skip to main content
10.1145/3019612.3019654acmconferencesArticle/Chapter ViewAbstractPublication PagessacConference Proceedingsconference-collections
research-article

Evidence-based security configurations for cloud datastores

Published: 03 April 2017 Publication History

Abstract

Cloud systems offer a diversity of security mechanisms with potentially complex configuration options. So far, security engineering has focused on achievable security levels, but not on the costs associated with a specific security mechanism and its configuration. Through a series of experiments with a variety of cloud datastores conducted over the last years, we gained substantial knowledge on how one desired quality like security can have a significant impact on other system qualities like performance. In this paper, we report on select findings related to security-performance trade-offs for three prominent cloud datastores, focusing on data in transit encryption, and propose a simple, structured approach for making trade-off decisions based on factual evidence gained through experimentation. Our approach allows to rationally reason about security trade-offs.

References

[1]
D. Abadi. Consistency tradeoffs in modern distributed database system design: CAP is only part of the story. IEEE Computer, 45(2):37--42, 2012.
[2]
R. Anderson and T. Moore. The economics of information security. Science, 314(5799):610--613, 2006.
[3]
Apache Software Foundation. Apache HBase reference guide, 2016. https://hbase.apache.org/book.html#security.example.config.
[4]
A. Beautement, S. Parkin, I. Becker, K. Krol, and A. Sasse. Productive security: A scalable methodology for analysing employee security behaviours. In 12th Symposium on Usable Privacy and Security (SOUPS), 2016.
[5]
A. Beautement, M. A. Sasse, and M. Wonham. The compliance budget: Managing security behaviour in organisations. In Proceedings of the workshop on ew security paradigms (NSPW), pages 47--58. ACM, 2009.
[6]
D. Bermbach. Benchmarking Eventually Consistent Distributed Storage Systems. PhD thesis, Karlsruhe Institute of Technology, 2014.
[7]
D. Bermbach, J. Kuhlenkamp, B. Derre, M. Klems, and S. Tai. A middleware guaranteeing client-centric consistency on top of eventually consistent datastores. In Proceedings of the 1st International Conference on Cloud Engineering (IC2E), pages 114--123. IEEE, 2013.
[8]
D. Bermbach and S. Tai. Eventual consistency: How soon is eventual? An evaluation of amazon s3's consistency behavior. In Proceedings of the 6th Workshop on Middleware for Service Oriented Computing (MW4SOC), MW4SOC '11, pages 1:1--1:6. ACM, 2011.
[9]
D. Bermbach and S. Tai. Benchmarking eventual consistency: Lessons learned from long-term experimental studies. In Proceedings of the 2nd International Conference on Cloud Engineering (IC2E), pages 47--56. IEEE, 2014.
[10]
D. Bermbach and E. Wittern. Benchmarking web api quality. In Proceedings of the 16th International Conference on Web Engineering (ICWE), pages 188--206. Springer, 2016.
[11]
D. Bermbach, E. Wittern, and S. Tai. Cloud Service Benchmarking. Springer, 2017.
[12]
D. Bermbach, L. Zhao, and S. Sakr. Towards comprehensive measurement of consistency guarantees for cloud-hosted data storage services. In R. Nambiar and M. Poess, editors, Performance Characterization and Benchmarking, volume 8391 of Lecture Notes in Computer Science, pages 32--47. Springer, 2014.
[13]
F. Bjorck. Institutional theory: A new perspective for research into is/it security in organisations. In Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS), 2004.
[14]
R. Böhme. Security metrics and security investment models. In International Workshop on Security (IWSEC), pages 10--24. Springer, 2010.
[15]
H. Cavusoglu, S. Raghunathan, and H. Cavusoglu. Configuration of and interaction between information security technologies: The case of firewalls and intrusion detection systems. Information Systems Research, 20(2):198--217, 2009.
[16]
F. Chang, J. Dean, S. Ghemawat, W. C. Hsieh, D. A. Wallach, M. Burrows, T. Chandra, A. Fikes, and R. E. Gruber. Bigtable: A distributed storage system for structured data. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation (OSDI), OSDI '06, pages 205--218, Berkeley, CA, USA, 2006. USENIX Association.
[17]
B. F. Cooper, A. Silberstein, E. Tam, R. Ramakrishnan, and R. Sears. Benchmarking cloud serving systems with YCSB. In Proceedings of the 1st Symposium on Cloud Computing (SOCC), pages 143--154. ACM, 2010.
[18]
G. DeCandia, D. Hastorun, M. Jampani, G. Kakulapati, A. Lakshman, A. Pilchin, S. Sivasubramanian, P. Vosshall, and W. Vogels. Dynamo: Amazon's highly available key-value store. In Proceedings of 21st Symposium on Operating Systems Principles (SOSP), pages 205--220. ACM, 2007.
[19]
S. Ghemawat, H. Gobioff, and S.-T. Leung. The google file system. In Proceedings of the 19th Symposium on Operating Systems Principles (SOSP), SOSP '03, pages 29--43, New York, NY, USA, 2003. ACM.
[20]
C. Ioannidis, D. Pym, and J. Williams. Information security trade-offs and optimal patching policies. European Journal of Operational Research, 216(2):434 -- 444, 2012.
[21]
A. Lakshman and P. Malik. Cassandra: A decentralized structured storage system. SIGOPS Operating Systems Review, 44(2):35--40, 2010.
[22]
S. Müller, D. Bermbach, S. Tai, and F. Pallas. Benchmarking the performance impact of transport layer security in cloud database systems. In Proceedings of the 2nd International Conference on Cloud Engineering (IC2E), pages 27--36. IEEE, 2014.
[23]
F. Pallas, J. Günther, and D. Bermbach. Pick your choice in HBase: Security or performance. In Proceedings of the 2016 IEEE International Conference on Big Data (BigData 2016). IEEE, 2016.
[24]
B. Spivey and J. Echeverria. Hadoop Security - Protecting Your Big Data Platform. O'Reilly, 2015.
[25]
W. Vogels. Eventually consistent. ACM Queue, 6(6):14--19, Oct. 2008.
[26]
WEIS. Workshop on the economics of information security. http://econinfosec.org/.

Cited By

View all
  • (2021)Using application benchmark call graphs to quantify and improve the practical relevance of microbenchmark suitesPeerJ Computer Science10.7717/peerj-cs.5487(e548)Online publication date: 28-May-2021
  • (2021)RedCASTLEProceedings of the 8th International Workshop on Middleware and Applications for the Internet of Things10.1145/3493369.3493601(8-13)Online publication date: 6-Dec-2021
  • (2021)Messaging with Purpose Limitation –Privacy-Compliant Publish-Subscribe Systems2021 IEEE 25th International Enterprise Distributed Object Computing Conference (EDOC)10.1109/EDOC52215.2021.00027(162-172)Online publication date: Oct-2021
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
SAC '17: Proceedings of the Symposium on Applied Computing
April 2017
2004 pages
ISBN:9781450344869
DOI:10.1145/3019612
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 April 2017

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. cloud storage
  2. data in transit security
  3. performance benchmarking
  4. security configurations
  5. trade-offs

Qualifiers

  • Research-article

Conference

SAC 2017
Sponsor:
SAC 2017: Symposium on Applied Computing
April 3 - 7, 2017
Marrakech, Morocco

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25
The 40th ACM/SIGAPP Symposium on Applied Computing
March 31 - April 4, 2025
Catania , Italy

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)8
  • Downloads (Last 6 weeks)2
Reflects downloads up to 18 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2021)Using application benchmark call graphs to quantify and improve the practical relevance of microbenchmark suitesPeerJ Computer Science10.7717/peerj-cs.5487(e548)Online publication date: 28-May-2021
  • (2021)RedCASTLEProceedings of the 8th International Workshop on Middleware and Applications for the Internet of Things10.1145/3493369.3493601(8-13)Online publication date: 6-Dec-2021
  • (2021)Messaging with Purpose Limitation –Privacy-Compliant Publish-Subscribe Systems2021 IEEE 25th International Enterprise Distributed Object Computing Conference (EDOC)10.1109/EDOC52215.2021.00027(162-172)Online publication date: Oct-2021
  • (2020)Towards application-layer purpose-based access controlProceedings of the 35th Annual ACM Symposium on Applied Computing10.1145/3341105.3375764(1288-1296)Online publication date: 30-Mar-2020
  • (2020)Evaluating the Accuracy of Cloud NLP Services Using Ground-Truth Experiments2020 IEEE International Conference on Big Data (Big Data)10.1109/BigData50022.2020.9378188(341-350)Online publication date: 10-Dec-2020
  • (2019)Continuous Benchmarking: Using System Benchmarking in Build Pipelines2019 IEEE International Conference on Cloud Engineering (IC2E)10.1109/IC2E.2019.00039(241-246)Online publication date: Jun-2019
  • (2018)Ethical Analyses of Smart City ApplicationsUrban Science10.3390/urbansci20400962:4(96)Online publication date: 20-Sep-2018
  • (2018)Datenschutz in Zeiten alles durchdringender Vernetzung: Herausforderungen für das Zusammenspiel von Technik und RegulierungDie Fortentwicklung des Datenschutzes10.1007/978-3-658-23727-1_2(17-37)Online publication date: 5-Oct-2018
  • (2018)Three Tales of Disillusion: Benchmarking Property Preserving Encryption SchemesTrust, Privacy and Security in Digital Business10.1007/978-3-319-98385-1_4(39-54)Online publication date: 27-Jul-2018
  • (2018)A Research Perspective on Fog ComputingService-Oriented Computing – ICSOC 2017 Workshops10.1007/978-3-319-91764-1_16(198-210)Online publication date: 16-Jun-2018

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media