, and address the inherent security and privacy concerns that occur when outsourcing to a Public Cloud. Our goal is to enhance the two state-of-the-art algorithms for MapReduce matrix multiplication with privacy guarantees such as: none of the nodes storing an input matrix can learn the other input matrix or the output matrix, and moreover, none of the nodes computing an intermediate result can learn the input or the output matrices. To achieve our goal, we rely on the well-known Paillier's cryptosystem and we use its partially homomorphic property to develop efficient algorithms that satisfy our problem statement. We develop two different approaches called Secure-Private (SP) and Collision-Resistant-Secure-Private (CRSP), and compare their trade-offs with respect to three fundamental criteria: computation cost, communication cost, and privacy guarantees. Finally, we give security proofs of our protocols.
-
Secure Matrix Multiplication with MapReduce
2017Co-Authors: Xavier Bultel, Radu Ciucanu, Matthieu Giraud, Pascal LafourcadeAbstract:The MapReduce programming paradigm allows to process big data sets in parallel on a large cluster of commodity machines. The MapReduce users often outsource their data and computations to a Public Cloud Provider. We focus on the fundamental problem of matrix multiplication, and address the inherent security and privacy concerns that occur when outsourcing to a Public Cloud. Our goal is to enhance the two state-of-the-art algorithms for MapReduce matrix multiplication with privacy guarantees such as: none of the nodes storing an input matrix can learn the other input matrix or the output matrix, and moreover, none of the nodes computing an intermediate result can learn the input or the output matrices. To achieve our goal, we rely on the well-known Paillier's cryptosystem and we use its partially homomorphic property to develop efficient algorithms that satisfy our problem statement. We develop two different approaches called Secure-Private (SP) and Collision-Resistant-Secure-Private (CRSP), and compare their trade-offs with respect to three fundamental criteria: computation cost, communication cost, and privacy guarantees. Finally, we give security proofs of our protocols.
In Kee Kim - One of the best experts on this subject based on the ideXlab platform.
-
UCC - Comprehensive Elastic Resource Management to Ensure Predictable Performance for Scientific Applications on Public IaaS Clouds
2014 IEEE ACM 7th International Conference on Utility and Cloud Computing, 2014Co-Authors: In Kee Kim, Jacob Steele, Marty HumphreyAbstract:Scientists have become increasingly reliant on large-scale compute resources on Public IaaS Clouds to efficiently process their applications. Unfortunately, the reactive nature of auto-scaling techniques made available by the Public Cloud Provider can cause insufficient response time and poor job deadline satisfaction rates. To solve these problems, we designed an end-to-end elastic resource management system for scientific applications on Public IaaS Clouds. This system employs the following strategies: 1) an accurate and dynamic job execution time predictor, 2) a resource evaluation scheme that balances cost and performance, and 3) an "availability-aware" job scheduling algorithm. This comprehensive system is deployed on Amazon Web Services and is compared with other state-of-the-art resource management schemes. Experimental results show that our system achieves a 9%--32% improvement with respect to the deadline satisfaction rate over other schemes. We achieve this deadline satisfaction rate improvement while still providing improved cost-efficiency over other state-of-the-art approaches.
