Edna1 is a library for web developers to add support for data disguising and revealing of user data to their applications. For example, Edna can help users protect inactive accounts, selectively dissociate personal data from public profiles, and remove service access to their data without permanently losing their accounts.
=======
Edna was last tested on a machine with 16 CPUs and 60 GB RAM, running Ubuntu 20.04.5 LTS, and uses MySQL with the InnoDB storage engine atop a local SSD. The CloudLab profile (profile.py) should provide these settings, but numbers may differ due to variability in the machine type, etc.
config/: configuration / installation scripts (CloudLab-tested)deps/: third-party libraries that Edna uses for e.g., MySQL parsingedna/: the Edna library itselfedna_cryptdb/: the Edna library, but meant to work atop an encrypted database (a la CryptDB)- Requires
applications/proxyto be running in order to work correctly
- Requires
edna_srv/: Edna's library run as an API server (for the Lobsters E2E deployment)related_systems/qapla: the variant of Qapla that implements a subset of Edna's functionality for comparison.applications/: implementations of data disguising and revealing for benchmarks and case study applications (HotCRP, Lobsters, and WebSubmit).applications/websubmit-rshas three different servers: one for Edna, Edna-CryptDB, and our Qapla variant respectively.applications/proxyruns the proxy for Edna-CryptDB
results/:results/[app]: where benchmarks output raw resultsresults/plotters/: graph-plotting scriptsresults/result_graphs: output of graph-plotting scripts
The requisite scripts to run benchmarks are all contained in the root directory!
- Instantiate the profile in CloudLab: profile link here.
sshinto the CloudLab instance- Run initialization scripts, taking the default options if prompted:
(Note: this script may need to be run twice if anything fails).
cp /local/repository/config/initialize.sh /data; cd /data/; ./initialize.sh - Run all benchmarks to produce all results (you might want to run this in a separate terminal session using
tmux). This will execute per-application benchmark scripts inapplications/[app], and then run a graph-plotting script to produce all the graphs from the paper. Graphs will be put inresults/result_graphs, which you can thenscpto your local machine from Cloudtop.cd /data/repository; ./run_all.sh
All benchmarks should individually take under 15 minutes to run, with the exception of Lobsters (which registers and iterates through disguising and revealing all 16k users); this will take several hours to complete all trials.
The graphs produced correspond to Figures 6-10 in the paper.
-
Make sure you are using the profile instance and have run
cp /local/repository/config/initialize.sh /data; cd /data/; ./initialize.sh. -
Stop any running mysql instances:
sudo service mysql stop -
Get and initialize the docker code:
cd /data git clone https://github.com/tslilyai/docker-lobsters-edna.git cd docker-lobsters-edna git submodule update --init --recursive make init make build docker-compose updocker-assets/docker_entrypoint.shis called when docker runs the container, and invokescd /edna_srv/edna_srv; ./run_srv.shto start Edna running on the server.You can observe the Lobste.rs code (and the modification made to add Edna) in the
/lobstersdirectory.NOTE: If
docker-composehangs, try removing any old volumes used to save the Lobsters database contents:docker volume rm docker-lobsters-edna_lobsters_database -
Connect via ssh to the profile experiment instance, with port forwarding:
ssh -L 3000:0.0.0.0:3000 [instance_url] -
Go to
localhost:3000on your computer to access the Lobsters app- Create accounts, post content, and see what happens when you disguise it!
- Note: Lobsters initializes an admin account with username
testand passwordtest, but you can't perform any disguises on this account because it hasn't been registered with Edna.
You can also generate some fake data by invoking:
docker exec -ti docker-lobsters-edna_app_1 /bin/bash ./bin/rails fake_data
- Make sure you have run
./config_mysql.shin the repository root, and are using the profile instance. - Run the server:
cd applications/websubmit-rs/edna-server; ./run_srv.sh - Connect via ssh to the profile experiment instance, with port forwarding:
ssh -L 8000:localhost:8000 [instance_url] - Go to
localhost:8000on your computer to access the WebSubmit app (no CSS currently used)- Login as
[email protected]to have admin access to add lectures and questions, anonymize users, etc. - Create accounts with any other email to submit answers, try deleting your account, etc.
- Login as
NOTE: API keys and other disguise IDs are not emailed, but rather printed out as logs on the server. API keys act as a user's "password," and can be used to rederive their private key. Application CSS is not provided yet in this codebase.
The benchmark scripts rely on the following files (paths can be changed in the scripts if necessary, e.g., if not running on CloudLab):
/related_systems/qapla/lib: contains Qapla library files used inapplications/websubmit-rs/qapla-server/build.rs. These were built viamakeinrelated_systems/qaplaandrelated_systems/qapla/examples; you should not have to rebuild them if using the provided image./data/lobsters_edna_messages_and_tags.sql: contains the database with generated Lobsters data for the Lobsters benchmark. Used inapplications/lobsters/run_benchmarks.sh- Note:
grep -r "data\/repository"will find all hardcoded paths for running in the given CloudLab profile; change these if running elsewhere.
Footnotes
-
From Edna of the Incredibles, who designs custom costumes (disguises) that both enhance superheroes' abilities and keep their civilian identities private! ↩