SafeDB: Spark acceleration on FPGA clouds with enclaved data processing and bitstream protection

Han Yee Kim; Rohyoung Myung; Boeui Hong; Heonchang Yu; Taeweon Suh; Lei Xu; Weidong Shi

doi:10.1109/CLOUD.2019.00029

SafeDB: Spark acceleration on FPGA clouds with enclaved data processing and bitstream protection

Han Yee Kim, Rohyoung Myung, Boeui Hong, Heonchang Yu, Taeweon Suh, Lei Xu, Weidong Shi

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Citations (Scopus)

Abstract

This paper proposes SafeDB: Spark Acceleration on FPGA Clouds with Enclaved Data Processing and Bitstream Protection. SafeDB provides a comprehensive and systematic hardware-based security framework from the bitstream protection to data confidentiality, especially for the cloud environment. The AES key shared between FPGA and client for the bitstream encryption is generated in hard-wired logic using PKI and ECC. The data security is assured by the enclaved processing with encrypted data, meaning that the encrypted data is processed inside the FPGA fabric. Thus, no one in the system is able to look into clients' data because plaintext data are not exposed to memory and/or memory-mapped space. SafeDB is resistant not only to the side channel attack but to the attacks from malicious insiders. We have constructed an 8-node cluster prototype with Zynq UltraScale+ FPGAs to demonstrate the security, performance, and practicability.

Original language	English
Title of host publication	Proceedings - 2019 IEEE International Conference on Cloud Computing, CLOUD 2019 - Part of the 2019 IEEE World Congress on Services
Editors	Elisa Bertino, Carl K. Chang, Peter Chen, Ernesto Damiani, Michael Goul, Katsunori Oyama
Publisher	IEEE Computer Society
Pages	107-114
Number of pages	8
ISBN (Electronic)	9781728127057
DOIs	https://doi.org/10.1109/CLOUD.2019.00029
Publication status	Published - 2019 Jul
Event	12th IEEE International Conference on Cloud Computing, CLOUD 2019 - Milan, Italy Duration: 2019 Jul 8 → 2019 Jul 13

Publication series

Name	IEEE International Conference on Cloud Computing, CLOUD
Volume	2019-July
ISSN (Print)	2159-6182
ISSN (Electronic)	2159-6190

Conference

Conference	12th IEEE International Conference on Cloud Computing, CLOUD 2019
Country/Territory	Italy
City	Milan
Period	19/7/8 → 19/7/13

Keywords

Bitstream protection
Enclaved dataprocessing
FPGA as a service
Spark big data processing

ASJC Scopus subject areas

Artificial Intelligence
Information Systems
Software

Access to Document

10.1109/CLOUD.2019.00029

Cite this

Kim, H. Y., Myung, R., Hong, B., Yu, H., Suh, T., Xu, L., & Shi, W. (2019). SafeDB: Spark acceleration on FPGA clouds with enclaved data processing and bitstream protection. In E. Bertino, C. K. Chang, P. Chen, E. Damiani, M. Goul, & K. Oyama (Eds.), Proceedings - 2019 IEEE International Conference on Cloud Computing, CLOUD 2019 - Part of the 2019 IEEE World Congress on Services (pp. 107-114). [8814561] (IEEE International Conference on Cloud Computing, CLOUD; Vol. 2019-July). IEEE Computer Society. https://doi.org/10.1109/CLOUD.2019.00029

SafeDB : Spark acceleration on FPGA clouds with enclaved data processing and bitstream protection. / Kim, Han Yee; Myung, Rohyoung; Hong, Boeui et al.

Proceedings - 2019 IEEE International Conference on Cloud Computing, CLOUD 2019 - Part of the 2019 IEEE World Congress on Services. ed. / Elisa Bertino; Carl K. Chang; Peter Chen; Ernesto Damiani; Michael Goul; Katsunori Oyama. IEEE Computer Society, 2019. p. 107-114 8814561 (IEEE International Conference on Cloud Computing, CLOUD; Vol. 2019-July).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kim, HY, Myung, R, Hong, B, Yu, H , Suh, T, Xu, L & Shi, W 2019, SafeDB: Spark acceleration on FPGA clouds with enclaved data processing and bitstream protection. in E Bertino, CK Chang, P Chen, E Damiani, M Goul & K Oyama (eds), Proceedings - 2019 IEEE International Conference on Cloud Computing, CLOUD 2019 - Part of the 2019 IEEE World Congress on Services., 8814561, IEEE International Conference on Cloud Computing, CLOUD, vol. 2019-July, IEEE Computer Society, pp. 107-114, 12th IEEE International Conference on Cloud Computing, CLOUD 2019, Milan, Italy, 19/7/8. https://doi.org/10.1109/CLOUD.2019.00029

Kim HY, Myung R, Hong B, Yu H , Suh T, Xu L et al. SafeDB: Spark acceleration on FPGA clouds with enclaved data processing and bitstream protection. In Bertino E, Chang CK, Chen P, Damiani E, Goul M, Oyama K, editors, Proceedings - 2019 IEEE International Conference on Cloud Computing, CLOUD 2019 - Part of the 2019 IEEE World Congress on Services. IEEE Computer Society. 2019. p. 107-114. 8814561. (IEEE International Conference on Cloud Computing, CLOUD). https://doi.org/10.1109/CLOUD.2019.00029

Kim, Han Yee ; Myung, Rohyoung ; Hong, Boeui et al. / SafeDB : Spark acceleration on FPGA clouds with enclaved data processing and bitstream protection. Proceedings - 2019 IEEE International Conference on Cloud Computing, CLOUD 2019 - Part of the 2019 IEEE World Congress on Services. editor / Elisa Bertino ; Carl K. Chang ; Peter Chen ; Ernesto Damiani ; Michael Goul ; Katsunori Oyama. IEEE Computer Society, 2019. pp. 107-114 (IEEE International Conference on Cloud Computing, CLOUD).

@inproceedings{0cc7e879189242329d126adfba2e4aa8,

title = "SafeDB: Spark acceleration on FPGA clouds with enclaved data processing and bitstream protection",

abstract = "This paper proposes SafeDB: Spark Acceleration on FPGA Clouds with Enclaved Data Processing and Bitstream Protection. SafeDB provides a comprehensive and systematic hardware-based security framework from the bitstream protection to data confidentiality, especially for the cloud environment. The AES key shared between FPGA and client for the bitstream encryption is generated in hard-wired logic using PKI and ECC. The data security is assured by the enclaved processing with encrypted data, meaning that the encrypted data is processed inside the FPGA fabric. Thus, no one in the system is able to look into clients' data because plaintext data are not exposed to memory and/or memory-mapped space. SafeDB is resistant not only to the side channel attack but to the attacks from malicious insiders. We have constructed an 8-node cluster prototype with Zynq UltraScale+ FPGAs to demonstrate the security, performance, and practicability.",

keywords = "Bitstream protection, Enclaved dataprocessing, FPGA as a service, Spark big data processing",

author = "Kim, {Han Yee} and Rohyoung Myung and Boeui Hong and Heonchang Yu and Taeweon Suh and Lei Xu and Weidong Shi",

note = "Funding Information: ACKNOWLEDGMENT This work was partially supported by Institute of Information & communications Technology Planning & Evaluation (IITP) grant funded by the Korea government(MSIT) (No.2019-0-00533, Research on CPU vulnerability detection and validation). *Correspondence to: Taeweon Suh. Funding Information: This work was partially supported by Institute of Information &communications Technology Planning &Evaluation (IITP) grant funded by the Korea government(MSIT) (No.2019-0-00533, Research on CPU vulnerability detection and validation). Publisher Copyright: {\textcopyright} 2019 IEEE.; 12th IEEE International Conference on Cloud Computing, CLOUD 2019 ; Conference date: 08-07-2019 Through 13-07-2019",

year = "2019",

month = jul,

doi = "10.1109/CLOUD.2019.00029",

language = "English",

series = "IEEE International Conference on Cloud Computing, CLOUD",

publisher = "IEEE Computer Society",

pages = "107--114",

editor = "Elisa Bertino and Chang, {Carl K.} and Peter Chen and Ernesto Damiani and Michael Goul and Katsunori Oyama",

booktitle = "Proceedings - 2019 IEEE International Conference on Cloud Computing, CLOUD 2019 - Part of the 2019 IEEE World Congress on Services",

}

TY - GEN

T1 - SafeDB

T2 - 12th IEEE International Conference on Cloud Computing, CLOUD 2019

AU - Kim, Han Yee

AU - Myung, Rohyoung

AU - Hong, Boeui

AU - Yu, Heonchang

AU - Suh, Taeweon

AU - Xu, Lei

AU - Shi, Weidong

N1 - Funding Information: ACKNOWLEDGMENT This work was partially supported by Institute of Information & communications Technology Planning & Evaluation (IITP) grant funded by the Korea government(MSIT) (No.2019-0-00533, Research on CPU vulnerability detection and validation). *Correspondence to: Taeweon Suh. Funding Information: This work was partially supported by Institute of Information &communications Technology Planning &Evaluation (IITP) grant funded by the Korea government(MSIT) (No.2019-0-00533, Research on CPU vulnerability detection and validation). Publisher Copyright: © 2019 IEEE.

PY - 2019/7

Y1 - 2019/7

N2 - This paper proposes SafeDB: Spark Acceleration on FPGA Clouds with Enclaved Data Processing and Bitstream Protection. SafeDB provides a comprehensive and systematic hardware-based security framework from the bitstream protection to data confidentiality, especially for the cloud environment. The AES key shared between FPGA and client for the bitstream encryption is generated in hard-wired logic using PKI and ECC. The data security is assured by the enclaved processing with encrypted data, meaning that the encrypted data is processed inside the FPGA fabric. Thus, no one in the system is able to look into clients' data because plaintext data are not exposed to memory and/or memory-mapped space. SafeDB is resistant not only to the side channel attack but to the attacks from malicious insiders. We have constructed an 8-node cluster prototype with Zynq UltraScale+ FPGAs to demonstrate the security, performance, and practicability.

AB - This paper proposes SafeDB: Spark Acceleration on FPGA Clouds with Enclaved Data Processing and Bitstream Protection. SafeDB provides a comprehensive and systematic hardware-based security framework from the bitstream protection to data confidentiality, especially for the cloud environment. The AES key shared between FPGA and client for the bitstream encryption is generated in hard-wired logic using PKI and ECC. The data security is assured by the enclaved processing with encrypted data, meaning that the encrypted data is processed inside the FPGA fabric. Thus, no one in the system is able to look into clients' data because plaintext data are not exposed to memory and/or memory-mapped space. SafeDB is resistant not only to the side channel attack but to the attacks from malicious insiders. We have constructed an 8-node cluster prototype with Zynq UltraScale+ FPGAs to demonstrate the security, performance, and practicability.

KW - Bitstream protection

KW - Enclaved dataprocessing

KW - FPGA as a service

KW - Spark big data processing

UR - http://www.scopus.com/inward/record.url?scp=85072336009&partnerID=8YFLogxK

U2 - 10.1109/CLOUD.2019.00029

DO - 10.1109/CLOUD.2019.00029

M3 - Conference contribution

AN - SCOPUS:85072336009

T3 - IEEE International Conference on Cloud Computing, CLOUD

SP - 107

EP - 114

BT - Proceedings - 2019 IEEE International Conference on Cloud Computing, CLOUD 2019 - Part of the 2019 IEEE World Congress on Services

A2 - Bertino, Elisa

A2 - Chang, Carl K.

A2 - Chen, Peter

A2 - Damiani, Ernesto

A2 - Goul, Michael

A2 - Oyama, Katsunori

PB - IEEE Computer Society

Y2 - 8 July 2019 through 13 July 2019

ER -

SafeDB: Spark acceleration on FPGA clouds with enclaved data processing and bitstream protection

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this