SafeDB: Spark acceleration on FPGA clouds with enclaved data processing and bitstream protection

Han Yee Kim, Rohyoung Myung, Boeui Hong, Heonchang Yu, Taeweon Suh, Lei Xu, Weidong Shi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

This paper proposes SafeDB: Spark Acceleration on FPGA Clouds with Enclaved Data Processing and Bitstream Protection. SafeDB provides a comprehensive and systematic hardware-based security framework from the bitstream protection to data confidentiality, especially for the cloud environment. The AES key shared between FPGA and client for the bitstream encryption is generated in hard-wired logic using PKI and ECC. The data security is assured by the enclaved processing with encrypted data, meaning that the encrypted data is processed inside the FPGA fabric. Thus, no one in the system is able to look into clients' data because plaintext data are not exposed to memory and/or memory-mapped space. SafeDB is resistant not only to the side channel attack but to the attacks from malicious insiders. We have constructed an 8-node cluster prototype with Zynq UltraScale+ FPGAs to demonstrate the security, performance, and practicability.

Original languageEnglish
Title of host publicationProceedings - 2019 IEEE International Conference on Cloud Computing, CLOUD 2019 - Part of the 2019 IEEE World Congress on Services
EditorsElisa Bertino, Carl K. Chang, Peter Chen, Ernesto Damiani, Michael Goul, Katsunori Oyama
PublisherIEEE Computer Society
Pages107-114
Number of pages8
ISBN (Electronic)9781728127057
DOIs
Publication statusPublished - 2019 Jul 1
Event12th IEEE International Conference on Cloud Computing, CLOUD 2019 - Milan, Italy
Duration: 2019 Jul 82019 Jul 13

Publication series

NameIEEE International Conference on Cloud Computing, CLOUD
Volume2019-July
ISSN (Print)2159-6182
ISSN (Electronic)2159-6190

Conference

Conference12th IEEE International Conference on Cloud Computing, CLOUD 2019
CountryItaly
CityMilan
Period19/7/819/7/13

Fingerprint

Electric sparks
Field programmable gate arrays (FPGA)
Data storage equipment
Security of data
Cryptography
Processing

Keywords

  • Bitstream protection
  • Enclaved dataprocessing
  • FPGA as a service
  • Spark big data processing

ASJC Scopus subject areas

  • Artificial Intelligence
  • Information Systems
  • Software

Cite this

Kim, H. Y., Myung, R., Hong, B., Yu, H., Suh, T., Xu, L., & Shi, W. (2019). SafeDB: Spark acceleration on FPGA clouds with enclaved data processing and bitstream protection. In E. Bertino, C. K. Chang, P. Chen, E. Damiani, M. Goul, & K. Oyama (Eds.), Proceedings - 2019 IEEE International Conference on Cloud Computing, CLOUD 2019 - Part of the 2019 IEEE World Congress on Services (pp. 107-114). [8814561] (IEEE International Conference on Cloud Computing, CLOUD; Vol. 2019-July). IEEE Computer Society. https://doi.org/10.1109/CLOUD.2019.00029

SafeDB : Spark acceleration on FPGA clouds with enclaved data processing and bitstream protection. / Kim, Han Yee; Myung, Rohyoung; Hong, Boeui; Yu, Heonchang; Suh, Taeweon; Xu, Lei; Shi, Weidong.

Proceedings - 2019 IEEE International Conference on Cloud Computing, CLOUD 2019 - Part of the 2019 IEEE World Congress on Services. ed. / Elisa Bertino; Carl K. Chang; Peter Chen; Ernesto Damiani; Michael Goul; Katsunori Oyama. IEEE Computer Society, 2019. p. 107-114 8814561 (IEEE International Conference on Cloud Computing, CLOUD; Vol. 2019-July).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kim, HY, Myung, R, Hong, B, Yu, H, Suh, T, Xu, L & Shi, W 2019, SafeDB: Spark acceleration on FPGA clouds with enclaved data processing and bitstream protection. in E Bertino, CK Chang, P Chen, E Damiani, M Goul & K Oyama (eds), Proceedings - 2019 IEEE International Conference on Cloud Computing, CLOUD 2019 - Part of the 2019 IEEE World Congress on Services., 8814561, IEEE International Conference on Cloud Computing, CLOUD, vol. 2019-July, IEEE Computer Society, pp. 107-114, 12th IEEE International Conference on Cloud Computing, CLOUD 2019, Milan, Italy, 19/7/8. https://doi.org/10.1109/CLOUD.2019.00029
Kim HY, Myung R, Hong B, Yu H, Suh T, Xu L et al. SafeDB: Spark acceleration on FPGA clouds with enclaved data processing and bitstream protection. In Bertino E, Chang CK, Chen P, Damiani E, Goul M, Oyama K, editors, Proceedings - 2019 IEEE International Conference on Cloud Computing, CLOUD 2019 - Part of the 2019 IEEE World Congress on Services. IEEE Computer Society. 2019. p. 107-114. 8814561. (IEEE International Conference on Cloud Computing, CLOUD). https://doi.org/10.1109/CLOUD.2019.00029
Kim, Han Yee ; Myung, Rohyoung ; Hong, Boeui ; Yu, Heonchang ; Suh, Taeweon ; Xu, Lei ; Shi, Weidong. / SafeDB : Spark acceleration on FPGA clouds with enclaved data processing and bitstream protection. Proceedings - 2019 IEEE International Conference on Cloud Computing, CLOUD 2019 - Part of the 2019 IEEE World Congress on Services. editor / Elisa Bertino ; Carl K. Chang ; Peter Chen ; Ernesto Damiani ; Michael Goul ; Katsunori Oyama. IEEE Computer Society, 2019. pp. 107-114 (IEEE International Conference on Cloud Computing, CLOUD).
@inproceedings{0cc7e879189242329d126adfba2e4aa8,
title = "SafeDB: Spark acceleration on FPGA clouds with enclaved data processing and bitstream protection",
abstract = "This paper proposes SafeDB: Spark Acceleration on FPGA Clouds with Enclaved Data Processing and Bitstream Protection. SafeDB provides a comprehensive and systematic hardware-based security framework from the bitstream protection to data confidentiality, especially for the cloud environment. The AES key shared between FPGA and client for the bitstream encryption is generated in hard-wired logic using PKI and ECC. The data security is assured by the enclaved processing with encrypted data, meaning that the encrypted data is processed inside the FPGA fabric. Thus, no one in the system is able to look into clients' data because plaintext data are not exposed to memory and/or memory-mapped space. SafeDB is resistant not only to the side channel attack but to the attacks from malicious insiders. We have constructed an 8-node cluster prototype with Zynq UltraScale+ FPGAs to demonstrate the security, performance, and practicability.",
keywords = "Bitstream protection, Enclaved dataprocessing, FPGA as a service, Spark big data processing",
author = "Kim, {Han Yee} and Rohyoung Myung and Boeui Hong and Heonchang Yu and Taeweon Suh and Lei Xu and Weidong Shi",
year = "2019",
month = "7",
day = "1",
doi = "10.1109/CLOUD.2019.00029",
language = "English",
series = "IEEE International Conference on Cloud Computing, CLOUD",
publisher = "IEEE Computer Society",
pages = "107--114",
editor = "Elisa Bertino and Chang, {Carl K.} and Peter Chen and Ernesto Damiani and Michael Goul and Katsunori Oyama",
booktitle = "Proceedings - 2019 IEEE International Conference on Cloud Computing, CLOUD 2019 - Part of the 2019 IEEE World Congress on Services",

}

TY - GEN

T1 - SafeDB

T2 - Spark acceleration on FPGA clouds with enclaved data processing and bitstream protection

AU - Kim, Han Yee

AU - Myung, Rohyoung

AU - Hong, Boeui

AU - Yu, Heonchang

AU - Suh, Taeweon

AU - Xu, Lei

AU - Shi, Weidong

PY - 2019/7/1

Y1 - 2019/7/1

N2 - This paper proposes SafeDB: Spark Acceleration on FPGA Clouds with Enclaved Data Processing and Bitstream Protection. SafeDB provides a comprehensive and systematic hardware-based security framework from the bitstream protection to data confidentiality, especially for the cloud environment. The AES key shared between FPGA and client for the bitstream encryption is generated in hard-wired logic using PKI and ECC. The data security is assured by the enclaved processing with encrypted data, meaning that the encrypted data is processed inside the FPGA fabric. Thus, no one in the system is able to look into clients' data because plaintext data are not exposed to memory and/or memory-mapped space. SafeDB is resistant not only to the side channel attack but to the attacks from malicious insiders. We have constructed an 8-node cluster prototype with Zynq UltraScale+ FPGAs to demonstrate the security, performance, and practicability.

AB - This paper proposes SafeDB: Spark Acceleration on FPGA Clouds with Enclaved Data Processing and Bitstream Protection. SafeDB provides a comprehensive and systematic hardware-based security framework from the bitstream protection to data confidentiality, especially for the cloud environment. The AES key shared between FPGA and client for the bitstream encryption is generated in hard-wired logic using PKI and ECC. The data security is assured by the enclaved processing with encrypted data, meaning that the encrypted data is processed inside the FPGA fabric. Thus, no one in the system is able to look into clients' data because plaintext data are not exposed to memory and/or memory-mapped space. SafeDB is resistant not only to the side channel attack but to the attacks from malicious insiders. We have constructed an 8-node cluster prototype with Zynq UltraScale+ FPGAs to demonstrate the security, performance, and practicability.

KW - Bitstream protection

KW - Enclaved dataprocessing

KW - FPGA as a service

KW - Spark big data processing

UR - http://www.scopus.com/inward/record.url?scp=85072336009&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85072336009&partnerID=8YFLogxK

U2 - 10.1109/CLOUD.2019.00029

DO - 10.1109/CLOUD.2019.00029

M3 - Conference contribution

AN - SCOPUS:85072336009

T3 - IEEE International Conference on Cloud Computing, CLOUD

SP - 107

EP - 114

BT - Proceedings - 2019 IEEE International Conference on Cloud Computing, CLOUD 2019 - Part of the 2019 IEEE World Congress on Services

A2 - Bertino, Elisa

A2 - Chang, Carl K.

A2 - Chen, Peter

A2 - Damiani, Ernesto

A2 - Goul, Michael

A2 - Oyama, Katsunori

PB - IEEE Computer Society

ER -