Abstract
This paper proposes SafeDB: Spark Acceleration on FPGA Clouds with Enclaved Data Processing and Bitstream Protection. SafeDB provides a comprehensive and systematic hardware-based security framework from the bitstream protection to data confidentiality, especially for the cloud environment. The AES key shared between FPGA and client for the bitstream encryption is generated in hard-wired logic using PKI and ECC. The data security is assured by the enclaved processing with encrypted data, meaning that the encrypted data is processed inside the FPGA fabric. Thus, no one in the system is able to look into clients' data because plaintext data are not exposed to memory and/or memory-mapped space. SafeDB is resistant not only to the side channel attack but to the attacks from malicious insiders. We have constructed an 8-node cluster prototype with Zynq UltraScale+ FPGAs to demonstrate the security, performance, and practicability.
| Original language | English |
|---|---|
| Title of host publication | Proceedings - 2019 IEEE International Conference on Cloud Computing, CLOUD 2019 - Part of the 2019 IEEE World Congress on Services |
| Editors | Elisa Bertino, Carl K. Chang, Peter Chen, Ernesto Damiani, Michael Goul, Katsunori Oyama |
| Publisher | IEEE Computer Society |
| Pages | 107-114 |
| Number of pages | 8 |
| ISBN (Electronic) | 9781728127057 |
| DOIs | |
| Publication status | Published - 2019 Jul 1 |
| Event | 12th IEEE International Conference on Cloud Computing, CLOUD 2019 - Milan, Italy Duration: 2019 Jul 8 → 2019 Jul 13 |
Publication series
| Name | IEEE International Conference on Cloud Computing, CLOUD |
|---|---|
| Volume | 2019-July |
| ISSN (Print) | 2159-6182 |
| ISSN (Electronic) | 2159-6190 |
Conference
| Conference | 12th IEEE International Conference on Cloud Computing, CLOUD 2019 |
|---|---|
| Country | Italy |
| City | Milan |
| Period | 19/7/8 → 19/7/13 |
Fingerprint
Keywords
- Bitstream protection
- Enclaved dataprocessing
- FPGA as a service
- Spark big data processing
ASJC Scopus subject areas
- Artificial Intelligence
- Information Systems
- Software
Cite this
SafeDB : Spark acceleration on FPGA clouds with enclaved data processing and bitstream protection. / Kim, Han Yee; Myung, Rohyoung; Hong, Boeui; Yu, Heonchang; Suh, Taeweon; Xu, Lei; Shi, Weidong.
Proceedings - 2019 IEEE International Conference on Cloud Computing, CLOUD 2019 - Part of the 2019 IEEE World Congress on Services. ed. / Elisa Bertino; Carl K. Chang; Peter Chen; Ernesto Damiani; Michael Goul; Katsunori Oyama. IEEE Computer Society, 2019. p. 107-114 8814561 (IEEE International Conference on Cloud Computing, CLOUD; Vol. 2019-July).Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
}
TY - GEN
T1 - SafeDB
T2 - Spark acceleration on FPGA clouds with enclaved data processing and bitstream protection
AU - Kim, Han Yee
AU - Myung, Rohyoung
AU - Hong, Boeui
AU - Yu, Heonchang
AU - Suh, Taeweon
AU - Xu, Lei
AU - Shi, Weidong
PY - 2019/7/1
Y1 - 2019/7/1
N2 - This paper proposes SafeDB: Spark Acceleration on FPGA Clouds with Enclaved Data Processing and Bitstream Protection. SafeDB provides a comprehensive and systematic hardware-based security framework from the bitstream protection to data confidentiality, especially for the cloud environment. The AES key shared between FPGA and client for the bitstream encryption is generated in hard-wired logic using PKI and ECC. The data security is assured by the enclaved processing with encrypted data, meaning that the encrypted data is processed inside the FPGA fabric. Thus, no one in the system is able to look into clients' data because plaintext data are not exposed to memory and/or memory-mapped space. SafeDB is resistant not only to the side channel attack but to the attacks from malicious insiders. We have constructed an 8-node cluster prototype with Zynq UltraScale+ FPGAs to demonstrate the security, performance, and practicability.
AB - This paper proposes SafeDB: Spark Acceleration on FPGA Clouds with Enclaved Data Processing and Bitstream Protection. SafeDB provides a comprehensive and systematic hardware-based security framework from the bitstream protection to data confidentiality, especially for the cloud environment. The AES key shared between FPGA and client for the bitstream encryption is generated in hard-wired logic using PKI and ECC. The data security is assured by the enclaved processing with encrypted data, meaning that the encrypted data is processed inside the FPGA fabric. Thus, no one in the system is able to look into clients' data because plaintext data are not exposed to memory and/or memory-mapped space. SafeDB is resistant not only to the side channel attack but to the attacks from malicious insiders. We have constructed an 8-node cluster prototype with Zynq UltraScale+ FPGAs to demonstrate the security, performance, and practicability.
KW - Bitstream protection
KW - Enclaved dataprocessing
KW - FPGA as a service
KW - Spark big data processing
UR - http://www.scopus.com/inward/record.url?scp=85072336009&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85072336009&partnerID=8YFLogxK
U2 - 10.1109/CLOUD.2019.00029
DO - 10.1109/CLOUD.2019.00029
M3 - Conference contribution
AN - SCOPUS:85072336009
T3 - IEEE International Conference on Cloud Computing, CLOUD
SP - 107
EP - 114
BT - Proceedings - 2019 IEEE International Conference on Cloud Computing, CLOUD 2019 - Part of the 2019 IEEE World Congress on Services
A2 - Bertino, Elisa
A2 - Chang, Carl K.
A2 - Chen, Peter
A2 - Damiani, Ernesto
A2 - Goul, Michael
A2 - Oyama, Katsunori
PB - IEEE Computer Society
ER -