Web Security
Cloud Security
Mobile Device Security
Genome Privacy
System Security

Large-Scale Privacy-Preserving Mappings of Human Genomic Sequences on Hybrid Clouds

Y. Chen, B. Peng, X. Wang and H. Tang. In Proceedings of the 19th Annual Network and Distributed System Security Symposium (NDSS 2012)
An operation preceding most human DNA analyses is read mapping, which aligns millions of short sequences (called reads) to a reference genome. This step involves an enormous amount of computation (evaluating edit distances for millions upon billions of sequence pairs) and thus needs to be outsourced to low-cost commercial clouds. This asks for scalable techniques to protect sensitive DNA information, a demand that cannot be met by any existing techniques (e.g., homomorphic encryption, secure multiparty computation). In this paper, we report a new step towards secure and scalable read mapping on the hybrid cloud, which includes both the public commercial cloud and the private cloud within an organization. Inspired by the famous "seed-and-extend" method, our approach strategically splits a mapping task: the public cloud seeks exact matches between the keyed hash values of short read substrings (called seeds) and those of reference sequences to roughly position reads on the genome; the private cloud extends the seeds from these positions to find right alignments. Our novel seed-combination technique further moves most workload of this task to the public cloud. The new approach is found to work effectively against known inference attacks, and also easily scale to millions of reads.


Sedic: Privacy-Aware Data Intensive Computing on Hybrid Clouds

K. Zhang, X. Zhou, Y. Chen, X. Wang and Y. Ruan. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS 2011)
The emergence of cost-effective cloud services offers organizations great opportunity to reduce their cost and increase productivity. This development, however, is hampered by privacy concerns: a significant amount of organizational computing workload at least partially involves sensitive data and therefore cannot be directly outsourced to the public cloud. The scale of these computing tasks also renders existing secure outsourcing techniques less applicable. A natural solution is to split a task, keeping the computation on the private data within an organization’s private cloud while moving the rest to the public commercial cloud. However, this hybrid cloud computing is not supported by today’s data-intensive computing frameworks, MapReduce in particular, which forces the users to manually split their computing tasks. In this paper, we present a suite of new techniques that make such privacy-aware data-intensive computing possible. Our system, called Sedic, leverages the special features of MapReduce to automatically partition a computing job according to the security levels of the data it works on, and arrange the computation across a hybrid cloud. Specifically, we modified MapReduce’s distributed file system to strategically replicate data, moving sanitized data blocks to the public cloud. Over this data placement, map tasks are carefully scheduled to outsource as much workload to the public cloud as possible, given sensitive data always stay on the private cloud. To minimize inter-cloud communication, our approach also automatically analyzes and transforms the reduction structure of a submitted job to aggregate the map outcomes within the public cloud before sending the result back to the private cloud for the final reduction. This also allows the users to interact with our system in the same way they work with MapReduce, and directly run their legacy code in our framework. We implemented Sedic on Hadoop and evaluated it using both real and synthesized computing jobs on a large-scale cloud test-bed. The study shows that our techniques effectively protect sensitive user data, offload a large amount of computation to the public cloud and also fully preserve the scalability of MapReduce.


Toward Securing Sensor Clouds

A. Kapadia, S. Myers, X. Wang and G. Fox. In Proceedings of the 12th International Symposium on Collaborative Technologies and Systems (CTS 2011).

Secure Cloud Computing with Brokered Trusted Sensor Networks

A. Kapadia, S. Myers, X. Wang and G. Fox. In Proceedings of the 11th International Symposium on Collaborative Technologies and Systems (CTS 2010).