TrustedMR: A Trusted MapReduce System Based on Tamper Resistance Hardware

  • Quoc-Cuong To
  • Benjamin Nguyen
  • Philippe Pucheral
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9415)


With scalability, fault tolerance, ease of programming, and flexibility, MapReduce has gained many attractions for large-scale data processing. However, despite its merits, MapReduce does not focus on the problem of data privacy, especially when processing sensitive data, such as personal data, on untrusted infrastructure. In this paper, we investigate a scenario based on the Trusted Cells paradigm: a user stores his personal data in a local secure data store and wants to process this data using MapReduce on a third party infrastructure, on which secure devices are also connected. The main contribution of the paper is to present TrustedMR, a trusted MapReduce system with high security assurance provided by tamper-resistant hardware, to enforce the security aspect of the MapReduce. Thanks to TrustedMR, encrypted data can then be processed by untrusted computing nodes without any modification to the existing MapReduce framework and code. Our evaluation shows that the performance overhead of TrustedMR is limited to few percents, compared to an original MapReduce framework that handles cleartexts.


Privacy-preserving Tamper-resistant hardware MapReduce 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Allard, T., Anciaux, N., Bouganim, L., Guo, Y., Le Folgoc, L., Nguyen, B., Pucheral, P., Ray, I., Ray, I., Yin, S.: Secure Personal Data Servers: a Vision Paper. VLDB, 25–35 (2010). SingaporeGoogle Scholar
  2. 2.
    Allard, T., Nguyen, B., Pucheral, P.: METAP: Revisiting Privacy-Preserving Data Publishing using Secure Devices. DAPD (2013)Google Scholar
  3. 3.
    Anciaux, N., Bonnet, P., Bouganim, L., Nguyen, B., Popa, I.S., Pucheral, P.: Trusted cells: a sea change for personal data services. In: CIDR, USA (2013)Google Scholar
  4. 4.
    Arasu, A., Kaushik, R.: Oblivious query processing. In: ICDT (2014)Google Scholar
  5. 5.
    Bajaj, S., Sion, R.: TrustedDB: a trusted hardware based database with privacy and data confidentiality. In: SIGMOD Conference 2011, pp. 205–216 (2011)Google Scholar
  6. 6.
    Blass, E., Noubir, G., Huu, T.V.: EPiC: Efficient Privacy-Preserving Counting for MapReduce. IACR Cryptology ePrint Archive, 452 (2012)Google Scholar
  7. 7.
    Blass, E.-O., Di Pietro, R., Molva, R., Önen, M.: PRISM – privacy-preserving search in MapReduce. In: Fischer-Hübner, S., Wright, M. (eds.) PETS 2012. LNCS, vol. 7384, pp. 180–200. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  8. 8.
    Boldyreva, A., Chenette, N., Lee, Y., O’Neill, A.: Order-preserving symmetric encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 224–241. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  9. 9.
    Ceselli, A., Damiani, E., De Capitani di Vimercati, S., Jajodia, S., Paraboschi, S., Samarati, P.: Modeling and assessing inference exposure in encrypted databases. ACM TISSEC 8(1), 119–152 (2005)CrossRefGoogle Scholar
  10. 10.
    Damiani, E., Capitani Vimercati, S., Jajodia, S., Paraboschi, S., Samarati, P.: Balancing confidentiality and efficiency in untrusted relational DBMSs. In: CCS, pp. 93–102 (2003)Google Scholar
  11. 11.
    Dean, J., Ghemawat, S.: MapReduce: Simplified Data Processing on Large Clusters. Commun. ACM 51(1), 107–113 (2008)CrossRefGoogle Scholar
  12. 12.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC, pp. 169–178 (2009)Google Scholar
  13. 13.
    Herodotou, H., Babu, S.: Profiling, What-if Analysis, and Cost-based Optimization of MapReduce Programs. PVLDB 4(11), 1111–1122 (2011)Google Scholar
  14. 14.
    Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Sciences 28(2), 270–299 (1984)zbMATHMathSciNetCrossRefGoogle Scholar
  15. 15.
    Lam, H.Y., Fung, G.S.K., Lee, W.K.: A Novel Method to Construct Taxonomy Electrical Appliances Based on Load Signatures. IEEE Transactions on Consumer Electronics 53(2), 653–660 (2007)CrossRefGoogle Scholar
  16. 16.
    Mun, M., Hao, S., Mishra, N., et al.: Personal data vaults: a locus of control for personal data streams. In: Proc. of the 6th Int. Conf on Emerging Networking Experiments and Technologies (Co-NEXT 2010), New York, USA, December 2010Google Scholar
  17. 17.
    de Montjoye, Y.-A., Wang, S.S., Pentland, A.: On the Trusted Use of Large-Scale Personal Data. IEEE Data Eng. Bull. 35(4), 5–8 (2012)Google Scholar
  18. 18.
    Popa, R.A., Redfield, C.M.S., Zeldovich, N., et al.: CryptDB: protecting confidentiality with encrypted query processing. In: SOSP, pp 85–100 (2011)Google Scholar
  19. 19.
    Roy, I., Setty, S., Kilzer, A., Shmatikov, V., Witchel, E.: Airavat: security and privacy for MapReduce. In: USENIX NSDI, pp. 297–312 (2010)Google Scholar
  20. 20.
    Hacigumus, H., Iyer, B., Li, C., Mehrotra, S.: Executing SQL over encrypted data in database service provider model. In: ACM SIGMOD, Wisconsin, pp. 216–227 (2002)Google Scholar
  21. 21.
    To, Q.C., Nguyen, B., Pucheral, P.: Privacy-preserving query execution using a decentralized architecture and tamper resistant hardware. In: EDBT, pp. 487–498 (2014)Google Scholar
  22. 22.
    Tu, S., Kaashoek, M.F., Madden, S., Zeldovich, N.: Processing analytical queries over encrypted data. In: PVLDB, pp 289–300 (2013)Google Scholar
  23. 23.
    Wei, W., Du, J., Yu, T., Gu, X.: SecureMR: a service integrity assurance framework for MapReduce. In: ACSAC, pp. 73–82 (2009)Google Scholar
  24. 24.
    Zhang, K., Zhou, X., Chen, Y., Wang, X., Ruan, Y.: Sedic: privacy-aware data intensive computing on hybrid clouds. In: CCS, pp. 515–526 (2011)Google Scholar
  25. 25.
    Zhang, C., Chang, E., Yap, R.: Tagged-MapReduce: a general framework for secure computing with mixed-sensitivity data on hybrid clouds. In: CCGrid, pp 31–40 (2014)Google Scholar
  26. 26.
    Zhang, X., Yang, L.T., Liu, C., Chen, J.: A Scalable Two-Phase Top-Down Specialization Approach for Data Anonymization Using MapReduce on Cloud. IEEE Transactions on Parallel and Distributed Systems 25(2), 363–373 (2014)CrossRefGoogle Scholar
  27. 27.
    Zhang, X., Liu, C., Nepal, S., Pandey, S., Chen, J.: A Privacy Leakage Upper-bound Constraint based Approach for Cost-effective Privacy Preserving of Intermediate Datasets in Cloud. IEEE Transactions on Parallel and Distributed Systems 24(6), 1192–1202 (2013)CrossRefGoogle Scholar
  28. 28.
    Directive 95/46/EC of the European Parliament and of the Council of October 24, 1995 on the protection of individuals with regard to the processing of personal data. Official Journal of the EC, 23 (1995)Google Scholar
  29. 29.
    Wang, J., Wang, Z.: A Survey on Personal Data Cloud. The Scientific World Journal (2014)Google Scholar
  30. 30.
    Katz, J., Lindell, Y.: Introduction to Modern Cryptography: Principles and Protocols. Chapman and Hall/CRC (2007)Google Scholar
  31. 31.
    Bellare, M., Boldyreva, A., O’Neill, A.: Deterministic and efficiently searchable encryption. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 535–552. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  32. 32.
    Arasu, A., Eguro, K., Kaushik, R., Ramamurthy, R.: Querying encrypted data (tutorial). In: ACM SIGMOD Conference (2014)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.SMIS ProjectINRIA RocquencourtLe ChesnayFrance
  2. 2.PRiSM LaboratoryVersaillesFrance

Personalised recommendations