Tagged-MapReduce: A General Framework for Secure Computing with Mixed-Sensitivity Data on Hybrid Clouds

This paper presents tagged-MapReduce, a general extension to MapReduce that supports secure computing with mixed-sensitivity data on hybrid clouds. Tagged-MapReduce augments each key-value pair in MapReduce with a sensitivity tag. This enables fine-grained dataflow control during execution to prevent data leakage as well as supporting expressive security policies and complex MapReduce computations. Security constraints for preventing data leakage impose restrictions on computation and data storage/transfer, hence, we present scheduling strategies that can exploit properties of the map and reduce functions to rearrange the computation for greater efficiency under these constraints while maintaining MapReduce correctness. We present a general security framework for analyzing MapReduce computations in the hybrid cloud which captures how dataflow can leak information through execution. Experiments on Amazon EC2 with our prototype in Hadoop show that we are able to obtain security while effectively outsourcing computation to the public cloud and reducing inter-cloud communication.