Security Trade-Offs in Cloud Storage Systems

Total Page:16

File Type:pdf, Size:1020Kb

Security Trade-Offs in Cloud Storage Systems Security Trade-Offs in Cloud Storage Systems vorgelegt von Dipl.-Wirt.-Inf. Steffen Muller¨ geb. in Bielefeld von der Fakultat¨ IV - Elektrotechnik und Informatik der Technischen Universitat¨ Berlin zur Erlangung des akademischen Grades Doktor der Ingenieurwissenschaften - Dr.-Ing. - genehmigte Dissertation Promotionsausschuss: Vorsitzender: Prof. Dr. Florian Tschorsch Gutachter: Prof. Dr. Stefan Tai Gutachter: Prof. Dr. Alexander Pretschner Gutachter: Prof. Dr. Hannes Hartenstein Tag der wissenschaftlichen Aussprache: 07.07.2017 Berlin 2017 Abstract Securing software systems, is of paramount importance today. This is especi- ally true for cloud systems, as they can be attacked nearly anytime from every- where over the Internet. Ensuring security in general, however, typically has a negative impact on performance, usability, and increases the system’s complex- ity. For cloud systems, which are built for high performance and availability as well as elastic scalability, security, therefore, may annihilate many of these ori- ginal quality properties. Consequently, security, especially for cloud systems, can be understood as a trade-off problem where security mechanisms, applied to protect the system from specific threats and to achieve specific security goals, trade in security for other quality properties. For Cloud Storage Systems (CSS)—i.e., distributed storage systems that repli- cate data over a cluster of nodes in order to manage huge data amounts, highly volatile query load (elastic scalability), and extraordinary needs for availability and fault-tolerance—this trade-off problem is particularly prominent. Already, the different original quality properties of CSS cannot be provided at the same time and, thus, lead to fundamental trade-offs such as the trade-off between consistency, availability, and partition tolerance (see, e.g.: [53]). The piggy- backed trade-offs coming from considering security as an additionally wanted quality property of such systems lead to further trade-offs that must be decided and managed. In this thesis, we focus on the trade-offs between security and performance in CSS. In order to not contradict the original design goals of CSS, a sensible mana- gement of these trade-offs in CSS requires a high degree of understanding of the relationships between security and performance in the security mechanisms of a specific CSS. Otherwise, this can lead to a badly configured CSS which isase- curity risk or consumes a lot of resources unnecessarily. This thesis, hence, aims at enhancing the understanding of the trade-offs between security and perfor- mance in CSS as well as at improving the management of these trade-offs in such systems. For this, we present three independent contributions in this thesis. The first contribution intends to improve the overall understanding of security in and security requirements for CSS. We present two reference usage models that sup- port a security engineer in understanding the general usage of cloud storage i services (e.g., Amazon Web Services (AWS) Simple Storage Service (S3) or Goo- gle Cloud Storage) and Not only SQL (NoSQL) systems (e.g., Apache Cassan- dra (Cassandra) or Project Voldemort (Voldemort)) as well as abstract generic components of these CSS. Based on this, we introduce two reference threat mo- dels that specifically take into account essential architectural components of the CSS, abstract the components, and, thus, allow for detailed threat analyses of CSS. The gained insights into the security of CSS are essential to better un- derstand and manage security trade-offs between security and performance in CSS. The second contribution is the quantification of the trade-offs between secu- rity and performance for Secure Sockets Layer (SSL)/Transport Layer Security (TLS) in CSS. SSL/TLS is a popular security mechanism used, amongst other things, for securing the communication with and within CSS. For the quan- tification of the performance impact of SSL/TLS, we provide a novel bench- marking concept and corresponding benchmarking tool. Based on extensive experiments, we identify selected relevant configuration options of SSL/TLS on the trade-offs between security and performance in the NoSQL system Cas- sandra. Furthermore, we demonstrate that diverse former optimization rules of thumb for SSL/TLS in the context of CSS are no longer valid and various configurations may lead to very different performance results. As the third contribution, we introduce a new adaptive middleware to cope with the trade-offs between security and performance in secure communicat- ion via SSL/TLS of CSS at runtime automatically. In the Cloud, assumptions made for finding a good a-priori security mechanism configuration during the deployment of the system may change rapidly. This, in turn, may imbalance and contradict the security and performance of a system build on top of the CSS. With our Adaptive Transport Layer Security (ATLaS) middleware, we pro- vide a way to build different specific adaptations for SSL/TLS to reconfigure a CSS in such cases and, thus, to rebalance security and performance at runtime automatically. ii Zusammenfassung Das Absichern von Softwaresystemen ist heutzutage enorm wichtig. Dies gilt insbesondere fur¨ Cloud-Systeme, da sie nahezu jederzeit von uberall¨ uber¨ das Internet angegriffen werden konnen.¨ Jedoch hat Sicherheit im Allgemeinen ei- nen negativen Einfluss auf Performanz, Benutzbarkeit undoht erh¨ typischerweise die Komplexitat¨ eines Systems. Bei Cloud-Systemen, die fur¨ hohe Performanz und Verfugbarkeit¨ sowie elastische Skalierbarkeit erstellt werden, kann Sicher- heit entsprechend viele originare¨ Qualitatsmerkmale¨ eines Systems zunichte machen. Konsequenterweise kann Sicherheit, insbesondere fur¨ Cloud-Systeme, als ein Trade-off-Problem verstanden werden, bei dem Sicherheit in Form von Sicherheitsmechanismen, die ein System vor bestimmten Bedrohungen schutzen¨ und bestimmte Sicherheitsziele durchsetzen, gegen andere Qualitatsmerkmale¨ eines Systems eingetauscht wird. Bei Cloud-Speichersystemen (CSS) – d. h. verteilten Speichersystemen, die Da- ten in einem Cluster von Speicherknoten replizieren und fur¨ das Management von großen Datenmengen, von hoch volatilen Anfragelasten (Elastizitat¨ und Skalierbarkeit) und fur¨ Hochverfugbarkeitsl¨ osungen¨ eingesetzt werden – ist dieses Trade-Off-Problem sehr hervorstechend. Bereits die Erfullung¨ der ori- ginaren¨ Qualitatsmerkmale¨ in CSS fordert¨ Trade-Offs zutage, wie z. B. den Trade- Off zwischen Konsistenz, Verfugbarkeit¨ und Partitionstoleranz (siehe z. B.: [53]). Die zusatzlichen¨ Trade-Offs, die sich durch die Hinzunahme von Sicherheit als gewunschtes¨ Qualitatsmerkmal¨ solcher Systeme ergeben, fuhren¨ zu weiteren Trade-Offs, die entschieden und gemanagt werden mussen.¨ In dieser Dissertation werden die Trade-Offs zwischen Sicherheit und Perfor- manz in CSS naher¨ untersucht. Um die originaren¨ Designziele von CSS nicht zu konterkarieren, erfordert ein sinnvolles Management dieser Trade-Offs in CSS ein hohes Maß an Verstandnis¨ der Zusammenhange¨ zwischen Sicherheit und Performanz in den Sicherheitsmechanismen eines CSS. Andernfalls kann ein schlecht konfiguriertes CSS die Folge sein, was ein Sicherheitsrisiko darstellt oder unnotig¨ viele Ressourcen verwendet. Diese Dissertation zielt deshalb da- rauf ab, den Leser zu einem solch hoheren¨ Maß an Verstandnis¨ der Trade-Offs zwischen Sicherheit und Performanz in CSS zu verhelfen und ein besseres Ma- nagement dieser Trade-Offs in diesen Systemen zu ermoglichen.¨ iii Dazu werden drei unabhangige¨ wissenschaftliche Beitrage¨ in dieser Disserta- tion vorgestellt. Der erste Beitrag zielt auf die Verbesserung des Verstandnisses¨ der sicherheitskritischen Punkte in CSS. Dazu werden zuerst zwei Referenz- Nutzungsmodelle prasentiert,¨ die einen Security Engineer beim Verstehen der generellen Nutzung von cloud storage services – wie z. B. Amazon Web Ser- vices (AWS) Simple Storage Service (S3) oder Google Cloud Storage – und Not only SQL-Systemen (NoSQL-Systemen) – wie z. B. Apache Cassandra (Cassan- dra) oder Project Voldemort (Voldemort) – unterstutzen¨ und generelle Kom- ponenten dieser CSS abstrahieren sowie vereinheitlichen. Aufbauend auf den Referenz-Nutzungsmodellen werden zwei Referenz-Bedrohungsmodelle erstellt, die architekturelle Komponenten von CSS berucksichtigen¨ und eine tiefgehende Bedrohungsanalyse erlauben. Die gewonnenen Erkenntnisse konnen¨ dann fur¨ ein besseres Management der Trade-Offs zwischen Sicherheit und Performanz in CSS verwendet werden. Der zweite Beitrag ist die Quantifizierung der Trade-Offs zwischen Sicherheit und Performanz von Secure Sockets Layer (SSL)/Transport Layer Security (TLS) in CSS, einem Sicherheitsmechanismus der verstarkt¨ zur Absicherung von Kom- munikation in CSS zum Einsatz kommt. Fur¨ die Quantifizierung des Perfor- manzeinflusses von SSL/TLS in CSS wird zuerst ein neuartiges Benchmarking- Konzept entwickelt und ein entsprechendes Benchmarking-Tool vorgestellt. Auf Basis von ausgiebigen Experimenten werden dann verschiedene relevante Kon- figurationsoptionen von SSL/TLS fur¨ die Trade-Offs zwischen Sicherheit und Performanz in dem NoSQL-System Cassandra identifiziert. Weiterhin wird de- monstriert, dass einige fruher¨ geltende Optimierungsregeln fur¨ SSL/TLS im Kontext von CSS nicht mehr gelten und verschiedene Konfigurationen zu ganz unterschiedlichen Ergebnissen fuhren¨ konnen.¨ Als dritter Beitrag wird eine neuartige adaptive Middleware prasentiert,¨ die die automatische Behandlung von Trade-Offs
Recommended publications
  • A Quantitative Study of Advanced Encryption Standard Performance
    United States Military Academy USMA Digital Commons West Point ETD 12-2018 A Quantitative Study of Advanced Encryption Standard Performance as it Relates to Cryptographic Attack Feasibility Daniel Hawthorne United States Military Academy, [email protected] Follow this and additional works at: https://digitalcommons.usmalibrary.org/faculty_etd Part of the Information Security Commons Recommended Citation Hawthorne, Daniel, "A Quantitative Study of Advanced Encryption Standard Performance as it Relates to Cryptographic Attack Feasibility" (2018). West Point ETD. 9. https://digitalcommons.usmalibrary.org/faculty_etd/9 This Doctoral Dissertation is brought to you for free and open access by USMA Digital Commons. It has been accepted for inclusion in West Point ETD by an authorized administrator of USMA Digital Commons. For more information, please contact [email protected]. A QUANTITATIVE STUDY OF ADVANCED ENCRYPTION STANDARD PERFORMANCE AS IT RELATES TO CRYPTOGRAPHIC ATTACK FEASIBILITY A Dissertation Presented in Partial Fulfillment of the Requirements for the Degree of Doctor of Computer Science By Daniel Stephen Hawthorne Colorado Technical University December, 2018 Committee Dr. Richard Livingood, Ph.D., Chair Dr. Kelly Hughes, DCS, Committee Member Dr. James O. Webb, Ph.D., Committee Member December 17, 2018 © Daniel Stephen Hawthorne, 2018 1 Abstract The advanced encryption standard (AES) is the premier symmetric key cryptosystem in use today. Given its prevalence, the security provided by AES is of utmost importance. Technology is advancing at an incredible rate, in both capability and popularity, much faster than its rate of advancement in the late 1990s when AES was selected as the replacement standard for DES. Although the literature surrounding AES is robust, most studies fall into either theoretical or practical yet infeasible.
    [Show full text]
  • JETIR Research Journal
    © 2018 JETIR October 2018, Volume 5, Issue 10 www.jetir.org (ISSN-2349-5162) QUALITATIVE COMPARISON OF KEY-VALUE BIG DATA DATABASES 1Ahmad Zia Atal, 2Anita Ganpati 1M.Tech Student, 2Professor, 1Department of computer Science, 1Himachal Pradesh University, Shimla, India Abstract: Companies are progressively looking to big data to convey valuable business insights that cannot be taken care by the traditional Relational Database Management System (RDBMS). As a result, a variety of big data databases options have developed. From past 30 years traditional Relational Database Management System (RDBMS) were being used in companies but now they are replaced by the big data. All big bata technologies are intended to conquer the limitations of RDBMS by enabling organizations to extract value from their data. In this paper, three key-value databases are discussed and compared on the basis of some general databases features and system performance features. Keywords: Big data, NoSQL, RDBMS, Riak, Redis, Hibari. I. INTRODUCTION Systems that are designed to store big data are often called NoSQL databases since they do not necessarily depend on the SQL query language used by RDBMS. NoSQL today is the term used to address the class of databases that do not follow Relational Database Management System (RDBMS) principles and are specifically designed to handle the speed and scale of the likes of Google, Facebook, Yahoo, Twitter and many more [1]. Many types of NoSQL database are designed for different use cases. The major categories of NoSQL databases consist of Key-Values store, Column family stores, Document databaseand graph database. Each of these technologies has their own benefits individually but generally Big data use cases are benefited by these technologies.
    [Show full text]
  • Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives
    Self-encrypting deception: weaknesses in the encryption of solid state drives Carlo Meijer Bernard van Gastel Institute for Computing and Information Sciences School of Computer Science Radboud University Nijmegen Open University of the Netherlands [email protected] and Institute for Computing and Information Sciences Radboud University Nijmegen Bernard.vanGastel@{ou.nl,ru.nl} Abstract—We have analyzed the hardware full-disk encryption full-disk encryption. Full-disk encryption software, especially of several solid state drives (SSDs) by reverse engineering their those integrated in modern operating systems, may decide to firmware. These drives were produced by three manufacturers rely solely on hardware encryption in case it detects support between 2014 and 2018, and are both internal models using the SATA and NVMe interfaces (in a M.2 or 2.5" traditional form by the storage device. In case the decision is made to rely on factor) and external models using the USB interface. hardware encryption, typically software encryption is disabled. In theory, the security guarantees offered by hardware encryp- As a primary example, BitLocker, the full-disk encryption tion are similar to or better than software implementations. In software built into Microsoft Windows, switches off software reality, we found that many models using hardware encryption encryption and completely relies on hardware encryption by have critical security weaknesses due to specification, design, and implementation issues. For many models, these security default if the drive advertises support. weaknesses allow for complete recovery of the data without Contribution. This paper evaluates both internal and external knowledge of any secret (such as the password).
    [Show full text]
  • Polska Myśl Techniczna W Ii Wojnie Światowej
    CENTRALNA BIBLIOTEKA WOJSKOWA IM. MARSZAŁKA JÓZEFA PIŁSUDSKIEGO POLSKA MYŚL TECHNICZNA W II WOJNIE ŚWIATOWEJ W 70. ROCZNICĘ ZAKOŃCZENIA DZIAŁAŃ WOJENNYCH W EUROPIE MATERIAŁY POKONFERENCYJNE poD REDAkcJą NAUkoWą DR. JANA TARCZYńSkiEGO WARSZAWA 2015 Konferencja naukowa Polska myśl techniczna w II wojnie światowej. W 70. rocznicę zakończenia działań wojennych w Europie Komitet naukowy: inż. Krzysztof Barbarski – Prezes Instytutu Polskiego i Muzeum im. gen. Sikorskiego w Londynie dr inż. Leszek Bogdan – Dyrektor Wojskowego Instytutu Techniki Inżynieryjnej im. profesora Józefa Kosackiego mgr inż. Piotr Dudek – Prezes Stowarzyszenia Techników Polskich w Wielkiej Brytanii gen. dyw. prof. dr hab. inż. Zygmunt Mierczyk – Rektor-Komendant Wojskowej Akademii Technicznej im. Jarosława Dąbrowskiego płk mgr inż. Marek Malawski – Szef Inspektoratu Implementacji Innowacyjnych Technologii Obronnych Ministerstwa Obrony Narodowej mgr inż. Ewa Mańkiewicz-Cudny – Prezes Federacji Stowarzyszeń Naukowo-Technicznych – Naczelnej Organizacji Technicznej prof. dr hab. Bolesław Orłowski – Honorowy Członek – założyciel Polskiego Towarzystwa Historii Techniki – Instytut Historii Nauki Polskiej Akademii Nauk kmdr prof. dr hab. Tomasz Szubrycht – Rektor-Komendant Akademii Marynarki Wojennej im. Bohaterów Westerplatte dr Jan Tarczyński – Dyrektor Centralnej Biblioteki Wojskowej im. Marszałka Józefa Piłsudskiego prof. dr hab. Leszek Zasztowt – Dyrektor Instytutu Historii Nauki Polskiej Akademii Nauk dr Czesław Andrzej Żak – Dyrektor Centralnego Archiwum Wojskowego im.
    [Show full text]
  • Analysis of an Encrypted HDD
    Analysis of an encrypted HDD J. Czarny, R. Rigo May 11, 2015 Abstract The idea of this presentation is to debunk the myth that analyzing the security of hardware is difficult. From the perspective of a software reverse engineer we present the process of studying a hardware-encrypted, PIN secured, external hard drive: the Zalman VE-400. While the end result of the analysis and attack is not a full success as it was not possible to recover an encrypted drive, it shows that the drive is nevertheless vulnerable by design. 1 Introduction 1.1 The target Analysing the security of hardware products seems to scare software reversers and hackers. It used to scare us. But, fortunately, today there is no need to know much about electronics, as most products are just System on Chip (SoC), a single integrated circuit with IO and a CPU or microcontroller. All that is needed is a bit of soldering ability, a multimeter, some useful pieces of hardware and a brain. The subject here is not embedded systems in the now common sense of “small hardware running Linux” but smaller systems using one or two chips. Most interesting for software hackers are encrypted HDD/USB keys: their functionnality is conceptually simple and they provide an interesting target. We will focus on the Zalman VE-400 encrypted drive, a consumer enclosure for 2.5" SATA hard drives which supports hardware encryption. It also supports advanced features like mounting ISO files as virtual optical drives. To do so, the user must choose between the ExFAT and NTFS filesystem support, by reflashing the correct firmware.
    [Show full text]
  • Nouveau Mode Opératoire Pour La Cryptographie *
    Nouveau Mode Opératoire pour la Cryptographie * Naima Hadj-Said*, Adda Ali-Pacha, Mohamed Sadek Ali-Pacha – Aek Haouas *Laboratoire SIMPA (Signal-Image-Parole) Université des Sciences et de la Technologie d’Oran USTO , BP 1505 El M’Naouer Oran 31036 Algerie [email protected] Résumé : Un mode opératoire consiste en la description détaillée des actions nécessaires à l'obtention d'un résultat. Il décrit généralement le déroulement détaillé des opérations effectuées sur un poste fixe, mais il peut également décrire l'enchaînement des opérations de poste à poste. Un mode opératoire décrivant les enchaînements opératoires de poste à poste permet de définir : -l'ensemble des postes de travail concernés par la réalisation d'un produit, d'une pièce élémentaire, - les temps de passage prévus (alloués) à chaque poste, -l'ordre logique d'intervention de chaque poste (machine, ou poste manuel), -les conditions d'enchaînement, de déclenchement, des opérations successives, -les moyens de transfert de poste à poste. En cryptographie, un mode d'opération est la manière de traiter les blocs de texte clairs et chiffrés au sein d'un algorithme de chiffrement par bloc ou bien c’est la présentation d’une méthode de chaînage des blocs dans un chiffrement par blocs. Plusieurs modes existent possédant leur propre atout, certains sont plus vulnérables que d'autres et certains modes combinent les concepts d'authentification et sécurité. Dans ce travail on essaie de faire la synthèse des modes opératoires des systèmes cryptographique et de proposer une bonne alternative pour faire le bon choix du vecteur d'initialisation de ces modes, avec la suggestion d’un nouveau mode opératoire qu’on a appelé : mode Autonome Secure blocK (ASK).
    [Show full text]
  • On Security and Privacy for Networked Information Society
    Antti Hakkala On Security and Privacy for Networked Information Society Observations and Solutions for Security Engineering and Trust Building in Advanced Societal Processes Turku Centre for Computer Science TUCS Dissertations No 225, November 2017 ON SECURITY AND PRIVACY FOR NETWORKED INFORMATIONSOCIETY Observations and Solutions for Security Engineering and Trust Building in Advanced Societal Processes antti hakkala To be presented, with the permission of the Faculty of Mathematics and Natural Sciences of the University of Turku, for public criticism in Auditorium XXII on November 18th, 2017, at 12 noon. University of Turku Department of Future Technologies FI-20014 Turun yliopisto 2017 supervisors Adjunct professor Seppo Virtanen, D. Sc. (Tech.) Department of Future Technologies University of Turku Turku, Finland Professor Jouni Isoaho, D. Sc. (Tech.) Department of Future Technologies University of Turku Turku, Finland reviewers Professor Tuomas Aura Department of Computer Science Aalto University Espoo, Finland Professor Olaf Maennel Department of Computer Science Tallinn University of Technology Tallinn, Estonia opponent Professor Jarno Limnéll Department of Communications and Networking Aalto University Espoo, Finland The originality of this thesis has been checked in accordance with the University of Turku quality assurance system using the Turnitin OriginalityCheck service ISBN 978-952-12-3607-5 (Online) ISSN 1239-1883 To my wife Maria, I am forever grateful for everything. Thank you. ABSTRACT Our society has developed into a networked information soci- ety, in which all aspects of human life are interconnected via the Internet — the backbone through which a significant part of communications traffic is routed. This makes the Internet ar- guably the most important piece of critical infrastructure in the world.
    [Show full text]
  • Learning Key-Value Store Design
    Learning Key-Value Store Design Stratos Idreos, Niv Dayan, Wilson Qin, Mali Akmanalp, Sophie Hilgard, Andrew Ross, James Lennon, Varun Jain, Harshita Gupta, David Li, Zichen Zhu Harvard University ABSTRACT We introduce the concept of design continuums for the data Key-Value Stores layout of key-value stores. A design continuum unifies major Machine Databases K V K V … K V distinct data structure designs under the same model. The Table critical insight and potential long-term impact is that such unifying models 1) render what we consider up to now as Learning Data Structures fundamentally different data structures to be seen as \views" B-Tree Table of the very same overall design space, and 2) allow \seeing" Graph LSM new data structure designs with performance properties that Store Hash are not feasible by existing designs. The core intuition be- hind the construction of design continuums is that all data Performance structures arise from the very same set of fundamental de- Update sign principles, i.e., a small set of data layout design con- Data Trade-offs cepts out of which we can synthesize any design that exists Access Patterns in the literature as well as new ones. We show how to con- Hardware struct, evaluate, and expand, design continuums and we also Cloud costs present the first continuum that unifies major data structure Read Memory designs, i.e., B+tree, Btree, LSM-tree, and LSH-table. Figure 1: From performance trade-offs to data structures, The practical benefit of a design continuum is that it cre- key-value stores and rich applications.
    [Show full text]
  • Migrating-To-Red-Hat-Amq-7.Pdf
    Red Hat AMQ 2021.Q2 Migrating to Red Hat AMQ 7 For Use with Red Hat AMQ 2021.Q2 Last Updated: 2021-07-26 Red Hat AMQ 2021.Q2 Migrating to Red Hat AMQ 7 For Use with Red Hat AMQ 2021.Q2 Legal Notice Copyright © 2021 Red Hat, Inc. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/ . In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries. Node.js ® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
    [Show full text]
  • Play Framework Documentation
    Play framework documentation Welcome to the play framework documentation. This documentation is intended for the 1.1 release and may significantly differs from previous versions of the framework. Check the version 1.1 release notes. The 1.1 branch is in active development. Getting started Your first steps with Play and your first 5 minutes of fun. 1. Play framework overview 2. Watch the screencast 3. Five cool things you can do with Play 4. Usability - details matter as much as features 5. Frequently Asked Questions 6. Installation guide 7. Your first application - the 'Hello World' tutorial 8. Set up your preferred IDE 9. Sample applications 10. Live coding script - to practice, and impress your colleagues with Tutorial - Play guide, a real world app step-by-step Learn Play by coding 'Yet Another Blog Engine', from start to finish. Each chapter will be a chance to learn one more cool Play feature. 1. Starting up the project 2. A first iteration of the data model 3. Building the first screen 4. The comments page 5. Setting up a Captcha 6. Add tagging support 7. A basic admin area using CRUD 8. Adding authentication 9. Creating a custom editor area 10. Completing the application tests 11. Preparing for production 12. Internationalisation and localisation The essential documentation Generated with playframework pdf module. Page 1/264 Everything you need to know about Play. 1. Main concepts i. The MVC application model ii. A request life cycle iii. Application layout & organization iv. Development lifecycle 2. HTTP routing i. The routes file syntax ii. Routes priority iii.
    [Show full text]
  • Efficient Hashing Using the AES Instruction
    Efficient Hashing Using the AES Instruction Set Joppe W. Bos1, Onur Özen1, and Martijn Stam2 1 Laboratory for Cryptologic Algorithms, EPFL, Station 14, CH-1015 Lausanne, Switzerland {joppe.bos,onur.ozen}@epfl.ch 2 Department of Computer Science, University of Bristol, Merchant Venturers Building, Woodland Road, Bristol, BS8 1UB, United Kingdom [email protected] Abstract. In this work, we provide a software benchmark for a large range of 256-bit blockcipher-based hash functions. We instantiate the underlying blockci- pher with AES, which allows us to exploit the recent AES instruction set (AES- NI). Since AES itself only outputs 128 bits, we consider double-block-length constructions, as well as (single-block-length) constructions based on RIJNDAEL- 256. Although we primarily target architectures supporting AES-NI, our frame- work has much broader applications by estimating the performance of these hash functions on any (micro-)architecture given AES-benchmark results. As far as we are aware, this is the first comprehensive performance comparison of multi- block-length hash functions in software. 1 Introduction Historically, the most popular way of constructing a hash function is to iterate a com- pression function that itself is based on a blockcipher (this idea dates back to Ra- bin [49]). This approach has the practical advantage—especially on resource-constrained devices—that only a single primitive is needed to implement two functionalities (namely encrypting and hashing). Moreover, trust in the blockcipher can be conferred to the cor- responding hash function. The wisdom of blockcipher-based hashing is still valid today. Indeed, the current cryptographic hash function standard SHA-2 and some of the SHA- 3 candidates are, or can be regarded as, blockcipher-based designs.
    [Show full text]
  • Riak KV Performance in Sensor Data Storage Application
    ISSN 2079-3316 PROGRAM SYSTEMS: THEORY AND APPLICATIONS no.3(34), 2017, pp. 61–85 N. S. Zhivchikova, Y. V. Shevchuk Riak KV performance in sensor data storage application Abstract. A sensor data storage system is an important part of data analysis systems. The duty of sensor data storage is to accept time series data from remote sources, store them and provide access to retrospective data on demand. As the number of sensors grows, the storage system scaling becomes a concern. In this article we experimentally evaluate Riak KV|a scalable distributed key-value data store as a backend for a sensor data storage system. Key words and phrases: sensor data, write performance, distributed storage, time series, Riak, Erlang. 2010 Mathematics Subject Classification: 68M20 Introduction The purpose of a sensor data storage is to store data coming in small portions from a large number of sensors. The data should be stored so as to facilitate efficient retrieval of a (possibly large) data array by sensor identifier and time interval, e.g. to draw a graph. The system is described by three parameters: the number of sensors S, incoming data rate in megabytes per second A, and the storage period Y . In single-computer implementation there are limits on S, A, Y that can't be achieved without computer upgrade to non-commodity hardware which involves disproportional system cost increase. When the system design goals exceed the S, A, Y limits reachable by a single commodity computer, a viable solution is to move to distributed architecture | using multiple commodity computers to meet the design goals.
    [Show full text]