MACS Project Meeting, March 2016

Date:
Thursday, March 17, 2016

Location:
Boston University, Hariri seminar room

Schedule:

Abstracts for postdoc talks:

Malte Schwarzkopf, Musketeer: all for one, one for all in cloud data processing systems

Many systems for the parallel processing of “big data” are available today. Yet, few users can tell by intuition which system, or combination of systems, is best for a given workflow. Porting workflows between systems is tedious, making manual exploration costly. Hence, users become “locked in” with a system, even if faster or more efficient
systems are available. This is a consequence of the tight coupling between user-facing front-ends that express workflows (e.g., Hive, SparkSQL, Lindi, GraphLINQ) and the back-end execution engines that execute them in parallel (e.g., MapReduce, Spark, PowerGraph, Naiad).

In this talk, I will present Musketeer, a system that decouples the ways workflows are defined from the manner in which they are executed. Musketeer dynamically maps front-end workflow descriptions to many different back-end execution engines. Musketeer currently supports four high-level query languages and generates code for seven popular data processing systems. Its generated code achieves performance that is on-par with time-consuming hand-written implementations.

I will also briefly talk about some of the impact this work has had since it first appeared at EuroSys 2015, and discuss current ongoing further research spawned by it.

Yossi Gilad, CDN on Demand: An Affordable DDoS Defense over Untrusted IaaS Clouds

We present CDN-on-Demand, a software-based defense that administrators of small to medium websites install to resist powerful DDoS attacks with a fraction of the cost of comparable commercial CDN services. Upon excessive load, CDN-on-Demand serves clients from a scalable set of proxies that it automatically deploys on multiple IaaS clouds. CDN-on-Demand can use less expensive and less trusted clouds to minimize costs. This is facilitated by the clientless secure-objects, which is a new mechanism we present. This mechanism avoids trusting the hosts with private keys or user-data, yet does not require installing new client programs. CDN-on-Demand also introduces the origin-connectivity mechanism, which ensures that essential communication with the content-origin is possible even in case of severe DoS attacks. Once installed CDN-on-Demand is completely automated and transparent, i.e., it does not introduce changes to web-server configuration or website content. We implement CDN-on-Demand and evaluate each component separately as well as the complete system.

Georgios Kellaris, Accessing Data while Preserving Privacy

We initiate a formal research of the privacy-efficiency tradeoff of secure database systems. Such systems, such as CryptDB and Cipher-base, try to mitigate the high costs of full-fledged cryptographic solutions by relaxing the security guarantees they provide. We provide abstract models that capture the basic properties of these systems and identify their fundamental leakage channels. These models allow performing a generic and implementation independent investigation of the inherent tradeoffs between security and efficiency. In particular, this modeling allows us in some cases to devise generic reconstruction attacks where the server learns the secret attributes of every record stored in the database, pointing to inherent limitations of these models.

We present a new model of differentially private storage where differential privacy is preserved even against an attacker that controls the data and the queries made to it. We give a generic construction of differentially private storage that combines ORAM and differentially private sanitizers. We also provide efficient constructions and lower bounds for some specific query sets. We have implemented some of our algorithms, and report on their efficiency.

Georgios Kellaris with George Kollios, Kobbi Nissim, and Adam O’Neill