TY - GEN
T1 - SafeDB
T2 - 12th IEEE International Conference on Cloud Computing, CLOUD 2019
AU - Kim, Han Yee
AU - Myung, Rohyoung
AU - Hong, Boeui
AU - Yu, Heonchang
AU - Suh, Taeweon
AU - Xu, Lei
AU - Shi, Weidong
N1 - Funding Information:
ACKNOWLEDGMENT This work was partially supported by Institute of Information & communications Technology Planning & Evaluation (IITP) grant funded by the Korea government(MSIT) (No.2019-0-00533, Research on CPU vulnerability detection and validation). *Correspondence to: Taeweon Suh.
PY - 2019/7
Y1 - 2019/7
N2 - This paper proposes SafeDB: Spark Acceleration on FPGA Clouds with Enclaved Data Processing and Bitstream Protection. SafeDB provides a comprehensive and systematic hardware-based security framework from the bitstream protection to data confidentiality, especially for the cloud environment. The AES key shared between FPGA and client for the bitstream encryption is generated in hard-wired logic using PKI and ECC. The data security is assured by the enclaved processing with encrypted data, meaning that the encrypted data is processed inside the FPGA fabric. Thus, no one in the system is able to look into clients' data because plaintext data are not exposed to memory and/or memory-mapped space. SafeDB is resistant not only to the side channel attack but to the attacks from malicious insiders. We have constructed an 8-node cluster prototype with Zynq UltraScale+ FPGAs to demonstrate the security, performance, and practicability.
AB - This paper proposes SafeDB: Spark Acceleration on FPGA Clouds with Enclaved Data Processing and Bitstream Protection. SafeDB provides a comprehensive and systematic hardware-based security framework from the bitstream protection to data confidentiality, especially for the cloud environment. The AES key shared between FPGA and client for the bitstream encryption is generated in hard-wired logic using PKI and ECC. The data security is assured by the enclaved processing with encrypted data, meaning that the encrypted data is processed inside the FPGA fabric. Thus, no one in the system is able to look into clients' data because plaintext data are not exposed to memory and/or memory-mapped space. SafeDB is resistant not only to the side channel attack but to the attacks from malicious insiders. We have constructed an 8-node cluster prototype with Zynq UltraScale+ FPGAs to demonstrate the security, performance, and practicability.
KW - Bitstream protection
KW - Enclaved dataprocessing
KW - FPGA as a service
KW - Spark big data processing
UR - http://www.scopus.com/inward/record.url?scp=85072336009&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85072336009&partnerID=8YFLogxK
U2 - 10.1109/CLOUD.2019.00029
DO - 10.1109/CLOUD.2019.00029
M3 - Conference contribution
AN - SCOPUS:85072336009
T3 - IEEE International Conference on Cloud Computing, CLOUD
SP - 107
EP - 114
BT - Proceedings - 2019 IEEE International Conference on Cloud Computing, CLOUD 2019 - Part of the 2019 IEEE World Congress on Services
A2 - Bertino, Elisa
A2 - Chang, Carl K.
A2 - Chen, Peter
A2 - Damiani, Ernesto
A2 - Goul, Michael
A2 - Oyama, Katsunori
PB - IEEE Computer Society
Y2 - 8 July 2019 through 13 July 2019
ER -